I am trying to implement facebook SSO on my Android app. Once the user logs into the app using facebook he will make calls to my web service running on Google App Engine(GAE). Currently I am able to obtain the access_token from facebook on my android app. Then I add this access_token as a cookie to my http request to GAE . But I am not sure how would I authenticate the request from the user using the cookie, on GAE. Currently I am trying:-
User user = OAuthServiceFactory.getOAuthService().getCurrentUser();
String email = user.getEmail();
But my GAE web service is throwing this exception:-
org.restlet.resource.UniformResource doCatch: Exception or error caught in resource
com.google.appengine.api.oauth.InvalidOAuthParametersException
Is this the correct way of authenticating the user? If yes, then what am I missing here which is causing this exception.
Thank for the help!!
This is failing because you're not using OAuth. You're taking a Facebook connect authentication token - which also doesn't use OAuth - and attaching it to a request you're making to your App Engine app.
If you want to use OAuth with your app, you will need to authenticate to your App Engine app. If you want to reuse your Facebook credentials, you will have to use whatever API Facebook provides for verifying authentication tokens (if there is one), not the OAuth API.
Related
I am working on a Spring Boot application (that I inherited) with a login screen that connects to a local database to check the username and credentials, then originally it called Okta authentication to match the username and password and check credentials. My client no longer wishes to use Okta and has asked me to switch to Google OAuth2.0 for User Authentication. My only question is it seems using that service forces the user to log into the application with their Google Credentials in a google login screen. Is it possible to have the users login credentials from the applications login screen log into their google account on the backend to check credentials rather than have the user themselves login twice? I know that this is a bit of a backwards approach, but due to the current infrastructure of the application (which is currently getting a face lift) this is what we need to do in the immediate.
I have been reading all of the OAuth2.0 documentation and watched a few tutorials, but cannot find anyone trying to do exactly what I am trying to do.
I am using Cognito in AWS. There are no users in the Cognito User-Pool, instead of this it is connected to a federated IDP through OpenId Connect. The federated IDP is an Microsoft ADFS.
I have another application, which is using the Cognito OpenId Connect solution for securing an web Application.
The User access the Web Applikation, is beeing redirected to the IDP Login page. He authenticates against the federated IDP, gets back to the Website and is logged in there.
Everything is fine in this scenario.
The same web application offers a REST Api, too. With this connection I have some trouble. There is no human user who is consuming this API, but I have a service account created in ADFS.
First of all I need to get the access code:
https://demo-cognito-trg.auth.eu-central-1.amazoncognito.com/oauth2/authorize?response_type=code&client_id=1************q&redirect_uri=https://my-redirect-domain/management&state=STATE&scope=openid+profile+email
From that URL I can get the authorization code and use this to get an access_token from the oauth2/token endpoint. But when I do a GET on this ressource, I get a webpage where I need to authenticate myself.
What call do I need to perform so that I can use f.e basic auth to signin my service user?
I want to integrate Google one tab login to our App but we are using the Keycloak as an SSO server.
Scenario:
In Google one tab login, after the user successfully logged in to Google, the font-end app receives an Idtoken as a part of the response from Google then our front sends that token to the backend server.
Backend after verifying the IdToken, first register the user in Keycloak and then return an access token (that is generated by Keyclaok) to the user.
The question is:
How can I get a token for the user that is registered from Google IdToken, because this type of user doesn't have a password then it's not possible to use it that way?
I am creating an application in Google App Engine java. In this application I have to authenticate the users using OAuth2. These users belongs to other Service provider lets say example.com(means they have their account on example.com). I checked the Google App Engine documentation about Authentication and Authorization through OAuth. In this documentation they just provide the way to authenticate and authorize the google users not the other domains user. I have also checked the OpenID functionality in google app engine but I don't need this because example.com don't provide OpenID endpoints to authenticate user. please help me to derive a solution to authenticate the user.
I solve this problem by myself. I use Google OAuth Client Library for Java. This library can handle OAuth 1.0 and OAuth2.0 communication.
I'm developing a web application that has a REST api. At the moment the Api are protected in the server side trough spring security with a form-login authentication. Recently I also added spring social to allow access with facebook and twitter and all this works. So a user has to be registered to access some endpoint.
Now I have to build a mobile application that has to access the REST api and I was wondering what strategy I should use.
I saw that facebook has a android/ios sdk to allow the authentication on mobile side. So once theuser is authenticaded on the mobile I should do the request to my server so how should I authenticate the user on the server side to access the resources?
If you think that is not a good solution can you give me an advice how I should solve this problem?
Two options:
Your mobile app can login to your API the same way your other client code does, via form-login or spring social. Simply send the same session ID cookie with your API calls after login.
You can allow your app to accept a username and password as HTTP headers via HTTP-Basic, to save yourself the initial login step. This might be more useful if you don't need to make a lot of API calls per session.