My application uses 3-legged authentication (OAuth).
I have the token (user was redirected to google login page to log in)
How can I get the e-mail address he used to authenticate?
you should look up user data using the access token. in facebook, the access token starts with user serial, so you can identify user from token directly. (ex. 123456-someStrangeStringBlahBlah...)
so if exposure of user serial is not problem, make token like facebook.
I think you want to use OpenID attribute exchange. (not OAuth, but Google has a bridge between the two).
See Google's page on their federated login API.
If you are using OAuth1.0 you can extract user email from the contactService by making a request to get for example contact group id. The returned response contains the user email encoded:
"http://www.google.com/m8/feeds/groups/user_email_here%40gmail.com/base/5f062e1e08cb3123"
Related
I've recently faced a problem.
My frontend use Oauth2 to authenticate my user on Azure (Organization). This giives me multiple information containing idToken and accessToken.
My Backend uses AADResourceServerWebSecurityConfigurerAdapter to authenticate the user thanks to the idToken put in the Authorization Bearer header from the frontend.
Unitil here everything works well. I can get the connected user with this:
public static String getConnectedUserEmail() {
return (String) ((AADOAuth2AuthenticatedPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getAttributes().get("preferred_username");
}
I use my backend app credentials to contact the graph api on behalf of the API itself.
Though, following Azure Ad documentation, I cannot query group/calendar on behalf of the API, I have to do it on behalf of the user.
To respect SOLID principles, I want to make the request from the backend, but on behalf of the user.
I cannot find any information about that.
So here is my final question: How can I make a graph API request in my backend on the behalf of the user?
Knowing that trying to use the tokenValue (idToken) of the user or the accessToken value returns invalid credentials from Microsoft.
You requested GET /groups/{id}/calendar to get group calendar as you said.
You can call Graph API with the access token using on-behalf-of flow, see here.
There is a sample using the On-Behalf-Of flow: https://github.com/Azure-Samples/ms-identity-java-webapi
Note: Make sure the following delegated permission is added.
I want use service principal which is the use of client_id and client_secret to get token and then pass this token to another api that get groups but i am getting 403.
I have created service principal group with name POWERBI_API_036 which contains my application with the name SystemServer
Now i have a server side application (SystemServer) This is also because i dont want to use username and password to get token because i want to create a way many customers to be able to authenticate without giving there password.
This is what i have now i succesfully generate a token but i am not able to use it to get groups or reports. -- client-id and secret have been changed for privacy
Added the token in header but i get 403. I am lost at this point on how service principal helps authenticate without password or what am i doing wrong ? Please
We are trying to implement Oauth2 on our app, in our App we are login using Sign In with Google, and this returns a lot of stuff like : UID, ACCESS_TOKEN, REFRESH_TOKEN, etc.. we are thinking to send from APP to server-side the UID and store it to DB linked with user like if it was its password.
From server side we want to on each call for instance : get_products, we are thinking to use an access_token but we don't know if it's the UID from user itself or we have to create another access_token with its refres_token with expiration time. So we have one UID from user and another access_token and refresh_token from oauth.
I'm not sure about the value you refer by UID. May be it's something that I haven't come across before.
But if it stands for USER IDENTIFIER, then you should not use it to identify the end user and maintain a session. UID could be a public identifier so anyone who knows will be able to communicate to your server. Also, think about user login through multiple devices. Your server won't be able to identify the correct session.
User access_token to initiate a session. In your server, use user-information endpoint to obtain validity details and end user information. Alternatively you may choose OpenID Connect.
How can I get twitter email Id on my web site.
I am using twitter4j api.
But while getting email it shows
Email: Twitter does not provide this!
In twitter4j api no method available to get email
user = twitter.showUser(twitter.getId());
twitterUser = new TwitterUser(user.getId(),user.getName(),user.getScreenName(),user.getLocation(),
user.getDescription(),user.getProfileImageURL().toString(),
user.getFollowersCount(),user.getFriendsCount(),user.getFavouritesCount(),user.getStatusesCount(),
user.getListedCount(),user.getCreatedAt().toString(),user.getTimeZone(),user.getUtcOffset(),
user.getLang(),user.getURL()!=null?user.getURL().toString():null);
Is there any way to get this.
Is there any othe api to get email and /FirstName/LastName .
Please suggest any solution for this.
Twitter does not provide an API for email retrieval. From their FAQ:
How do I obtain a user's email address?
If you'd like a user's email address, you'll need to ask a user for it within the confines of your own application and service. The Twitter API does not provide the user's email address as part of the OAuth token negotiation process nor does it offer other means to obtain it.
If you have a user's ID or screen name, you can get any additional information from the Twitter4J User interface.
Hi am regarding facebook php server side login..
http://developers.facebook.com/docs/authentication/server-side/
in that
$code = $_REQUEST["code"];
what is the meaning of this..., what is this code ?
Once the user has authorized your app, you should make a server side
request to exchange the code returned above for a user access token.
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&client_secret=YOUR_APP_SECRET
&code=CODE_GENERATED_BY_FACEBOOK
Note the "CODE_GENERATED_BY_FACEBOOK" comment.
$_REQUEST['code'] is most likely a token that guards against CSRF. Facebook will create this and give it to your application via $_REQUEST['code'] (could be a POST, GET or whatever).
If you're not sure what $_REQUEST is, you should read the PHP manual entry for it.
$code is like authorization token that you exchange for an access token that you will use later to make calls to facebook api. The part you're looking at handles redirect from facebook after user logged in to facebook and authorized your application to access their information. at this point facebook redirects user back to your site and passes code as a get parameter and that line grabs that code from $_REQUEST, which in this context is the same as $_GET['code']