So, I have my script page and I want to get an output that generates on this page. It could've been done with default http client but the problem is that google requires authorization to access this page.
So how can I do it right?
I also asked about this before but now I realize that my question wasn't clear.
It is possible to post web app page to be accessible by "anyone even anonymous". So no auth is needed
Related
We are developing a Java application that is supposed to show models from users store.
initially, I'm trying to allow users to login using their autodesk account, and check if they are entitled to access my app.
I couldn't find any good example to show how it is done, I just want to confirm that what I will be doing is the recommended thing or if there is better options.
First, on app start, I will show an embedded webbrowser that will open
"https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id=XXX&redirect_uri=XXX&scope=XXX"
the app will get the url from our server (so not saved locally) and the call back is pointing to an api on our server. then as user login and consent, will get the code from the url, close the login dialog and continue to get the bearer token using plain rest apis to /authentication/v1/gettoken.
As I said, not 100% sure if this is approved way or not or even if it is doable or not. so thought to check before we implement it.
After that I will just use rest apis to browse and get the model.
any thoughts or complains ?
Thanks in advance
Rest assured that the workflow being proposed here is actually orthodoxical and well “approved” by our official tutorials:
https://forge.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token/
http://learnforge.autodesk.io/#/oauth/3legged/
Unfortunaly the code sample for that bit is in node and we are still working on a Java equilvalent
Some of our endpoints require 3-legged oauth to access personal data - see here for an example and you can always refer to the authentication context section of each endpoint for the oauth flow required.
I am trying to update an app that I wrote for Android that will automatically log a user into a captive portal at my university. The app worked fine last year with the portal URL hard coded in, however this year that won't work because they changed the server URL, I know what the URL is, so I simply changed it in my program ... which sort of works
There are two main problems, for me, with this approach.
hard coding is a pain in the ass to do every year, I also want to be able to make it future proof, so that hard coding the URL won't be necessary
for some unexplainable reason there are actually buildings on campus that will direct to the OLD authentication server, it truly boggles my mind why it would do that
I would like to be able to make an HTTP request and get the URL of the captive portal that is redirected to, how is that done?
Captive portals generally will intercept users' HTTP requests and issue a "fake" redirect to the portal's authentication page. Or they can simply replace the actual response with the login page.
If yours is a redirect-to-login, then simply do something like trying to load http://google.com, which can reasonably be expected to be truly available for at least the next few years. If the response comes in as a redirect to some totally different site, the redirect url is highly likely to be the portal's login page.
If it's a replace-the-response-with-login, then you should try to contact a known page with some known content, and see what you get back. if the response you got doesn't match you should have gotten, then you've gotten the login page and can try tearing apart the response and finding the login form via DOM operations.
Captivate portals uses 2 methods.
as described above. http redirect so the gateway takes you to another address.
ICMP - sending "better route" message
Still from my exprience on cases where non simple redirect happens the approach of expecting the redirect won't work.
We are integrating our Silverlight based Desktop Application ( which talks to Servlet based backend solution ) with Facebook login. We are able to redirect to Facebook login page using below url
https://www.facebook.com/dialog/oauth?client_id=<client id>&redirect_uri=http://localhost.example.com/fbsignin&scope=email
But the issue here is that somehow Facebook is redirecting Infinite/multiple times (with different-2 code value ) to our redirect url.
I checked on internet for same, and I think it is kind of known problem but all solutions provided only ask about updating PHP files or it SDK, but I am working on Servlet based bacend solution and not able to find any suitable solution to stop this multiple redirect.
Any Suggestion?
thanks
I think I had a similar issue.
When you get a request with the 'code' parameter, then you will want to send that back to FB. Doing so will allow you to get an 'access_token' in return.
Relevant documentation can be read at this link: Login Flow
And for clarity you would want to exchange the 'code' parameter for and 'access_token' by this GET request.
GET https://graph.facebook.com/oauth/access_token?
client_id={app-id}
&redirect_uri={redirect-uri}
&client_secret={app-secret}
&code={code-parameter}
In general, your question is similar to this question:
Get Facebook OAuth token from code parameter
So I've figured out how to access a non-secure webpage in java. However, I do not know how to access a webpage that fist requires you log in on the login page to view. Could anyone help me with this?
Your question seems similar to this one which points out that not only will you need to send along credentials in your HTTP request (as post or get parameters) but also you may need to consider handling cookies.
How do I login and download a file from a https web page from Java?
I am building a web application using Spring framework that requires users to make a payment. When the user posts a form, it redirects to Hp's payment website and processes the payments there before returning to my application. This method however leaves my applications vulnerable to security threats and form manipulations.
I now want to post the form to my server, validate users inputs and if necessary post data to hp's web server. I have already written a java code for posting a form from my code and getting the response back into a file from hp's site but am unable to figure out how to redirect the user to the hp website using the java form post. Can someone please help? I am new to Spring so am open to suggestions that would help me accomplish this task either using this method or another way to do so.
Thanks
Obviously you need to perform the redirect on the server side, not on the client side. Redirection is basically returning HTTP 302 with Location header pointing to new location. When browser receives such response it opens the URL in question rather than rendering the response like it is with 200.
If you can receive and validate your form all you have to do is send the redirect back to the browser. I don't know which web framework do you use. In servlets you simply say:
response.sendRedirect("http://www.example.com/payment/...");
In spring-mvc return the following string from your controller as opposed to a view name:
return "redirect:http://www.example.com/payment/...";