Let's say I have a simple application.
How to set up OAuth2 to allow another application to access to some parts of my application.
For example, when devs want to use the Facebook API, they use the Facebook API User interface that generate Client id, client secret etc.
So, this is what i want my website do. provide client credentials when they request them.Not necessary by building an UI but programmatically (JAVA).
In other words, what is the stack behind the facebook API OAuth UI ? Is there a simple framework to set it up quickly and easily ?
thank you
There are lots of frameworks for setting up OAuth in a Java application. I would recommend having a look at Spring Boot, for example.
Related
I want to use keycloak as a broker server for Identity and Access Management and I don't want to use login screen provided in keycloak as I have different clients like Android, IOS and web application using the same backend server.
I wan't to know if it is possible to create user, accept terms and conditions, send two factor authentication using SMS, have custom fields in login like adding adress using a POSTMAN/ RESTFul API. I know keycloak have provided API guide but they have not included anything about accepting terms and conditions, adding SMS based validations.
Following would be an opinion based question but, if these features are not available in keycloak, what are the other identify broakers I can use and it should be open source with capability to use my own database.
Edit:
I have checked auth0.com, okta/ stormpath but they are not open source and for custom database like in auth0 its requires enterprise edition.
I am looking for building an iOS/Android and Angular app with Java at the backend(REST API). Java will use spring framework. I am looking for the options for User authentication. iOS/Android App will be used by the client and Angular web app will be used my management. Angular web users will have different roles so requirement requires authentication(email and password) as well as authorization. Considering this I was thinking of using Spring Security with a custom UserDetailService. However I guess that will have issues with cookies. I looked into AWS Cognito Identity and Firebase and got more confused. It will be a great help if someone can share there experience with such requirement.
i had created basic login application in angular application by referring the links:
http://jasonwatmore.com/post/2015/03/10/angularjs-user-registration-and-login-example-tutorial
and i have used cakePHP3 for rest API generation and Token is generated on the the basis of JWT, JSON Web Token (JWT) is a JSON-based open standard used for passing claims between two parties in the context of web application environment. These token are specially designed to be very compact and URL safe. Their usability in the context of web browser single sign-on is also remarkable. JWT claims are useful for passing identities’ verification between service providers and identity providers. you'll find the reference links on internet.
for android and IOS you need to learn JSON parsing first. In android, JSON parsing can be done using OKHttpclient/Volley "android hive" is best site to learn jsonParsing and in IOS jsonParsing can be done using AFNetworking.
Hope this will help you.
The Ideal Project for you is Spring Security OAuth2. With this you can make your REST API Stateless and no need to worry about Cookies and Sessions.
I am developing a application which uses Spring Rest services. I am using basic auth for authentication. I know that it is unsecure. My end client are capable of handling OAuth. I want to use OAuth, can any one point me to how to do OAuth in Java. I saw some examples they mention about Twitter , Google and Facebook.But I don't want to use social networking sites.
OAuth is a concept, and not any library which you can inject, (of course libraries exists to implement that)
So if you want to have OAuth in your application (i.e your application has its own OAuth), you have to setup following things
Authentication Server
Provide Provision to Manage OAuth Clients
Manage AccessTokens
Check out the OAuth 2.0 Specification to get clear understanding of how it works and how to build your own.
https://www.rfc-editor.org/rfc/rfc6749
There are lots of resources describing OAuth usage in terms of clients, Facebook/LinkedIn/Twitter API usages. This is ok. But I am interested in OAuth server implementation. The aim is to have the web application which also can be accessible by the mobile devices (native applications), so I need to setup OAuth on my back-end Java server. So I would like to know how LinkedIn/Facebook/Twitter implemented OAuth on their server side, and distinguish users between auth_token-s and grant the corresponding access (some kind database mapping - auth_token = user identity?).
Or maybe there is the better way to authenticate mobile user (I'm going to use REST style services for back-end)?
Facebook, LinkedIn and Twitter have implemented OAuth following the specifications for OAuth 1 (Twitter LinkedIn) and the draft for OAuth 2 (Facebook, LinkedIn).
I would suggest going for OAuth 1, or OAuth 2 User Agent Flow. If your mind is set on OAuth that is. You could always go for simple basic authentication to begin with and focus on the really hard parts, namely the design of your API itself.
If your mind is set on OAuth, check out this list of code libraries: http://oauth.net/code/. And also read up on the specifications, if you want to implement an OAuth provider, you have to know and understand the specs. Otherwise you are in for a world of pain looking for out-of-the-box libraries that will solve everything "OAuthy" for you.
I am new to appengine. I will write application which consist of two parts.
1) Core written in app engine with REST interface for clients.
2) Client application written in J2EE on my other (not appengine) server. But here, client may use any other technology (android, swing etc.)
I dont know, how to handle authentication of users in this schema. I think that I am in the middle between standard login and installed applications.
The simplest solution that occured to me, that the client will request username+password, pass it to appengine application via https and it will authenticate.
But dont know how to synchronized the login with client app, because it will need also data from google applications...
Is there any solution or pre-prepared facility in Java how to handle this?
Thanks
You probably want to use OAuth for this; client login or using username+password is not a good way to do this, and informed users will be -- or SHOULD be -- hesitant to give away their passwords. There is a page for using OAuth within AppEngine applications written in Java which may be of use. There is also some support for Oauth in the GData client library for Java. The OAuth in the Google Data Protocol Client Libraries document may help you to understand how to use those features.