I've Googled around, though I can't seem to find an answer.
Currently using Google endpoints with android studio.
I'm looking to send a Facebook request via my backend server (java). (Assume i have the access token).
How can I achieve this?
please include code and examples of what you have tried to do already. Your questions needs to be specific about a programming issue. Right now it is too general.
Though I'm not 100% about this, I believe facebook doesnt allow this to work. Access tokens should not be shared. And servers shouldnt be able to pretend to be other clients.
Any allowed uses of the fb API will be done using the server's own access token, and not any other.
Related
We are developing a Java application that is supposed to show models from users store.
initially, I'm trying to allow users to login using their autodesk account, and check if they are entitled to access my app.
I couldn't find any good example to show how it is done, I just want to confirm that what I will be doing is the recommended thing or if there is better options.
First, on app start, I will show an embedded webbrowser that will open
"https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id=XXX&redirect_uri=XXX&scope=XXX"
the app will get the url from our server (so not saved locally) and the call back is pointing to an api on our server. then as user login and consent, will get the code from the url, close the login dialog and continue to get the bearer token using plain rest apis to /authentication/v1/gettoken.
As I said, not 100% sure if this is approved way or not or even if it is doable or not. so thought to check before we implement it.
After that I will just use rest apis to browse and get the model.
any thoughts or complains ?
Thanks in advance
Rest assured that the workflow being proposed here is actually orthodoxical and well “approved” by our official tutorials:
https://forge.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token/
http://learnforge.autodesk.io/#/oauth/3legged/
Unfortunaly the code sample for that bit is in node and we are still working on a Java equilvalent
Some of our endpoints require 3-legged oauth to access personal data - see here for an example and you can always refer to the authentication context section of each endpoint for the oauth flow required.
I know this is a pretty noob question but I've been reading some manuals and documentations and can't figure something out.
I have an automation suite (in Java/Groovy) that in some cases needs to query an email inbox to check that a message with a given subject has been received and also probably delete all messages older than X. That's pretty much all I need to do and I've been looking into creating a gmail account and using the Google API Java client that's available here -> https://developers.google.com/api-client-library/java/apis/gmail/v1 but I can't figure our how to actually do it.
Right now what I have absolutely no clue how to do is the authentication. I can probably figure out how to interact with emails by going through the methods/code but I can't find any examples on how to authenticate so that the code can get access.
I tried looking for examples here and checking the code here. I know the answer is there but I still can't wrap my head around how to implement the code to sign in/authorize based on a username and password.
Thanks!.
This is the link you need. In this page it's explained authentication mechanism for Google API. They are using OAuth 2.0, which is probably the most used authentication method nowdays.
There is a standard flow that takes the client from credentials to an access token that can be used to perform authorised requests. This flow is described in the OAuth specification which is very useful to understand. Many APIs use it.
If you have specific questions, please let us know.
I am using Google App Engine with Java.
I would like to know, how to integrate custom JWT based authentication in Google App Engine.
I have seen https://developers.google.com/identity/choose-auth but I dont want the users connected with Google Account. I also want the users to sign in without an email address, but a username.
I searched on the internet but everywhere I looked, it is talking about the Google based authentication.
Thanks in advance.
It seems at the moment, there is no library available for doing this.
Also I was unable to find any documentation to do this.
Here is how I implemented it.
The client passes JWT in the Authorization header.
At the API endpoint (not in Filter, it wont work), I extracted the header and validated the JWT. I throws Exceptions from the validation function itself, so that I don't have to repeat a lot of code.
I have an app and a server side service which my app communicates with with JSON.
I need to impliment security so that if someone gets hold of the urls they will only be able to just call them.
I know i need to use Oauth2 but I don't know how to exactly.
I have read this and it seems to be what I want but it's using google accounts.
Can anyone give me an example or steps I must take to make sure only my app is able to get a response from my server?
You can add accesstoken for each http request.It can be just a string.
As you know, if you want to use oauth/oauth2, you should implement your oauth server. And if you really want to do so, you could find some opensource project. But in a simple way, just add a app code(like the accesstoken, anything just used to identify your app) manually to each http request. in this way, if others know your app code, they are also able to send request to your server.
I'm finding a lot of problems trying to develop a google app to place in the market, with OpenID and accesing some google apis like G+ from the backserver on GAE
I have applications running using google apis to acces G+ data, with 3 legged oAuth (code flow) without problems and i understand the "magic" behind the scenes, but i'm getting lost with OpenID and google market. Do i need to do the 3legged oAuth after the user pass the OpenID google filter, and send the user to acept the G+ permission API to use that token to access google apis? If this is the case, what happen if the user access the application from his company gmail account, and when prompted to accept the g+ access, he change accounts? Is there any good reading that make things easier with google apps, openID and access google apis from GAE?
Why I can't specify the scope of G+ when sending my application to the market, in the app conf files?
In this scenario, what is the best way of getting the user g+ profile (picture, fullname, nickname? What i'm missing? google documentation is really good, when you find the correct one ,but a lot of links are dead and millions of examples with deprecated gdata apis are flooding the net...
Ok, after further reading and testing i came up with this points:
Google Marketplace just alow you to access this apis without extra "oAuth dances"
If you want to access more APIs than the listed above, you need the oAuth exchange to get specific token/s for the APIs you want to access.
In my case, i want to access G+ API before the openID from market, so after logging the user with openID, i need to redirect him to google api oAuth accept screen (just for the first time)
More things about the market that take me long time to catch:
- Billing API and license API are deprecated, this mean you are responsible for billing your users and keep them tracked to know if a given user has paid the application or when the license has expired
- You need to map /_ah/login_required becouse your application should be setted (when you create it) to only accept federated logins, wich will lead to a redirection to /_ah/login_required from where you need to do the openID stuff.
A lot of links in the documentation are broken and the examples are too old :(
It's actually a little simpler now with the new Google Apps Marketplace experience. If you follow the steps in the docs and make sure you ask for the same scopes in your App Engine code, the user should never be prompted.