I am developing few REST webservices using Java Servlet. I would like to use google OAuth2 for authenticating my client and use oauth token for exposing my webservices.
As per the guideline on following url: Using OAuth 2.0 to Access Google APIs
For Web Apps I followed below steps:
Registered my application with Google development console.
Created new Client ID and Client secret.
After that I have used below Google authentication end point to generate authorization code on server: https://accounts.google.com/o/oauth2/auth
With query parameter define here: Using OAuth 2.0 for Web Server Applications
Response of above URL gives me authorization code as query paramters, I use that code to generate oauth Token using https connection.
https://www.googleapis.com/oauth2/v3/token
Query parameters are
code
client_id
client_secret
redirect_uri
grant_type
When I call https://www.googleapis.com/oauth2/v3/token service to generate oauth token from server, I am getting Java Exception.
java.security.AccessControlException: access denied ("java.net.SocketPermission" "www.googleapis.com:443" "connect,resolve")
Please help me if I missing any configuration or am doing something wrong.
Related
I have a jhipster generated monolithic application with Java bakend and React Frontend.
Now I am building up the api (backend) and want to test the endpoints with postman.
Too access protected ressources for example access only allwod with role USER, so I need to pass the acces token in the Authorizations Header of the request in Postman.
How can I get such a User Token from auth0 to put that token into Postman?
I tried to find answer but was not able to.
You can create an access token using Auth0's CLI:
auth0 test token -a https://<your-auth0-domain>/api/v2/
I'm trying to log in users to a Java Web application written in Java Spark framework using firebase Auth REST API here. Reason is since I couldn't find a better way to integrate with Firebase from this framework.
I can use VerifyPassword end point to login using email provider. But I want to use the Microsoft provider in firebase Auth Console instead of email.
Is there a way to use Microsoft Authentication through firebase using the REST API?
Thanks in advance!
There is. You are looking for Sign In With OAuth Credential section in the Firebase Auth REST API documentation.
You can sign in a user with an OAuth credential by issuing an HTTP POST request to the Auth verifyAssertion endpoint
However, the process won't be pretty straightforward like it is when using Firebase SDKs. You would have to get an access token from Microsoft (or any auth provider) and then pass it in the request body of Firebase's REST API.
When i am trying to get access token through client credentials flow in okta ,i have got sucessfully,but by using that access token i am not able to fetch any user details.Like the code below
token.getTokenAttributes().get("uid").toString();
The above token object is jwtAuthenticationToken Which is used in web application.
i am using spring-boot okta
The Client Credentials flow is intended for server-side (confidential) client applications with no end user, which normally describes machine-to-machine communication.
It wouldn't have user context and it won’t have a user tied to the access token.
I have a Web API built in Java that returns database information to an SPA. I need to check the user's group information using AAD Graph API before delivering the response. Right now the Web API accepts the request and reads the user's token (eyJ...).
What are the next steps for the application to be ready to send a request to Graph API on behalf of the user?
I have tried sending the request with the Authorization: Bearer ey... header using the user's token but receive a Authentication_MissingOrMalformed error. I have also tried various edits to the app manifest and delegated permissions with no luck.
The access token that your API received is intended only for your API. What you need is to obtain a new access token, on behalf of the current user, for the Azure AD Graph API.
Fortunately, this is exactly what the on-behalf-of flow is for. From Authentication Scenarios for Azure AD:
Delegated User Identity with OAuth 2.0 On-Behalf-Of Draft Specification
The flow discussed below assumes that a user has been authenticated on another application (such as a native application), and their user identity has been used to acquire an access token to the first-tier web API.
The native application sends the access token to the first-tier web API.
The first-tier web API sends a request to Azure AD’s token endpoint, providing its client ID and credentials, as well as the user’s access token. In addition, the request is sent with an on_behalf_of parameter that indicates the web API is requesting new tokens to call a downstream web API on behalf of the original user.
Azure AD verifies that the first-tier web API has permissions to access the second-tier web API and validates the request, returning a JWT access token and a JWT refresh token to the first-tier web API.
Over HTTPS, the first-tier web API then calls the second-tier web API by appending the token string in the Authorization header in the request. The first-tier web API can continue to call the second-tier web API as long as the access token and refresh tokens are valid.
Be sure to configure your API to request the right set of permissions for the Azure AD Graph API.
Edit: If you are constructing the token request yourself, the request that your API would make to Azure AD to get a new token to the Graph API on behalf of the current user would be a POST against:
https://login.microsoftonline.com/{tenant-id}/oauth2/token
With the following parameters in the body (un-encoded, for readability, in reality these would be application/x-www-form-urlencoded, of course):
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&
requested_token_use=on_behalf_of&
assertion={access-token}&
client_id={api-client-id}&
client_secret={api-client-secret}&
resource=https://graph.windows.net&
scope=openid
Where {tenant-id} is the directory identifier (domain name or Guid value), {access-token} is the access token that your SPA provided to your API (the one you're exchanging for an access token to the Graph API), {api-client-id} is the client ID for your API, and {api-client-secret} is the API's secret password credential.
(Note, for simplicity, this example uses password credentials (client_secret) to authenticate the API, though it could very well be using instead an assertion signed by a client certificate.)
I'm building a backend for my Android app using GAE, and I'd like to authenticate users with their Google accounts, sent from the Android app.
Before OAuth2, you were able to use a Cookie retrieved from the _ah/login endpoint to authenticate users into your web app, but that method is deprecated and I'd like to be able to use the updated OAuth2 method.
In my Android app I've been able to generate a JSON Web Token using the following line:
String jwt = GoogleAuthUtil.getToken(FamiliarActivity.this, Plus.AccountApi.getAccountName(mGoogleApiClient), "audience:server:client_id:1234567.apps.googleusercontent.com");
or an OAuth token:
String oauth2 = GoogleAuthUtil.getToken(FamiliarActivity.this, Plus.AccountApi.getAccountName(mGoogleApiClient), "oauth2:server:client_id:1234567.apps.googleusercontent.com:api_scope:https://www.googleapis.com/auth/plus.login");
Either, manually, I can pass to my API and validate against Google. But I haven't been able to figure out a way to use a token like this to trigger authentication in GAE like the Cookie used to. The documentation seems to indicate passing it as a header: Authorization: Bearer <TOKEN> but that doesn't seem to work.
What is the correct way to retrieve and pass a token to my GAE endpoint so that it authenticates the user?
The correct and documented way to accomplish this is to:
1) Create an OAuth protected endpoint with the
https://www.googleapis.com/auth/plus.login
or
https://www.googleapis.com/auth/userinfo.email
scope and authorized Client ID for the Android client app.
2) Generate client library and integrate with your app.