I have used various OAuth2.0 authentication based web application(facebook, twitter, quickbook, etc) and accessed their APIs for fetching data services. Now I am looking for developing an web based application which implements OAuth2.0 based authentication itself. User can create apps and get token and secret and other details. My programming language is Java. I could not find enough literature over the same.
I need some help in exploring the way to implement OAuth2.0 authentication or any specifications which can be implemented ?
I suggest working with Spring Security. It has very good extension for oAuth 2.0.
If you want an example in Java, based on Spring, have a look here.
Then, when you want to implement all necessary flows, like 'create account', 'forgot password', etc - you can use this project, that implements all these flows!
You can take a look at ApiFest OAuth20 project - https://github.com/apifest/apifest-oauth20.
It's written in Java and uses Netty as a server. As a storage, it currently uses Hazelcast(by default), MongoDB or Redis. Also, you can easily add another backend storage.You can see more about the project on http://apifest.com.
Good luck!
Related
I have been working on an app where the front-end (React) and back-end (Micronaut) are separate. They currently communicate via REST use Micronaut's built-in JWT authentication. I'd like to use something like Auth0 or Keycloak to avoid having to implement user management code.
Is that possible given the separation of my front-end and back-end? If so, are there any resources I can use? I haven't found many concrete answers to that question, but have been looking into OAuth's Client Credentials Flow. Is that what I want in this case?
Auth0 has documentation on how to do authentication through their authentication code flow which can work well for REST APIs. It uses jwts, but gives you an easy way to verify the jwts and get the token info using their get user info api.
If this is not what you’re looking for, I would recommend checking out the Auth0 authentication API docs. It walks you through setting up many different kinds of complex authentication flows and (in my opinion) makes them pretty easy to implement. Hope that helps!
I have to work on an application that old interns started. The backend is made with spring-boot and using Kotlin, which I'm very new to both. The backed is a RESTful API and I need to implement an authentication and authorizations to limit the access to specific users the CRUD methods.
There's basically two user roles I need to create, an admin and a moderator one that can have access to less methods.
Does anyone have a guide on to how to make it possible?
I've found this tutorial which seems like to do what I'm looking for but it's in java and I'm not able to code everything back into Kotlin.
Also, add access restriction on a websocket as well?
There is official guide for configuring security on Kotlin:
https://spring.io/blog/2020/03/04/spring-tips-kotlin-and-spring-security
Security for websockets has two parts for configuring:
for controllers
for message brokers
There is guide for that https://www.baeldung.com/spring-security-websockets on Java, but following the example in security configuration on Kotlin you will be able to convert Java to Kotlin, anyway you can always convert Java classes in Kotlin classes in your Intellij Idea as on image:
I am looking for building an iOS/Android and Angular app with Java at the backend(REST API). Java will use spring framework. I am looking for the options for User authentication. iOS/Android App will be used by the client and Angular web app will be used my management. Angular web users will have different roles so requirement requires authentication(email and password) as well as authorization. Considering this I was thinking of using Spring Security with a custom UserDetailService. However I guess that will have issues with cookies. I looked into AWS Cognito Identity and Firebase and got more confused. It will be a great help if someone can share there experience with such requirement.
i had created basic login application in angular application by referring the links:
http://jasonwatmore.com/post/2015/03/10/angularjs-user-registration-and-login-example-tutorial
and i have used cakePHP3 for rest API generation and Token is generated on the the basis of JWT, JSON Web Token (JWT) is a JSON-based open standard used for passing claims between two parties in the context of web application environment. These token are specially designed to be very compact and URL safe. Their usability in the context of web browser single sign-on is also remarkable. JWT claims are useful for passing identities’ verification between service providers and identity providers. you'll find the reference links on internet.
for android and IOS you need to learn JSON parsing first. In android, JSON parsing can be done using OKHttpclient/Volley "android hive" is best site to learn jsonParsing and in IOS jsonParsing can be done using AFNetworking.
Hope this will help you.
The Ideal Project for you is Spring Security OAuth2. With this you can make your REST API Stateless and no need to worry about Cookies and Sessions.
I am currently using Bitrix24 for HR management and task management.
Since it provides an option to integrate third party applications with it, I am stuck in how to implement OAuth for my application with Bitrix.
I went through documentation provided by Bitrix24 but it uses php code.
Is there any sample JAVA code available for OAuth implementation?
Unfortunately havent seen any examples on other that PHP languages, but
if you are already experienced with Java it should not be a problem.
In case you are working with bitrix24 cloud edition - you need to
1) create application for marketplace using you partner account and obtain secret key and application id
2) send this secret key and application id from your application written on any language and receive
3) receive request token and refresh_token and use them to access rest api provided by Bitrix24 https://training.bitrix24.com/rest_help/
more details on what kind of request you need to do: https://training.bitrix24.com/rest_help/oauth/examles.php
hope this help you.
You can use API like this for JAVA
I am adding LEADS from the API, and updating the same LEAD
to add the LEAD:-
Method: POST
URL:-
https://.bitrix24.com/rest/crm.lead.add
Parameters:-
{"fields[TITLE]":"LEAD_TITLE","auth":"AUTH_TOKEN"}
It will add the new LEAD in you Bitrix Dashboard.
I have 2 web applications one is in .Net and one in Java. I have to create single sign on facility between these 2 applications, I have created using cookies referring old questions from stack overflow. But it will not work if on browser cookies are disabled. Need better solution than cookies which should be secure too.
The standards based approach to achieve Web SSO could be SAML (http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf). Spring SAML security extension would make it fairly easy to integrate your Java based app. If you have .Net your may also have ADFS, which can act as a SAMLv2 IdP.
WS-Federation is more common in Microsoft env, however I'm not sure there is a nice lib/framework available in Java space.
You may also have a look at OAuth2. Actually it was designed to protect APIs but you can also use it to achieve Web SSO.