access-token

问题 I need to refresh the user linkedin access token without them having to go through the initial authorization process all over again. I have also looked at this documentation http://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens, but It doesn't work because my users authorize the app through regular OAuth and the article uses the JS OAuth. (Not sure, if there is a difference between two processes, and if there is a difference between access tokens received from

问题 I am using Azure AD to authenticate the users. I want to add few user claims specific to my application. Should I do it in Application_PostAuthenticateRequest` in global.asax ?. Is there a way I can cache my claims too ? 回答1: If you are using the ASP.NET OWIN middleware, there are specific notifications you can use for that purpose. Claims added in that way will end up in your session cookie, so that you won't have to repeat the claims augmentation logic in subsequent calls. See http://www

问题 We are using IdentityServer for authentication and we are validating the access token using JwtSecurityTokenHandler ValidateToken. This used to work fine, but after we upgraded our client application to ASP.NET Core 1.0 RTM (from RC1), the validation fails. The received error is: IDX10501: Signature validation failed. Unable to match 'kid' When I look at the KeyID of the used certificate and the kid of the token, I can see that they are different. I checked the IdentityServer jwks-endpoint to

问题 i have a little question. At the moment my Spring configuration uses the DefaultTokenServices (provided by the spring-security-oauth2-2.0.0.M3.jar). It generates correctly the access_token. Now what i will do is to cancel/delete/remove/revoke this token when i do a logout. In the security.xml i configured the logout in the http tag: <sec:logout logout-url="/logout" logout-success-url="/auth" invalidate-session="true" delete-cookies="true" /> and the redirection is successfully. But if i write

问题 I'm using twitter4j to get user token and secret. I have a problem when twitter should redirect back to my app after the login. The browser stay in foreground and the activity is never resumed. Here is the activity declaration in the manifest: <activity android:name=".TwitterActivity" android:screenOrientation="portrait" > <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent

问题 By following the facebook sample for login and posting, after I do login and I get name and photo of my profile , when I try to post on wall in the following part.. if (accessToken != null) { pendingAction = action; if (hasPublishPermission()) { handlePendingAction(); } else { LoginManager.getInstance().logInWithPublishPermissions(this,Arrays.asList(PERMISSION)); return; } } I get ACCESS_TOKEN_REMOVED permissions: [user_friends,public_profile,basic info] Why the permissions are removed if I

问题 I am working on an ASP.NET MVC5 Web App that uses Azure ADAL libraries to authenticate users, it works fine, however, when I manually send requests to graph, ex: GET https://graph.microsoft.com/v1.0/me or GET https://graph.microsoft.com/v1.0/groups?$filter=from/displayName eq 'whatever'. I have tried updating the App Registration in Azure as to add the required Graph permissions, and I have also tried creating new app registrations, no matter what I do my requests will always respond 401

问题 I've been looking for an exact answer but it seems most answers are client call and out of the scope. Question: I already have an access token access token. How to get a claim using c# code given an access token ONLY? I think: Below are the same questions but no answers i think fits. How to get the claims out of a authenticated SecurityToken How do I read claims from my Oauth token? 回答1: Install-Package Newtonsoft.Json The access token is just base64 encoded JSON. You can parse the token as

问题 i want to show public contents from instagram related to a specific hashtag (everything works fine with that) but i can't to renew the access_token everytime it expires. ("do not assume your access_token is valid forever." - https://www.instagram.com/developer/authentication/) To renew it manually is not an option i have to make sure there is a valid access_token at ANY time without re-authenticating. Any ideas or questions? :) 回答1: I have one idea, but without API (and access_token ). You

问题 I walkthrough this official ASP.NET tutorial, and the bearer token is published as below JSON. { "access_token":"boQtj0SCGz2GFGz[...]", "token_type":"bearer", "expires_in":1209599, "userName":"Alice", ".issued":"Mon, 14 Oct 2013 06:53:32 GMT", ".expires":"Mon, 28 Oct 2013 06:53:32 GMT" } I'd like to add user profile properties along with the above resul in order to reduce number of requests from clients. The example is as below... { "access_token":"boQtj0SCGz2GFGz[...]", "token_type":"bearer"