access-token | 易学教程

Handling Expired Token From Api in Angular 4

阅读更多关于 Handling Expired Token From Api in Angular 4

问题 I need help in handling expired token in my angular application. My api has the expired time but my problem is when i forgot to log out of my angular application, after some time, i still can access the homepage but without data. Is there something i can do about this? Are there libraries that can handle this? or are there something i could install? Better, if i nothing will be installed. Here's my authentication code below? Can i add anything that can handle expiration and I won't be able to

How to post to a Facebook Page (how to get page access token + user access token)

阅读更多关于 How to post to a Facebook Page (how to get page access token + user access token)

I am trying to work out how to post to a Facebook page wall, when using my app as a different Facebook User (who is not the Page Administrator). I get a range of error messages while testing: Exception: 200: The user hasn't authorized the application to perform this action The page administrator has visited the app and accepted the following permissions: publish_stream, manage_pages, offline_access Here is the code I plan to use: // Insert Page Administrators ID here // This user is not the same user that is currently logged in and using the app // This user is the page administrator who has

If I enable migrations “July 2013 Breaking Changes” of my app, then search user by email wouldn't work

阅读更多关于 If I enable migrations “July 2013 Breaking Changes” of my app, then search user by email wouldn't work

I'm using the search graph API to search for users by email. Here's an example of how I do that: GET https://graph.facebook.com/search?q=Sample%40gmail.com&fields=name%2clink%2ceducation%2cid%2cwork%2cabout%2cpicture&limit=2&type=user&access_token=... Before the July 2013 Breaking Changes it was working fine. Once I enabled the breaking changes I start getting HTTP 403 saying that that the access token is not valid. HTTP/1.1 403 Forbidden Access-Control-Allow-Origin: * Cache-Control: no-store Content-Type: text/javascript; charset=UTF-8 Expires: Sat, 01 Jan 2000 00:00:00 GMT Pragma: no-cache

OAuth Refresh Token Best Practice

阅读更多关于 OAuth Refresh Token Best Practice

问题 I am implementing OAuth for a project, and I want to know the best way to handle refresh tokens. The API I call will return a JSON object with access_token, expires_in, and refresh_token. So I was wondering, is it better to: Calculate the time when the access_token will expire, store that in the database. Check that the access_token is not expired every time I make an API call, and if it is expired then use the refresh_token to get a new access_token. (Additional Question: how do I make sure

NodeJS REST authentication using Passport and OAuth2 + social network

阅读更多关于 NodeJS REST authentication using Passport and OAuth2 + social network

问题 I'm working on REST api using NodeJS . For authentication I decided to use Passport . I want truly RESTful api. So it means I have to use tokens instead of sessions. I want to let users login using username and password, or using social networks like Facebook, Google and Twitter. I make my own OAuth2.0 server for issuing Access and Refresh tokens using oauth2orize module. So now I can register new user and then issue them tokens. I followed this tutorial: http://aleksandrov.ws/2013/09/12

Get a token by Github API

阅读更多关于 Get a token by Github API

问题 I manually created a token in Github -> Settings -> Personal access tokens -> Generate new token and chose only repo scope . This token works fine, so with it I can push into organization I have write privileges. Then I want to do the same (get an access_token) by github-api . params = dict(client_id=client_id, client_secret=client_secret, code=code) url = url_concat("https://github.com/login/oauth/access_token", params) req = HTTPRequest(url, method="POST", headers={"Accept": "application

How to store an auth token in an Angular app

阅读更多关于 How to store an auth token in an Angular app

问题 I have an Angular application (SPA) that communicates with a REST API server and I'm interested in finding out the best method to store an access token that is returned from an API server so that the Angular client can use it to authenticate future requests to the API. For security reasons, I would like to store it as a browser session variable so that the token is not persisted after the browser is closed. I'm implementing a slightly customized version of OAuth 2.0 using the Resource Owner

Why are Refresh Tokens considered insecure for an SPA?

阅读更多关于 Why are Refresh Tokens considered insecure for an SPA?

I was reading the documentation on the Auth0 site regarding Refresh Tokens and SPA , and they state that SPA's should not use Refresh Tokens as they cannot be securely stored in a browser, and instead use Silent Authentication instead to retrieve new Access Tokens. A Single Page Application (normally implementing Implicit Grant) should not under any circumstances get a Refresh Token. The reason for that is the sensitivity of this piece of information. You can think of it as user credentials, since a Refresh Token allows a user to remain authenticated essentially forever. Therefore you cannot

Where is the information about the authorization token stored on the ASP.NET WEB API server?

阅读更多关于 Where is the information about the authorization token stored on the ASP.NET WEB API server?

问题 In my Web Api 2 Identity 2 application after user registration I have a single record in single table: AspNetUsers. I use the following http request to get token: POST https://localhost:44304/Token HTTP/1.1 Accept: application/json Content-type: application/x-www-form-urlencoded Accept-Encoding: gzip Content-Length: 68 Host: localhost:44304 Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4) grant_type=password&username=somemail@gmail.com&password=123456 and I get the

How to use RemoteTokenService?

阅读更多关于 How to use RemoteTokenService?

问题 I have a separate ResourceServer built using Spring-Security-oauth2. Here is the code RemoteTokenService. @Bean public ResourceServerTokenServices tokenService() { RemoteTokenServices tokenServices = new RemoteTokenServices(); tokenServices.setClientId("sample_test_client_app"); tokenServices.setClientSecret("secret"); tokenServices.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token"); return tokenServices; } When I'm accessing the resource server with AccessToken I get the