access-token

问题 I have a refresh token that got generated for office365 login. I generated it using the following set of permissions openid offline_access Calendars.ReadWrite.Shared profile email https://graph.microsoft.com/User.Read Now I want to generate an access token from the refresh token with some different set of permissions like following Group.Create, Group.ReadWrite.All, Directory.ReadWrite.All Is it possible to have an access token from refresh token with some different set of permissions? Any

问题 I'm using JWTs for authenticating users for my app. When a user logs in they are given an access token and a refresh token. To keep the refresh token safe, I don't store it on the client-side, but save it on the back-end with their account so it's not easy to access. I'm confused about the security of refresh tokens though, here's the logic that I'm understanding when I read online resources on how to use refresh tokens: authenticate store access token + refresh token somewhere (in my case,

问题 I'm using JWTs for authenticating users for my app. When a user logs in they are given an access token and a refresh token. To keep the refresh token safe, I don't store it on the client-side, but save it on the back-end with their account so it's not easy to access. I'm confused about the security of refresh tokens though, here's the logic that I'm understanding when I read online resources on how to use refresh tokens: authenticate store access token + refresh token somewhere (in my case,

问题 I'm trying to get information from the Gimmebar API (redirects to the access token step) and having problems with the last step exchanging the access token for the data. #getting access token successfully before this post_url = '/tags' headers = {'Authorization': 'Bearer %s' % access_token} query = '/collections' full_url = '%s%s%s' % (base_url, post_url, query) req = urllib2.Request(full_url, headers=headers) response = urllib2.urlopen(req) the_page = response.read() It breaks at the urllib2

问题 I am trying to make a DELETE request to the YouTube API but when I echo out curl_getinfo($ch, CURLINFO_HTTP_CODE) , it just says 0 which mean it failed. I have checked my API key and that's correct and so is the access code as i'm getting an access token using the refresh token. Is the cURL commands correct or should i be looking at the access code? $url = "https://www.googleapis.com/youtube/v3/videos?id=".$vID."MY_API_KEY"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt(

问题 I use a request dialog in my app where the user can send requests to their friends. Once the user sends the request i redirect the app to a page where it posts on the users page. I use the below code to get an access_token: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://graph.facebook.com/oauth/access_token?client_id='.APP_ID.'&client_secret='.APP_SECRET.'&redirect_uri=http://www.facebook.com/pages/Cosmetics/167231286678063?sk=app_233227910028874&grant_type=client_credentials');

问题 I am developing an ASP .Net Core 1.1 MVC web app which calls a web API using the "Authorization Code Grant Flow". I am using Auth0 for the authentication server. Following the Auth0 tutorials, at the point the user has successfully logged in to the web app, and now does something that makes the web app call upon the web api, it says I should get the access token as follows: public async Task<IActionResult> Index() { string accessToken = User.Claims.FirstOrDefault("access_token")?.Value; if

问题 I want to authenticate to Box Developer Edition using box-python-sdk, this way: auth = JWTAuth( client_id='YOUR_CLIENT_ID', client_secret='YOUR_CLIENT_SECRET', enterprise_id='YOUR_ENTERPRISE_ID', rsa_private_key_file_sys_path='CERT.PEM', store_tokens=your_store_tokens_callback_method, ) (1) I have created a private and public key using the App Auth instructions, and decrypted the private key. How do I get the CERT.PEM? (2) What is the your_store_tokens_callback_method supposed to do? 回答1:

问题 I have setup IdentityServer4 based on .net core 2.2 and configured Xero as an External Login using OpenIdConnect middleware. I have a client app which configures the IdentityServer for Authentication. What I like to access in the client app is not only authentication tokens from the IdentityServer but also the tokens from External login. There is a MS documentation which suggests to include the external login tokens in OnGetCallbackAsync : var props = new AuthenticationProperties(); props

问题 I want to create simple Google Chrome extention which would display News from Facebook. News feed can be retrieved by calling this: https://graph.facebook.com/me/home? access_token =... But I need access_token . Could someone give a hint how to define a JavaScript function which would return access_token when given YOUR_APP_ID. This function also should work inside Chrome Extention. Other examples on the internet did not work, because: I don't have a server. FB.getLoginStatus does not seem to