oauth-2.0

问题 I'm trying to create an Electron app (using Electron.net and MVC) with user sign-ins using Discord's OAuth2. However when loading up the OAuth2 page, Discord thinks that I'm using a broken installation of Discord. I assume that this is because the Discord desktop application also uses Electron. When not using Electron, the link opens fine. So far I've attempted changing the User-Agent (both in the Electron startup code and directly on the link with Javascript) used by Electron as I believed

问题 I am creating a native android application and I am using keycloak authentication, because my web app and my API is already configured with keycloak. I setup Facebook and Google as identity providers for keycloak but now I don't know how I am supposed to configure it in the Android application. For the general authentication I am using retrofit with rest calls to get the token and after that I am storing the token in Android Account manager. I want my android app to successfully authenticate

问题 I need a bit of help understanding which is the problem with Microsoft Identity Platform login on my cms (ASP.NET Webforms). It used to work without problems, last time I tried was maybe a month ago. Now I'm receiving a "400 bad request" response on the second step of the code flow authentication, when I send back the authorization_code that I received after the user login to the token endpoint, to request the access_token. The original GET request to send the user to the Microsoft login

问题 I am trying to hit a post request to "https://login.microsoftonline.com/<My_Tenat_Id>/oauth2/token" from my Java Code, but I am getting the error "invalid_grant: AADSTS50126: Error validating credentials due to invalid username or password". I have verified the credentials and they are correct(I am able to login to Azure portal and see my AWS APP for SSO). I even tried hitting the same request from postman, but then also same issue. The parameters I have passed are: "grant_type", "password"

问题 I'm trying to get familiar with the google calendar api. In the getting started guide they have this code example: from __future__ import print_function import datetime import pickle import os.path from googleapiclient.discovery import build from google_auth_oauthlib.flow import InstalledAppFlow from google.auth.transport.requests import Request # If modifying these scopes, delete the file token.pickle. SCOPES = ['https://www.googleapis.com/auth/calendar.readonly'] def main(): """Shows basic

问题 I have an api and an Angular SPA that's completely separate from it, and they have different origins/hosts, I figured out the implementation to be like this: The user gets into the SPA, the SPA gets a CSRF token from the api (I'll have an endpoint that generates such tokens), the user clicks a 'sign in with Google' button that redirects him to Google's consent page (the CSRF token will be sent as a state field, also the client id will be sent), after the user's agreement Google Auth redirects

问题 I need to access non-Public Google Site using Curl. Is it possible to GET a Google Site page using curl and sending in Bearer Token as part of the Authorization header? I usually do this with Spreadsheets. But can't get it to work with Google Sites. 回答1: This is not possible currently with the new Google Sites. Google doesn't provide an API for this. 来源： https://stackoverflow.com/questions/50477342/accessing-a-non-public-google-sites-page-using-curl-bearer-token

问题 I'm working on auth between a Chrome Extension, Google Cloud Platform, and trying to send the id_token JWT to an AWS server to retrieve user data (and/or establish a session?). My question is this -- how can I prevent chrome extensions with tabs permissions from reading the GET request or the redirected URI which has the fully-validated user JWT? The JWT confirms that a user is who they are, but how do I know my Chrome Extension is the one making the request to my backend? I have a few ideas:

问题 I am trying to secure my application exposed as LB using oauth2_proxy, I have created 2 ingress resources as required one for running the oauth2_proxy and another for accessing my application which is to be secured through authentication. Refer link [https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/oauth-external-auth]. I have followed the exact process as mentioned in this link. When I hit my FQDN or Domain Name in browser it asks for authentication and upon

问题 I have an Azure AD registered App and a AD user. I would like to use authorization flow in my c# console app to first get the authorization code as mentioned in this article https://docs.microsoft.com/en-us/graph/auth-v2-user and then exchange that auth code to get an access token. I would eventually like to store the access token and refresh token and use it for offline scenarios. I created a Httpclient and did a post request to get the authorization code but the Microsoft Consent screen