oauth

问题 In the new Open Graph Beta Auth Dialog does the "Add Data to Profile URL" essentially serve as the callback URL where Facebook will send the user after they click the "Add to My Timeline" button? In a related question, will clicking the "Add to My Timeline" button in the new auth process in itself generate posting an item to the new Timeline page for the user? Since these new features are in beta, we're not sure what to expect. 回答1: Have a look at: https://developers.facebook.com/docs/beta

问题 I'm porting my application to Electron and I was surprised to find out that the Dropbox authentication doesn't work in this environment. It does work in Chrome though. The sign-in buttons remain disabled and the labels appear over the inputs. The following message is displayed in the console: The Content-Security-Policy directive 'worker-src' is implemented behind a flag which is currently disabled. I'm testing using dropbox@2.5.7, electron@1.7.7 on OS X. I found a similar question, but it

问题 Does anyone know how to use 2-legged OAuth with google-api-java-client? I'm trying to access the Google Apps Provisioning API to get the list of users for a particular domain. The following does not work HttpTransport transport = GoogleTransport.create(); GoogleHeaders headers = (GoogleHeaders) transport.defaultHeaders; headers.setApplicationName(APPLICATION_NAME); headers.gdataVersion = GDATA_VERSION; OAuthHmacSigner signer = new OAuthHmacSigner(); signer.clientSharedSecret = CONSUMER_SECRET

问题 I'm developing an installed application that accesses the google-api via OAuth2. There some security problems I currently know no real solution for. Doesn't matter how hard I obfuscate my client-secret a determined person can retrieve and use it. Two problems arise from this: somebody uses my client secret to modify user data: so far it seems that an installed application needs to be authorized again when no refresh token is used. However I'm not sure if this is part of the client api I use

问题 I am trying to allow users to log in to my MVC4 site using their Facebook, Twitter, Google or Microsoft accounts. The page loads fine but when clicking one of the buttons to authenticate with one of these services, I get an error. System.ArgumentNullException: Value cannot be null. The error refers to this line of code in the Account Controller because Provider is null OAuthWebSecurity.RequestAuthentication(Provider, ReturnUrl); This line of code belongs to this controller action internal

问题 I set up a developer acct under our shop, to access our sales receipts. I decided to use RestSharp to make my requests. I have proved it works for none Oauth required calls. I have successfully received my accessToken and accessTokenSecret. So i use those along with the customerKey and customerSecret to make a ForProtectedResource call, for a oauth request as follows but always receive "This method requires authentication". I'm hoping its something simple I'm missing. I thought, all I need to

问题 I am trying to make a web application that we can get an access token in 'password' grant type by just call some http basic request For example When I call http://localhost:8080/demo4ssh-security-oauth2/oauth/token?client_id=mobile_1&client_secret=secret_1&grant_type=password&username=zhangsan&password=123456 I can get the following token {"access_token":"4219a91f-45d5-4a07-9e8e-3acbadd0c23e","token_type":"bearer","refresh_token":"d41df9fd-3d36-4a20-b0b7-1a1883c7439d","expires_in":43199,

问题 Is it possible to get user details (attributes belonging to the resource owner) from ForgeRock's OpenAM using an OAuth 2 access token? I have a trusted SPA UI that is able to get an access token from OpenAM using the Resource Owner Password Credentials Grant type. However, that access token gives me no information about the resource owner. The token_info endpoint similarly gives me no information. OpenAM seems to have endpoints for listing user attributes, but expects a JWT as means of

问题 I am about to create mobile applications (iOS, android, ..) to support existing web application and now thinking how to provide a secure API (ASP.Net Web API) from my web to our mobile apps. OAuth seems the best way to do it. From what I understand, it is designed to enable 3rd party applications written against our API. But I only use the web services just for my own apps. Do I need to go with OAuth, or is there any simple way? 回答1: There is a 2 legged version of OAuth that is designed for 2

问题 I am about to create mobile applications (iOS, android, ..) to support existing web application and now thinking how to provide a secure API (ASP.Net Web API) from my web to our mobile apps. OAuth seems the best way to do it. From what I understand, it is designed to enable 3rd party applications written against our API. But I only use the web services just for my own apps. Do I need to go with OAuth, or is there any simple way? 回答1: There is a 2 legged version of OAuth that is designed for 2