oidc

First off, I'm not looking for the access token of a facebook account. I (or my facebook messenger bot) need the access token of a linked 3rd party account. The account was successfully linked as described here: https://developers.facebook.com/docs/messenger-platform/identity/account-linking Slightly off topic: The first issue I noticed that does not meet the OIDC/OAuth2 specs is, that the redirect URI given to the /authorize endpoint expects a param " authorization_code " instead of "code" with the actual authorization code . Ok, good thing we do not use off-the-shelf software for the IdP, so

I'm using Spring Boot 1.5.13 and with that Spring Security 4.2.6 and Spring Security oAuth2 2.0.15. I want to find a best practice setup for our Spring Boot applications that serve a mixed set of content: A REST API, and some web pages that provide a convenience "landing page" for developers with some links on it, plus Swagger based API documentation, which is also web content. I have a configuration that allows me to run the app with proper authorization code flow, hence I can access all web content via Browser and get authenticated by the configured IdP (in my case PingFederate), plus I can

I'm building a system with OIDC and OAuth 2.0 (using Auth0), and I'm unsure how to properly use the id_token and access_token . Or rather, I'm confused about which roles to assign to the various services in my setup. I have a fully static frontend-application (single-page app, HTML + JS, no backend) that ensures that the user is authenticated using the implicit flow against Auth0. The frontend-application then fetches data from an API that I am also building. Now, which is right? The frontend SPA is the OAuth client application My API service is an OAuth resource server ...or: The frontend and

Until a few days ago I could use the log out from google account procedure mentioned (among several others) in this link . The recommended log out URL is similar to: https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://localhost:4200/index.html But all of a sudden when navigating to the recommended URL, a redirection notice page appears instead of navigating directly to http://localhost:4200/index.html In this previous question a similar problem was reported, but also that the problem solved itself shortly after Can anyone confirm that the log