I have a Web Api project that I have already configured to use Facebook & Google authentication.
Facebook and Google both have a way of verifying the access token given on authentication step.
Facebook:
https://graph.facebook.com/debug_token?input_token={0}&access_token={1}", accessToken, appToken
These return the app_id or consumer key for my applications.
What is the process for Twitter?
The documentation I have read isn't very clear and what I have tried fails and returns a 404.
Twitter has nothing for verifying any access token similar to the Facebook request you site.
You can only get information about an already authenticated account. You would use account/verify_credentials. However, this endpoint does not return information about your Twitter application.
Related
I don't know why I can't find confirmation in the docs, maybe I am not navigating them correctly, although MSAL seems to have options to fit it into any application. This is my first time integrating a SAML sso procedure into any of my web-apps. I am just looking for some clarity on the correct, and secure way to verify the person attempting to login, is actually logged in with the IDP.
I am confused at the part after confirmation of login is given to my redirect API, I currently have it all happening on the front-end, then submitting the response to my back-end. Which is a RESTful API built with Django, and postgres database. At this point, I am thinking I need to verify my accessToken for authenticity, but I am unsure if I should be creating another PublicClient instance in python, and then sending the same commands to the IDP.
To guess at this point, I'm thinking this is wrong, as I need to verify the token, rather than get another Access and Refresh token. I'm thinking I just need to verify there is a session open with the IDP, and that the Access Token matches. Can anyone shed some light on this, possibly provide even just some direction.
The client Python Django Web App uses the Microsoft Authentication Library (MSAL) to sign-in and obtain an Access Token from Azure AD.
The access token is used as a bearer token to authorize the user to call the Python Flask Web API protected by Azure AD.
The Python Flask Web API then receives a token for Azure Resource Management API using the On-Behalf-Of flow.
To learn more about handing access token validation at the API layer, look into this sample walkthrough: https://github.com/Azure-Samples/ms-identity-python-on-behalf-of#about-the-code
https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-tokens
I wish to get a listing of all my posts as well as of any and all shares sent to me on my Google+ page, I want to do that from a python script that has no html or other front end.However I am confused as to how I can get access to the content.
According to the google developers site I can not get an OAuth token for google plus if there isn't a graphical front end,, but I just want to get to my own stuff and do a bit of parsing.
Surely there must be a way to do that?
There is a Github repo that can help you
Using the Google+ Sign-In button to get an OAuth 2.0 refresh token.
Exchanging the refresh token for an access token.
Making Google+ API requests with the access token, including getting
a list of people that the user has circled.
Disconnecting the app from the user's Google account and revoking
tokens.
I've looked lots of place but I can't find answer how can I implement it. My program is little sync app using Python Evernote API and *.txt file. I've used to auth for developer token and I need to auth for any user who uses to Evernote. I'm using interface as Tkinter and I need to g.e. "Log in with Evernote" button to going requests to Evernote and catching the callback url and including my program to
auth_token = "*****"
client = EvernoteClient(token=auth_token, sandbox=True)
The callback URL is for applications that utilize OAuth to obtain an access token to act on behalf of another user. OAuth is a separate authentication system from developer tokens which are for quickly accessing the API to test an application or to develop an application that only accesses your account; you cannot use developer tokens to access others accounts (its a violation of the API policy).
To access other's Evernote accounts, you need to use OAuth. First you must get a consumer key and consumer secret. The consumer key uniquely identifies your application and your consumer secret should never be shared but is used by your application to validate your use of your consumer key. You can get one here: https://dev.evernote.com/#apikey
For an example of how to use your consumer key and consumer secret to create an application that access the user's Evernote account see this small (~240 lines) example I created using the Python web framework Flask: https://github.com/matthewayne/evernote-giphy/blob/master/server.py
To learn how Evernote's OAuth work see Evernote authentication page: https://dev.evernote.com/doc/articles/authentication.php
The documentation google + domains api to create a post using the 'service' object, obtained here by this method. But in my project to authenticate via google and other sites I use the python social auth
and after authorization I have a ready access token.
The problem lies in the fact that I need a service object to work with api, but I can not figure out how to get it already having access token. Please help me and sorry for my english.
For the domains API, you typically will implement using a service account authorization flow - which is not retrieved in the same way as a user OAuth flow. This is because service accounts can be authorized for services that users typically should not be authorized for (e.g. retrieving domain-wide lists of user names).
The service account credentials, used to authorize your application, are created using the Google Developer Console and then are downloaded as a JSON or p12 file that is used to authenticate your Python client, as shown in this example.
That said, you still can do some actions with that access token which is why the auth flow you're seeing is doing this. Service credentials are how you should be authorizing for domains-related management features which may explain the behavior you're seeing.
I have an existing webapp, running in Python on App Engine, in which users can login through open-id using a Yahoo account. Now, once they're signed in, I'd like them to be able to access their Yahoo contacts, through OAuth. I'm working though the Yahoo Python SDK and am just stuck.
I have the consumer key, consumer secret, app ID, and the callback URL is the same page, the use leaves from. Going to the Yahoo login pages seems to work fine and the user comes back to my site with an auth_token and auth_verifier. What do I do with those? Which strings do I need to store for future requests? Is there good sample code anywhere for these kinds of requests? Thanks.
You should look for OpenID+Oauth Hybrid protocol.
OpenID+OAuth Hybrid protocol lets web developers combine an OpenID request with an OAuth authentication request.
This extension is useful for web developers who use both OpenID and OAuth, particularly in that it simplifies the process for users by requesting their approval once instead of twice.
The goal of OAuth is to acquire an
access token from Google, which can
then be used to exchange user-specific
data with a Google service (such as
calendar information or an address
book). The regular OAuth process is a
four-step sequence: (1) ask for a
"request" token, (2) ask for the token
to be authorized, which triggers user
approval, (3) exchange the authorized
request token for an "access" token,
and (4) use the access token to
interact with the user's Google
service data. For a more detailed
description, see OAuth for Web
Applications.
With OpenID+OAuth, this sequence
remains essentially the same. The
difference is that getting an
authorized OAuth request token (steps
1 and 2) is wrapped up in the OpenID
authentication request. In this way,
the user can approve login and service
access at the same time.
Here a demo and source code (php) of Hybrid protocol using Google.
Here and here the Yahoo documentation to combine an OpenID authentication request with the approval of an OAuth request token.