The oauth tag has no wiki summary.
1
vote
0answers
81 views
Connecting with OAuth, dealing with logout and browser sessions
I work on a open-source web application (Moodle) which connects to a number of external services such as Google Drive, Dropbox etc. to allow users to exchange files with these services.
Primarily we ...
3
votes
1answer
71 views
Does it make sense to implement OAuth for a 2 party system?
I'm under the impression that OAuth is for authentication between three parties. Does it make sense to implement OAuth in a context where there is just a client and server.
We have a server, and a ...
0
votes
1answer
169 views
GMail API for a small app (Rails? Javascript? PHP?)
I want to create an app that accesses the GMail API, but I'm finding that it isn't as simple as I thought it might be.
I'm hoping somebody in the community here might have some experience working ...
4
votes
1answer
154 views
How should I handle a redirect to an identity provider during a web api data request
Scenario
I have a single-page web app consisting purely of html, css, and javascript. After initial load and during use, it updates various views with data from one or more RESTful apis via ajax ...
5
votes
1answer
1k views
Performing client-side OAuth authorized Twitter API calls versus server side, how much of a difference is there in terms of performance?
I'm working on a Twitter application in Ruby on Rails. One of the biggest arguments that I have with other people on the project is the method of calling the Twitter API. Before, everything was done ...
3
votes
2answers
220 views
What's the benefit of Azure ACS if ASP.NET 4.5 includes OAuth and OpenID providers?
Azure ACS offers OAuth and OpenID providers, and now that ASP.NET 4.5 offers the same thing, without the added cost, is there any reason for a .NET developer to consider ACS?
(Disclaimer, I don't ...
0
votes
1answer
188 views
Should OAuth token be shared to implement SSO?
What's a commonly accepted way of implementing SSO using a third party OAuth provider?
I have a server with user resources associated with server's user ID, the user ID also has a Facebook user ID ...
4
votes
3answers
220 views
OAuth2 vs Public API
My understanding of OAuth (2.0) is that its a software stack and protocol to allow 2+ web apps to share information about a single end user. User A is a member of Site B and Site C; Site B wants to ...
4
votes
1answer
549 views
iOS and Server: OAuth strategy
I'm trying to working how to handle authentication when I have iOS clients accessing a Node.js server and want to use services such as Google, Facebook etc to provide basic authentication for my ...
2
votes
0answers
43 views
How can a client authorize us to collect their data from a service provider?
Our clients need to authorize our partners to release data to us. We can collect this data via a push/pull mechanism. Since our partners have never shared data before, they don't have OAuth ...
2
votes
1answer
701 views
Implementing oAuth 2 server
Do you have any pointers on how one should go about implementing the oAuth2 protocol itself? That is, the server side or the "provider" facet of OAuth2?
If you have tried to implement (a part of) ...
3
votes
1answer
378 views
Mask oAuth API key and token for pure client-side technologies
If I were to build a Twitter or Facebook application using pure client-side technologies like HTML and javascript, how would I mask/hide my API keys?
For example, for Twitter I have consumer key and ...
21
votes
4answers
2k views
How do I store the OAuth v1 consumer key and secret for an open source desktop Twitter client without revealing it to the user?
I want to make a thick-client, desktop, open source twitter client. I happen to be using .NET as my language and Twitterizer as my OAuth/Twitter wrapper, and my app will likely be released as open ...
4
votes
2answers
397 views
How to solve a general authentication problem for multiple applications?
At my current job (we're in a MS environment), we have multiple deployed web applications, both inter/intra net. The internal apps generally use an Active Diretory sign in, the forward facing sites ...
