The oauth tag has no wiki summary.
0
votes
0answers
30 views
Problem with OAuth2 authentication process and session persistance
We're using node-oauth2-provider as an authentication library for our service. The current process for a user to log in is:
POST /oauth2/access_token
Which creates and saves the access_token to the ...
2
votes
2answers
115 views
OAuth alternative for a 2 party system
I'm writing a RESTful service (Java EE, Jersey) and a client application that communicates with it, and I wish to secure it and store any usernames & passwords dedicated in my own database.
I do ...
0
votes
0answers
32 views
Is it possible to share oAuth Session?
We are working on a project that includes a web server and a mobile application, we need to access the user's private data (facebook, twitter ...) from the web server by requesting from the user to ...
1
vote
0answers
50 views
How to bypass Oauth2 authentication when the client and resource owner is the same entity?
We are currently working on using an API provided by Mercado Libre which is a maket place for selling various goods.
Their APIs use OAuth 2.0 for authentication.
The problem is that OAuth 2.0 as ...
1
vote
0answers
44 views
Switching between Azure Mobile Services vs my own implementation. Will UIDs change?
I'm looking at Azure Mobile Services, particularly the Authentication part (which I believe relies exclusively on OAUTH 1 or 2).
I want to make sure that my application isn't tightly coupled to the ...
15
votes
4answers
542 views
How should I architect a RESTful webservice to use 3rd party (i.e. Google, Facebook, Twitter) for authentication?
For my job we have a nice RESTful webservice we've built out that we use to drive a couple websites we have. Basically the webservice lets you create and work with support tickets, and the website is ...
0
votes
1answer
173 views
Using oAuth as a complement to an existing authentication system?
I am hoping this is the correct stack exchange to be asking this, here goes.
I am building a new website whereby it implements its own custom login system. You simply register your username, email ...
0
votes
0answers
340 views
Connecting with OAuth, dealing with logout and browser sessions
I work on a open-source web application (Moodle) which connects to a number of external services such as Google Drive, Dropbox etc. to allow users to exchange files with these services.
Primarily we ...
5
votes
1answer
117 views
Does it make sense to implement OAuth for a 2 party system?
I'm under the impression that OAuth is for authentication between three parties. Does it make sense to implement OAuth in a context where there is just a client and server.
We have a server, and a ...
1
vote
1answer
877 views
GMail API for a small app (Rails? Javascript? PHP?)
I want to create an app that accesses the GMail API, but I'm finding that it isn't as simple as I thought it might be.
I'm hoping somebody in the community here might have some experience working ...
4
votes
1answer
416 views
How should I handle a redirect to an identity provider during a web api data request
Scenario
I have a single-page web app consisting purely of html, css, and javascript. After initial load and during use, it updates various views with data from one or more RESTful apis via ajax ...
6
votes
1answer
2k views
Performing client-side OAuth authorized Twitter API calls versus server side, how much of a difference is there in terms of performance?
I'm working on a Twitter application in Ruby on Rails. One of the biggest arguments that I have with other people on the project is the method of calling the Twitter API. Before, everything was done ...
3
votes
2answers
281 views
What's the benefit of Azure ACS if ASP.NET 4.5 includes OAuth and OpenID providers?
Azure ACS offers OAuth and OpenID providers, and now that ASP.NET 4.5 offers the same thing, without the added cost, is there any reason for a .NET developer to consider ACS?
(Disclaimer, I don't ...
0
votes
1answer
348 views
Should OAuth token be shared to implement SSO?
What's a commonly accepted way of implementing SSO using a third party OAuth provider?
I have a server with user resources associated with server's user ID, the user ID also has a Facebook user ID ...
4
votes
3answers
267 views
OAuth2 vs Public API
My understanding of OAuth (2.0) is that its a software stack and protocol to allow 2+ web apps to share information about a single end user. User A is a member of Site B and Site C; Site B wants to ...
4
votes
1answer
769 views
iOS and Server: OAuth strategy
I'm trying to working how to handle authentication when I have iOS clients accessing a Node.js server and want to use services such as Google, Facebook etc to provide basic authentication for my ...
2
votes
0answers
60 views
How can a client authorize us to collect their data from a service provider?
Our clients need to authorize our partners to release data to us. We can collect this data via a push/pull mechanism. Since our partners have never shared data before, they don't have OAuth ...
2
votes
2answers
1k views
Implementing oAuth 2 server
Do you have any pointers on how one should go about implementing the oAuth2 protocol itself? That is, the server side or the "provider" facet of OAuth2?
If you have tried to implement (a part of) ...
3
votes
1answer
536 views
Mask oAuth API key and token for pure client-side technologies
If I were to build a Twitter or Facebook application using pure client-side technologies like HTML and javascript, how would I mask/hide my API keys?
For example, for Twitter I have consumer key and ...
24
votes
4answers
4k views
How do I store the OAuth v1 consumer key and secret for an open source desktop Twitter client without revealing it to the user?
I want to make a thick-client, desktop, open source twitter client. I happen to be using .NET as my language and Twitterizer as my OAuth/Twitter wrapper, and my app will likely be released as open ...
4
votes
1answer
447 views
How to solve a general authentication problem for multiple applications?
At my current job (we're in a MS environment), we have multiple deployed web applications, both inter/intra net. The internal apps generally use an Active Diretory sign in, the forward facing sites ...
