When creating a token, I was anticipating it returning resource_owner, but I'm not seeing that. Any guidance on how I can get the user?
Returning of resource_owner is not implemented. We'll get the docs updated.
Related
Addlogin takes two parameters, first one being pretty straight forward. Second one takes "token provided by the identity provider".
I've been trying to use IdToken provided by google sign-in on Unity, but it doesn't seem to do anything. So I thought I should get access token with authcode provided, but if I figure out what token Addlogin takes, that wouldn't be necessary...
For anyone wondering or need clarification, I'll leave here what I found.
Addlogin takes id_token not access_token according to accepted answer in this question.
If I use JHipster + JWT and log in with wrong data for the first time, I get an error message (this is correct, of course). Unfortunately, I can't find where the authentication(user/password check) takes place.
The client calls'api/authenticate' and lands in the JWT filter. jwt does not yet exist here. And so it goes on in the chain.There are now 12 spring filters, but unfortunately I haven't found the check in any of them.
The'DomainUserDetailsService','UserJWT-Controller' are not called.
Question: Does anyone know where the authentication happens?
Thanks for the answer in advance
It's done in the AuthenticationManager which is built in SecurityConfiguration.java and uses DomainUserDetailsService
This is called when sending a POST to /api/authenticate which is handled by UserJWTController
I suppose you only looked at GET on /api/authenticate in AccountResource.java which is used only for checking that user is authenticated with a token.
I'm implementing the Socrata API to be able to parse publicly-available data from the City of Chicago open data set. I am really just concerned about the data itself, so I did not initially think that I would need to implement OAuth2 through an app exposed via ngrok to be able to GET the data.
My initial attempt was to take the GET requests mentioned in their documentation and try to get responses through Postman.
Here's an example of such an attempt:
I also added my Socrata App Token as a param in the querystring, but the same message was shown.
So I tell myself, ok, maybe they deprecated GET requests without making the client go through OAuth2. If they didn't deprecate these GET requests, I would prefer not to have to deal with OAuth2, but I began implementing the authentication process and everything went successfully until I got to the following instructions found here:
I have every single value that needs to be included in that POST request except for 'authorization_type'. Where does this come from? I tried leaving 'authorization_type' in as a string, but received a response similar to the 'Invalid username or password' message in the top image in this question.
Are you only accessing public datasets from Chicago's data portal? From your screenshot it looks like you're trying to access the Building Permits dataset, which is public.
Authentication is only required for modifying datasets or accessing private data, so chances are very good you don't even need to authenticate. Just include an application token with your request for throttling purposes.
Glad to help you figure out your OAuth workflow, but it sounds like it might be unnecessary.
I’ve a Flickr which I’m using to upload pictures from my phone and all images are public. On my blog I want to retrieve all the images to show and for that I’ve first tried to create an application to get my API key. I’m using the Flickr API flickr.people.getPublicPhotos. This API service is said to not require authentication and putting it all together I end up with this call:
http://api.flickr.com/services/rest/?method=flickr.people.getPublicPhotos&api_key=fc94274cd0335f3c171fe22c8490b7d9&user_id=5545356%40N04&extras=description%2Cdate_upload%2Cdate_taken%2Cowner_name%2Coriginal_format%2Ctags%2C+o_dims%2C+views%2C+media%2C+path_alias%2C+url_sq%2C+url_t%2C+url_s%2C+url_q%2C+url_m%2C+url_n%2C+url_z%2C+url_c%2C+url_l%2C+url_o&per_page=40&format=php_serial&api_sig=0c48e2b6b6d9a03521e5ca86a15cf471
The problem is that every around 10 hours I fails and returns the error message a:3:{s:4:"stat";s:4:"fail";s:4:"code";i:100;s:7:"message";s:31:"Invalid API Key (Key not found)";}
I tried to create the API call when logged in to Flickr and also with not logging in and in both cases I get the error message. It’s like the API key expires or stops working. Have a missed something on Flickr about the API key or what could cause this? It is really frustrating to renew the URL twice at day.
Thank you
Sincere
- Mestika
If I read the docs correctly, the &api_sig query string parameter is constructed using an authentication token, one that eventually expires. Remove that parameter (= do not sign your API request) and I think you'll be OK.
Mestika's comment seems correct. I was getting the same problem when using the API explorer. If you use your accounts API, or go in and create a new app, then use the API given for that, then the key doesn't change every few hours.
The url to request a key is:
http://www.flickr.com/services/apps/create/apply
I got the same problem.
This is how i solved it:
removed the auth_token and the api_sig parameters
replaced the api_key value with an app key
Hope this helps.
i met this issue before. with new api key, only accept https request.
Let's change your url to: https://api.flickr.com/services/rest/?method=flickr.people.getPublicPhotos&api_key.....
I am sure it will be work right know.
thanks
The logic looks circular to me(although I know I'm missing something)
I want to use this:
https://dev.twitter.com/docs/auth/pin-based-authorization
But in order to make the url to send the user to get the pin you need an "oauth_token" :
https://dev.twitter.com/docs/api/1/get/oauth/authorize
But to get the "oauth_token" you need a:
https://dev.twitter.com/docs/api/1/post/oauth/request_token
But that at the bottom shows it needs an "oauth_signature"
Well, an "oauth_signature" requires an "oauth_token"
( https://dev.twitter.com/docs/auth/creating-signature ) which you don't have, making impossible to get an "oauth_token" because you need one to get one.
What am I missing here? I mainly just want to find out how to get that initial url for the PIN-based authorization, so I need that first "oauth_token" somehow.
There are two different types of oauth tokens - let's call them request tokens and normal tokens. Request tokens are used for the authentication, then once the authentication is done you get normal oauth tokens.
Calling oauth/request_token will generate a request token for you, which is a temporary token used for the actual authentication. Once that's done you have the normal tokens.
set the callback URL both https://apps.twitter.com/ and in your code
. It is working for Me.
oauthCallback:#"myapp://twitter_access_tokens/"