I want api access token via my echo sign account's login credential, and I don't want to redirect to echo sign login page for authorization.
Is it possible to get the api access token without redirecting to echo sign login page?
Note: In echo sign api v2, access token could be accessed via login and password but in api v5, I couldn't found any such end point.
Thanks in advance!
EchoSign OAuth workflow, provided below is the industry standard way of issuing Access Tokens and Refresh tokens for users by an Application and hence the v5 version of API only supports this. The v2 tokens end-point was deprecated after v2 in favour of this. If you are writing an application that works with EchoSign, please use Oauth and v5 as the recommended authentication mechanism
https://secure.na1.echosign.com/public/static/oauthDoc.jsp
If you go to the echosign api https://secure.na1.echosign.com/public/docs/restapi/v5 and click OAUTH ACCESS TOKEN button in any of the Try it out opperations. It will auto-generate an oauth token which you can copy and use externally. Best way ive worked out so far.
Related
I have a nextjs application that uses anormal (email/ password) authentication to my backend, if user successfully register I add him to a User Table and then when logged in we send JWT access token that is saved in a cookie in the client side. and whenever user submit a request to the backend we submit the token with it .
I would like to give my user the option to register and login with their google account for simplicity. how can I integrate both ? knowing that even if he uses oauth I need backend to save user and send Accesstoken to front end.
I found this answer I think it provides an excellent solution but it is a bit old . is this is the way I should go , or is there a better pattern.
Is Jenkins has token mechanism to authorize Jenkins APIs without using username?
Thanks,
Srikanth.
Token without password supported since version 1.426
API token is new since 1.426
The API token is available in your personal configuration page
Specifying the real password is still supported after 1.426, but it is not recommended
I am building a REST API.
For registering a user, he needs to authenticate on Twitter.
Normally, I would use an Authorization code provided by an OAuth2 server but it seems like Twitter does not implement this type of authorization.
I don't want my mobile app to send the Twitter token to the API to register the user. I see this as a security flaw.
I checked OAuth echo (https://dev.twitter.com/oauth/echo) which seems okay. The user passes the credentials to my API, and my API checks the user against the twitter API. Twitter then returns a user object. It does not return a access token though.
Is it the only way to do this?
Thanks for your help.
Yes you are correct. Using OAuth Echo will use you as the third party for that individual without exposing your Access token/key and Credentials.
Just be aware that you're under a different rate limit from Twitter's API when you're going through that route. In some cases it's an increase in limit while it's a decrease in other.
I have built my own REST API with Symfony2. To query this API, user have to authenticate himself with OAuth protocol (three legs flow).
Now, I'm going to develop the front office based on a Angularjs app and I want to use my own Rest API from angularjs. What's the best way to login users to my api from the front office and fetch a token ?
I dont want users have to authorize my own app.
Does the three legs flow is really adapted for this case ? Maybe is better to support xauth authentication with a username/password login ?
Ok after some research, it seems that the most easy way to manage login/authentication between JS client and Symfony2 backend is to use password grant type (thanks #ricoux) which allows user to get a token with an username/password, like this:
http://host.com/oauth/v2/token?grant_type=password&username=Bat&password=test&client_id=clientidkey&client_secret=clientsecretkey
With fosoauthserverbundle, you need to set allowed grant type when you create your client:
$clientManager = $this->container->get('fos_oauth_server.client_manager.default');
$client = $clientManager->createClient();
$client->setName('ApiTest');
$client->setRedirectUris(array('URL' => 'http://callbackurl.com'));
$client->setAllowedGrantTypes(array('token', 'authorization_code', 'password'));
I try to do exactly the same thing : REST API with symfony2 and a javascript client with angularjs...
As Nisam said, FOSOAuthServerBundle is the best bundle to integrate OAuth2 authorization server in your symfony2 app.
I your case, if you don't want users have to authorise your own app, maybe a client with password grant type is the solution. In theory the password grant type can be used to exchange a username and password for an access token directly, but I never experiment it with FOSUserBundle, and I find no example in the doc.
When you ready to use third party bundles, FOSOAuthServerBundle is one of the best solution
Is there a way to pass login credentials from code instead of entering credentials everytime in the popup for login authorization?
You dont require login credentials every time for authorization,you'll get an access token and access secret upon successfull authorization by OAuth,use the later for further calls to the API.Oauth protocol works this way.
I guess Magento is using OAuth 1.0/1.0a,so everytime you'll authorize a user you get,
oauth_token - the Access Token that provides access to protected resources.
oauth_token_secret - the secret that is associated with the Access Token.
You will need to use OAUTH based authentication. Then pass the request token along with each request:
Refer: http://www.magentocommerce.com/api/rest/authentication/oauth_authentication.html