Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I am currently developing an application that will have a regular web interface but also a RESTful API that will be used mostly on mobile phone apps. I am using the Rails OAuth-plugin here, so my API supports OAuth 1 and 2. This works all fine so far.
The only problem I have is with testing the API. I have found some tools that I can use to make requests to my API like RESTConsole for Chrome or RESTed and they all can test OAuth, but they don't provide an API themselves that I can use as the callback service. When I register an OAuth client in my application I have to enter some fake callback URL, do the authorization process and then get the OAuth token from the database and insert it into the console manually. Especially when testing the revocation of tokens this gets pretty cumberome.
Does anybody know of any test clients that can totally automate the testing process? That means that the test cleint includes some sort of callable endpoint that I can use as the callback URL for my app...
Thanks for your help in advance. I've been searching the internet for quite some time now and this is my last resort before starting to develop my own.
I will be going to accept Jon's answer, although I am not very pleased with the solution ... Whoever is interested, I'm going to roll my own little test client. If anybody is interested: https://github.com/klaustopher/knole
Apigee offers a free API Console that supports a large number of authorization schemes, including OAuth 1. Not sure if it supports 2-legged OAuth, but you can definitely define a callback within their service.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
We are developing few micro-services using spring boot.These Rest API's will be consumed by mobile application. What is the best and recommended ways to secure these API's for mobile application using the spring boot framework itself. I'am not experienced with securing the api's for mobile applications.
Your advice's are highly appreciated here.
Need to consider these areas.
How to generate tokens
How to store token
How to refresh them and expire them.
When the mobile application should receive the token
Thank you
I suggest using ready-to-use solutions for Identity Management like an open-source Keycloak or paid providers like Auth0 instead of reimplementing the wheel of security on your own. There are simple Spring Security adapters for both named options.
The typical approach is to use OAuth2 with Authorization Code Grant Flow extended with PKCE (https://www.oauth.com/oauth2-servers/pkce/).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I am working on a PoC Project to verify blazor to be the right technology for our company internal web frontend applications. We have an internal identity provider (IdentityServer4 impl.) which I want to authenticate with. In the older projects where angular is being used, we use the javascript oidc client with implicit flow. As far as I understand OIDC, implicit flow should be perfectly fine for a blazor WebAssembly single page application. We have no dedicated server application for that particular frontend, just a few microservices where the frontend fetches data and therefore needs to provide an access token.
An OIDC client library or some example code (ideally both) would be really helpful.
Thanks!
I was in a situation where I needed an extendable library for Blazor WebAssembly supporting OpenID Connect (OIDC) with Proof Key for Code Exchange (PKCE). Therefore, I have created the open source ITfoxtec.Identity.BlazorWebAssembly.OpenidConnect library which is JavaScript free and pure .NET.
I would recommend you to give a try to Blazor.Auth0 (author here).
Blazor.Auth0 is a library for using the Authorization Code Grant with Proof Key for Code Exchange (PKCE) with Auth0's Universal Login in Blazor SPAs.
If you're not interested in adding/using a third-party service then at least the source code would help to drive you in the correct path.
I hope this helps :)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I want to learn about the WSO2 UserAdmin interface, but did not find the relevant document describes this part.
I can get UserAdmin.wsdl, but there is no explanation about the parameters.
Who knows is there a detailed description documentation about UserAdmin interface?
If you need the User Management functionality for WSO2 Carbon product. It is exposed through following two web services APIs in WSO2 carbon.
Remote User Management API: this is recommended to be used by external client applications.
UserAdmin service: this is mainly to be used by carbon UI client.
Therefore it is better to use the RemoteUserStoreManagerService service. It is available with the WSO2IS and also can be install with any other WSO2 product. RemoteUserStoreManagerService service contains simple API. You can even identify by looking at the WSDL. I do not think there is a public doc on this. But you can even try this service using SOAPUI tool. Therefore you can get much idea about the methods.
https://localhost:9443/services/RemoteUserStoreManagerService?wsdl
Also make sure that when accessing AdminServices of carbon from an external client, you need to first authenticate as the admin user. Basically you need to send admin user/password in basic authentication header
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
Something similar to API Gateway, which through the Management API enables the deployment of API bundles in it, so uploading the WADL file doesn't require going through the UI every time there's change for it and uploading the console becomes a cURL command away, which could also be even automated by deploying it via scripting languages.
Also, is there a way to create more than one console per account? So far, I've been only able to create only one Console ToGo one account per user under Apigee Edge.
We are working on supporting multiple Consoles per account. This should be available in next month's release.
As for an API to update the WADL, we have an undocumented API that is likely to change with next month's release. Short answer is that you should have an API as well in next month's release.
No -- there's only a web form and Authentication is handled using Apigee SSO cookies so you can't even really fake it with curl.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I currently created a native IOS application, and now I'm working on the grails backend.
I'm a little new to the API concept, so I'm looking for some some good tutorials which cover the following questions:
How does the authentication from an IOS application to an API works using JSON?
How can I push a post to the backend using JSON?
I understand how to write an API in grails which can sent a list of a.e. books, but in the mobile app, a user can define his own items (templates in this case). When the user uses his credentials on another phone, his items need to be transferred to the phone. I currently use spring security to authenticate users on the backend application
For implementing the rest API client in your IOS app i'll suggest you to look to this library.
The authentication method right for your app and your API is not a simple question and depends on what app do and how. The more standard way yo authenticate apps and with API is OAuth 2.0