Right now, Microsoft striked on smtp authentification, so a simple combination user/password doesn't work.
A solution similar to gmail with user/application token seems difficult too as microsoft tokens are multiple and don't seem to allow a similar behavior.
Oauth 2 seems nice and all, but no proper tutorial can be found about its configuration for Microsoft so it is really hard to find the right token for the right place.
So what do you advice in this case ?
I managed to authenticate with Oauth2 (severals days of work to make it work), however once I activate the incoming or the outgoing, I have an Authenticate Error so I am pretty sure there are still some parameters lacking.
I was expecting a tutorial similar to this one for gmail :
https://docs.erpnext.com/docs/v13/user/manual/en/setting-up/email/email_account_setup_with_gmail
Oauth would be the best stable way to fix this, but right now any working method would be enough.
Related
I am looking into adding Google as an Identity Provider for a Single Signon Solution. The problem is that I would very much like to be informed if the Google user that authenticates has Two Factor Authentication enabled on their account or not.
This is where my googling skills failed me however, as I have found no real mentions of the Two Factor Authentication information being available as part of the authentication Token.
So my question is simply how I can discover if a user who either creates an account via the Google IDP, or simply links their account, has Two Factor Authentication enabled on their Google account?
It seems to be possible to do via the reporting API at a later date, but it would make much better sense for my usecase to somehow get the information in the OIDC token.
Thank you very much for any help you can provide.
Having spent a lot of time on google, i finally managed to find a result, which is another stackoverflow post (No surprise there).
In short, it does not seem to be possible, at least it wasn't in 2017. It was a considered feature but was not implemented. The post is here:
Google OAuth2 API. Check user has two factor authentication (Not GSuite)
I apologize to come before you with such a rudimentary question, but Google apps is giving me a hard time simply verifying the domain from which I want to make server side YouTube search API calls.
Google is insisting on using the DNS text verification method (even though it provides a link to alternate methods that are not recognized by Google apps). But my registrar (GoDaddy) is not my authoritative DNS provider. That honor goes to DynDNS. So, I'm not sure I can even use Google's automated tool to set up the TXT record. In fact, it makes me nervous that they want me to grant their app to make changes to the DNS at GoDaddy.
I'm assuming this is a requirement to make server side api calls and retrieve results. Can someone point me in the right direction? Either how to fulfill the TXT record requirement under this scenario, or how to force Google Apps to accept an alternate verification method?
Thanks
Paul G
If Godaddy isn't managing your DNS, you won't be able to follow the automated flow in the Admin console. You're going to need to manually create the record with DynDNS to accomplish this.
Your host doesn't have specific steps on Google Support site (here) so you'll need to follow the generic one. Support for your host should be able to help but you can also contact Google Support via the Support section in your Admin console.
I've been trying to use Google's OAuth for authentication on a Catalyst app. I've tried using CatalystX::OAuth2 and Catalyst::Authentication::Credential::OAuth but it seems I get stuck on configuration.
I'd like to get it working on Google and then proceed to Facebook
Any good advice out there? I've googled to death, but there doesn't seem to be a lot out there.
I realise this question is almost 2 years old but just in case it helps anyone else, here is some information obtained from a couple of weeks of testing and debugging. I've also published a test oauth2 client project using CatalystX::OAuth2 at https://github.com/simonamor/oauth2-client - it sort of works with Google although I've not done anything with the token yet such as fetching user profile information and the 'protected' page is broken currently. It might be enough to point you in the right direction though.
There seemed to be a problem with CatalystX::OAuth2 in that it didn't send a scope value, nor could I find a way to make it send one and yet Google's API requires one. Not all providers have this requirement so work ok. Having made a slight alteration to a local copy of CatalystX::OAuth2, I managed to get it to authenticate via Google. The (minor) changes are in a fork of this module, also in my github account.
Visit the Google developers console and create the OAuth2 credentials to use. You'll need them below.
To my oauth2client.yml (from the github project referenced above) I added the following:
Plugin::Authentication:
default:
credential:
grant_uri: [provided by google, ends]/o/oauth2/v2/auth
token_uri: [provided by google, ends]/oauth2/v4/token
client_id: [issued by google]
client_secret: [issued by google]
scope: [provided by google, ends]/auth/userinfo.profile
I don't have a reputation high enough to post more than two links so apologies for missing out parts of the urls above!
This was the only real configuration I needed to setup. By modifying the credential settings I've also used it successfully with dropbox.com as well.
I'm still working on the OAuth2 server side of things and those are the default config within the project which is why you need to add an extra section for Google.
if you provided some info, like where you are stuck and why, I might be able to help.
The cpan has an example config. If you are not using a config file, you can also add it in your Catalyst app, though I would recommend using a config file, there just paste in the example with the data you need specifically.
In my current work, I have to develop an intern REST API engine.
I have read the Roy Fielding thesis, documented myself, and I finally got something that works great easy to use, with high performance, corresponding to the Fielding REST spec.
There is only one point that I dont really know how to overcome : the security problem.
Again, I documented myself, and I wanted to use OAuth2.0 in my engine.
The problem is that I dont understand nothing at all how to use this protocol.
I dont understand how the consumer can connect himself and be recognized by the server.
I dont understand if I have to provide API key to my consumer(like Facebook, Twitter and Google make it) or if a token will automatically be generated if I send a login / password to the server
I dont know if I have to create my own OAuth2.0 server that provides keys, or if OAuth2.0 libraries are sufficient to provide security.
In fact, I dont understand nothing at all with OAuth2.0, and I need to learn. The problem is, every documentation that I try to read is like chinese, I didn't find an easy one, step by step that will help me with this.
That's why I post here, can you help me understanding a bit more OAuth2.0 and the secured authentication for API ?
I willingly didn't speak about the technologies, because I want to understand OAuth2.0 before applying it technically.
Thanks for all
The main problem with OAuth (both versions) is that you'll see a lot of talk about the three legged version. That is when you have user, a data-providing service and a consuming service, let's say a service that will create physical copies of your flickr photos. In this case the OAuth flow allows the user to tell flickr that the third party can access their data. This is not the scenario you are after, you are interested in 2-legged OAuth, see here for a description.
Of course you could look at other methods too. I've used HAWK in a number of REST/Hypermedia APIs and found it to be great to use in both nodejs and .NET server stacks.
Thank you for your answer, I studied a bit more OAUth2 en tried to implement it with 3 stragery : basic, clientPassword, bearer.
I created a new thread for an other problem, if you want to take part of it :
OAuth2 server creation with nodejs
Jeff Atwood argues that we should stop asking users to register on our websites because we should rather use their "internet driver's license -- that is, [their] existing Twitter, Facebook, Google, or OpenID credentials" for authenticating them.
While I am beginning to think that he may be right, I could not yet decide and I am looking for arguments against letting foreign sites gain control over personal web pages.
Do you see any dangers of authenticating users like this?
if you want a more in depth response based from someone who has dealt with this technology before, you should listen to the recent .NET Rocks with Rob Connery which was precisely about this topic.
http://www.dotnetrocks.com/default.aspx?showNum=626
After listening to it I decided to NOT use OpenID on my site.
Here is the link to Rob's blog post on the subject:
http://blog.wekeroad.com/thoughts/open-id-is-a-party-that-happened
Here are a number of reasons why not, although each comes with caveats:
If you only authenticate with one external service, anyone who doesn't use that service cannot use yours.
If your external authentication service goes down, users won't be able to use yours until theirs comes back up; similarly, slowdowns in their authentication server will also affect you.
Requiring users to authenticate with another service requires them to accept that service's EULA, which may be a turnoff for some; similarly, it ties you morally to whatever decisions your authenticating service makes. In particular it can make you appear to be a satellite, spinoff or affiliate of the auth site, since users have to see their logo every time they try to use your service.
The external auth domain gets a perfect snapshot of your viewership, giving them a lot of insight into what your company is doing. Since their analytical tools and staff are generally top-notch, they may conceivably know more about your user base than you do.
The major way to avoid this problem is to allow people to use the service of their choice, instead of a single service. If you are limited to developing one, for development time constraints, using OpenID is the best bet because many other authentication domains also qualify as OpenIDs, and therefore ameliorates most of the above problems.
I think using IDs from any of these big names are ok as long as you don't provide service that needs an endpoint like email, IM etc.
However, OpenID is just not trust-worthy. If you have any doubts, try this OpenID
http://opennoid.appspot.com/anyid
This is a disposable ID that doesn't require a password to login.