I would like to add 2FA to my LinkedIn account, and use 1Password as my authenticator app, since they recently added 2FA support. However, LinkedIn provides a secret key, rather than a QR Code, which seems like the only way for 1Password to register 2FAs for any account.
Is there any way to convert the secret key LinkedIn generates into a QR code that 1Password accepts?
Related
I am trying to use Github Oauth App for authorization purpose. No Authentication, no sign in with github.
I would like a user (having an account on my app) to link their GitHub account to my app's account. I understand the github web flow. Let the user authorize Oauth app for the first time. Get the authorization code. Fetch an access token using the code. And use that token to do git operations on user's behalf.
Now the thing I am unsure about is, what if the user logs out of my app and logs back in again?
Not a good practise to ask them to link accounts for each login.
Should I automatically do the Oauth flow again and generate a new access token for each login? If that is, why does Github Oauth App have an access token that won't expire? And why does Oauth app store multiple tokens for the same user, same scope? Why not remove the previous token and store the new one only? Because of this move by Github, I believe this is not the correct way to go. I don't know.
Or, should I store their initial token in the database, and use the same token forever? Is that a good practise? And if that is, how do I verify the scopes initially defined for that token is still the same? I couldn't understand this bit, reading through the Github documentation.
I hope I was clear enough. I couldn't understand this account linking thing.
Facebook recently released a step-by-step documentation for using a GrapAPI to manage Instagram messages. To obtain the access token to use it, it's necessary to create an application in the developer center, enable login via Facebook and include the permissions "instagram_basic", "instagram_manage_messages" and "pages_manage_metadata" but to activate these options it's necessary to submit various information for approval as statement of how the integration works and descriptions of the usage flow. I don't have access to this information because I can't develop an integration without it being approved.
It's not possible to use the provided test user as the pages raised by him cannot be linked to Instagram accounts.
Tutorial followed: https://developers.facebook.com/docs/messenger-platform/instagram/get-started
Someone with some experience with the Facebook API could give me a light on how to obtain the token with access required and proceed the tests?
I have done the tutorial as well, I faced the same problem. To enable instagram_basic, instagram_manage_messages and pages_manage_metadata without app review you need to create a test-app. For test apps all permissions are granted without review.
Instructions on how to create a test-app
Another usefull tipp: If you are wondering why you need to implement facebook login to access the instagram messaging api, the logic is the following: You need to implement login to then use your own implementation to logg in your own account and obtain the page access key that will let you do api calls to the instagram messaging api. This process is obviously overkill and instagram is working on a way of getting that access token through the developer dashboard.
For now to obtain that access token you need:
implement facebook login as a simple html website and console log the response. Be sure to add the required permissions to the data-scope attribute of the facebook login button:
<div
class="fb-login-button"
data-scope="public_profile,email,instagram_basic,instagram_manage_messages,pages_manage_metadata,pages_messaging"
></div>
deploy to a website that has https enabled (logging in from
localhost will only work if you use a tunelling service like ngrok).
Open your website that has facebook login implemented and logg in with your facebook account that is also linked to the target instagram account and also is admin of your test-app.
get the access token from the response to call the other API endpoints.
I am trying to develop a Flutter app, with which users can login with their Square account credentials, and I can use OAuth2.0 to get their access token, and use it to make calls to the Square API.
I am confused with the whole flow: after the users sign in with their Square credentials, how do I get their client secret/ app id (which are required for the obtaintoken API call). To get the access token I need those, but there doesn't seem to be any functionality for that. Right now I am testing by hardcoding both in a .env file, but how to do it for an end user? I'm currently using FlutterAppAuth.
You would use your client secret and application id. The idea behind OAuth API in Square is that the Square merchant(s) you onboard do not need to worry about creating an application, so they actually wouldn't have these credentials at all.
Using the OAuth API, you will be able to generate an access token using ObtainToken with the code that you receive. The rest of the parameters are specific to your application.
You can see the full flow on the doc site here: https://developer.squareup.com/docs/oauth-api/how-oauth-works.
I want to allow users to sign up using either a user-pool identity (email + password) or a Facebook-federated identity.
But I also want them to be able to switch later on: either add Facebook federation if they didn't sign up using Facebook initially, or remove the Facebook link from their account if they initially signed up using Facebook.
Is this possible?
Thanks in advance!
Yes, it is. I'm assuming that Facebook is added directly to the Userpool as an IdP.
Splitting your query into 2 parts:
1. User signs up using username & password. Later, he wants to link his Facebook account
This is pretty easy. Give an option in your UI and use the AdminLinkProviderForUser API to link Facebook/Google account to the user. Now, when the user signs in using this Facebook/Google account next time, Cognito will treat it as the native user & generate token for the same. Of course, the Facebook info will be mentioned in the identities claim. If the user wants to remove this Facebook/Google link later, it is possible using the AdminDisableProviderForUser API call.
2. User signs up using Facebook
This is a bit tricky since Facebook login will automatically create a user in your Userpool with status EXTERNAL_PROVIDER (unlike native users who have CONFIRMED status). As the name suggests, this user can only be logged in using the relevant external provider - Facebook in this case. If the user wants to login using a username password, a new account will have to be created using SignUp API or AdminCreateUser API. Also, this account can not be linked to the previous Facebook account using AdminLinkProviderForUser because a pre-requisite is that no Facebook user with the same details (email etc.) should exist in the Userpool. But at this moment, we have an auto-created Facebook user with EXTERNAL_PROVIDER status.
So, in short, you would have to - create a new user using SignUp or AdminCreateUser API, delete the auto-created Facebook user & Finally link the Facebook account as mentioned in case 1.
Is there a way of passing username/ password to Google Apps IDP and get a response as to whether a username/ password pair is correct?
I know I can use OAuth for authorization and access user data but note that I want to check if his credentials itself are valid. OAuth for sure will not work for me. I need a way to directly query Google Apps' IDP particularly not to use it and access something else.
I wish to use this to customize the Google's standard login page itself. OAuth doesn't allow me to do that.
Short answer: no.
Google actively tries to prevent the scenario that you describe because it would mean that Google users hand over their Google credentials to your application, aka. phishing.
That precludes branding of the Google login pages as well since it would make it harder for users to verify that they actually type in their credentials on a login page provided by Google.
As said in the other answer, Google Signin with OpenID Connect (built on top of OAuth 2.0) is the standardized way to offer users login to your application with their Google account.
Google (Apps) accounts can be used as an OpenID identity provider. By implementing your app as as a relying party, you could authenticate your users based on their Google accounts. Much like stackoverlow Google login: http://code.google.com/googleapps/domain/sso/openid_reference_implementation.html
With SAML SSO, Google acts as a relying party. While its possible to use provisioning API and clientLogin, this is not supported and is possibly against Google Apps ToS.