What I am trying to do: Create protected Kitura endpoint and access it from iOS app, using App ID.
I managed to configure App ID on the Kitura server so that I can login and then access protected endpoint successfully.
I can login to the iOS demo app using same TenantId as Kitura server and get the tokens. That is, I can successfully login, but when I use raw auth token I can't access the protected endpoint on the server from the iOS app.
I have tried, using postman to set the header to:
Authorization = [sessionToken]
I have tried:
Authorization = Bearer [sessionToken]
I have tried this in the demo app after I get the tokens:
BMSClient.sharedInstance.initialize(bluemixRegion: AppID.REGION_UK)
BMSClient.sharedInstance.authorizationManager = AppIDAuthorizationManager(appid:AppID.sharedInstance)
var request:Request = Request(url: "<your protected resource url>")
request.send(completionHandler: {(response:Response?, error:Error?) in
//code handling the response here
})
hoping that maybe I set the token wrong in Postman and it will do the proper request.
But no matter what I do, every time I request the protected API from the iOS app, I get the login HTML in response.
What am I missing? Why can't I access private endpoint using iOS app session token?
Unfortunately, the current version of Server Swift SDK for the IBM Cloud App ID service does not support API Strategy.
That means that you can't protect individual REST APIs. You can protect Web applications only.
Related
I have a Web API developed with ASP.Net Core. I also have a client app developed with Next.js and it uses NextAuth.js to handle the authentication.
In the UI, when a user is authenticated, I have access to the access token from Facebook.
My question is how can I use this access token to authenticate the requests sent to the back-end API.
This is the back-end code used to register the Facebook authentication scheme (it is all standard):
builder.Services.AddAuthentication()
.AddFacebook(
facebookOptions =>
{
facebookOptions.AppId = "<my_app_id>";
facebookOptions.AppSecret = "<my_app_secret>";
});
I want to construct a Postman request that can authenticate my user using a specific access token but I do not know where to put this access token and whether this is possible at all.
Just sending the request like this (without any modifications) results in visualizing the Facebook login page.
Your Asp.NetCore project integrates Facebook login. After logging in, the token you get can only access protected resources in the current project, such as: [Authorize].
If you want to access Facebook's resources, you need to write your own code to get the token and then access the resources.
1. How to Get Facebook Access Token in a couple of minutes: 2020 guide
2. How to get current user access token from Facebook SDK in C#? Not the App access token
After you get facebook access_token, then you can access Facebook's resources.
We developed a hybrid mobile applicacion as front-end integrated with a backend, wich includes a Facebook OAuth service. With this setup social authentication, through the web browser, it works fine.
Now we would like to use the native Facebook app installed on the mobile device (instead of the web browser) to authenticate our users against or backend, but we don't find how to implement the auth process.
Our backend follows OAuth2 of type "Authorisation Code Grant" (https://alexbilbie.com/guide-to-oauth-2-grants/) and, therefore, expects a code and a status parameters in the Facebook response (just like the first described auth). But in mobile, the Facebook SDK doesn't return this paramenters, only an accessToken. Because of that, we can't implement the auth process in our backend.
Is it possible to perform the OAuth process using an accessToken instead of the autorization code? Maybe is it possible to obtain the code and status parameters from the accessToken parameter with Facebook API?
I have a website using ASP.NET Core, which uses MS Identity and external login from Facebook.
I have a Xamarin app that logs to this backend via login/password using Xamarin.Auth. I am wondering which is the best way to allow external login to Facebook from the app?
Should I create a separate Facebook app for Android or should I use the same as the website?
What would be the flow?
I am thinking of something like:
Using the Facebook sdk to log in
Pass the token to the server
Check from server side if the email exists or the FB user id exists
If yes check whether the app is registered using Facebook and if yes login
If no create an account
But until now I haven't stored the user's Facebook Id (only the email, that the user can also modify).
Xamarin.Auth is client library and currently has no server side implementations.
So, your server is Protected Resource and Facebook will be Authorisation Server. After you obtain your tokens (access_token and refresh_token) you would try to access Protected Resource presenting access_token as a credential. Protected Resource will perform token introspection (this could be separate service-server) which will decode the token, lookup username (mail) and check expiration of the token.
This is not specified in draft (RFC) so check how FB does token introspection.
Few links for more info:
How to validate an OAuth 2.0 access token for a resource server?
http://blog.api-security.org/2014/10/oauth-20-token-introspection-profile.html
https://www.quora.com/In-OAuth-2-0-how-do-resource-servers-assert-a-token-issued-by-an-authorization-server
https://connect2id.com/products/server/docs/api/token-introspection
https://leastprivilege.com/2015/12/27/oauth-2-0-token-introspection-middleware-for-asp-net-5/
I'm working on sample app for accessing Instagram api .I have created a client app in Instagram and got the client id and client secret.Now how to get the access token and store it for API requests.I'm new to ionic.Thanks in advance.
the url im using using : https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code.
hello everyone i am new bie in iphone development i want to connect to linkedin from my native iphone application i am currently having no idea how to connect to it please guide me how could i do that
From http://www.zhangkf.com/2010/06/linkedin-developer-network-oauth-authentication/:
Yes you can get connected with Linedin withyour Native Application by
following simple steps:
You get an API key from LinkedIn. This is also called a Consumer Key in OAuth terminology.
You build a feature into your site that leverages the user's LinkedIn network.
Your user clicks on your UI to request to use that feature.
You make a call to LinkedIn to ask to use our authentication. This is called getting a Request Token.
LinkedIn replies with an OAuth Token indicating that you can use the authentication system.
You send your user to a LinkedIn URL. That URL includes the OAuth Token you got and a few other parameters such as a URL for LinkedIn to
return the user to after granting access.
The user grants access to your application by signing into that page.
Upon successful signon, LinkedIn will return the user to your site.
You will then make a call to LinkedIn to get an Access Token.
LinkedIn replies with an Access Token for the user. You use that Access Token for any API calls to LinkedIn to identify the user on
whose behalf you are making the call.
Or
Download the Code from here,you could get it.Just Provide your API Key and Secrete Key
http://github.com/ResultsDirect/LinkedIn-iPhone
Or see this for details:
http://developer.linkedin.com/docs/DOC-1008
This sample is 100% complete and working, just add your app key.
Built with the latest XCode 4.01.
Uses a UIWebView so you have the option of customizing the browser UI.
Uses JSON instead of XML, which is the preferred best practice for most cases
OAuth is heavily documented so you know what's happening
Tested with iPhone 4, iPad 1, and the simulator on iOS 4.x.
http://lee.hdgreetings.com/2011/03/iphone-oauth.html