I hope not to be duplicating any question, and also not to be asking something too basic.
I´m building a web app in ReactJS, just to get familiar with the framework. I planned to grant access to users using a Facebook login, which I already have working with react-facebook-login. I also have a Spring Boot Rest API, to serve the front-end. But I want to allow access to part of my API just to authenticated users, using the Facebook access token. So in my back-end, I had to do an org.springframework.boot downgrade from 2.0.4.RELEASE to 1.5.10.RELEASE so I can use the Facebook Graph API. Do you guys think this is ok? or should I use a different approach?
And to be honest I´m a little confused on how to achieve a correct validation of the user's request on the restricted areas of my REST API using the access token sent from the front-end, Do you guys have any suggestions on this matter?
Thank you all for your help.
I'm developing an ASP.NET Web API. The authentication used in this API does not use OWIN, and I need to make a method that authenticates a user by using their Facebook account.
I only find examples on how to do this by using OWIN and OAuth. Is there another way to do this?
Can someone post some link or explanation about this case?
Thanks in advance!
Am new to RestfulServices. I wrote a restful webservice (Jersey).
But am not able to implement security on those serives.
Please share me how to provide security with OAUTH (Tutorial URLs or steps to follow).
Thanks in advance......
I have seen the following in a few different apps so it seems like some kind of public api. Anyone where I can find the code for this? Specifcally the twitter login that appears in the popover:
I think your understanding of OAuth needs to be better… OAuth is a way for users to sign into a service without revealing the credentials to the application. The interface you are seeing is Twitter's OAuth endpoint. I suggest looking into the twitter API for integration help.
If you would like to program your own interface for collecting the users credential, use XAuth instead.
Firstly I understand OpenId is for authentication and OAuth is for authorisation and unlike other questions on the site I am not asking which should be used for which but whether anyone can advise a solution for my issue.
I want to allow users to login to my site via their LinkedIn/Twitter/Facebook account once logged in say via LinkedIn they could also then authorise their Twitter and Facebook account as a optional login method. This would allow the user to authenticate via any of the three but end up with their user account on my site as the end result.
I also want to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates.
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
Any ideas or issues to this issue?
If you are using ASP.NET MVC, DotNetOpenAuth is an excellent solution for supporting OpenID/OAuth sites. StackOverflow is using it, and they are quite picky for the code they use in the site.
The integration if OpenID with DotNetOpenAuth is quite straightforward. I have not tried OAuth, but I don't expect it to be of any less quality.
Unfortunately, Facebook does not support OpenID/OAuth, so you need to use a different solution for it. The one I use is Clarity Consulting's Facebook Developer Toolkit. It works, although I do have certain complaints about the quality of the code; unfortunately I haven't found anything better yet. (Note: If anyone knows a better alternative, by all means let me know)
The basic integration of Facebook Connect with the Facebook Developer Toolkit is also relatively straightforward. However, their object model is somewhat messed up, due to their attempt to stay as close to the Facebook APIs, so the HTTP API patterns are bleeding through a lot. Still, it does the work.
Update: Now that Facebook announced that they'll be supporting OAuth 2.0, DotNetOpenAuth might turn out to be the best solution.
Have you looked into RPX?
https://rpxnow.com/
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
I'm afraid you'll have to connect the user's account to each of the 3 services individually. What platform are you using to build your app? If it's Ruby, then a gem like OmniAuth looks promising.