Dropbox currently supports oAuth1 and oAuth2.
I was looking for deadlines for oAuth1, but found none.
Are there any plans to discontinue oAuth1 on behalf of oAuth2? If so, what is the deadline?
We'll keep supporting OAuth 1 as long as we support v1 of the API. (And v1 is the current version.)
Related
I'm starting a brand new project (aka no legacy code) that will interact with github, and there's currently 2 supported APIs, the "rest" API is called "API V3" and the "GraphQL" API is called "API V4",
question is then, does the V4 API deprecate the V3 API? Should I strive to use the V4 API even if I think the V3 API seems easier to use? or should I just pick the API that seems like the best fit regardless of the API version number?
There are two stable versions of the GitHub API: the REST API v3 and the GraphQL API v4.
Looking at the https://developer.github.com/v3/versions/ - it is not. Only V1 and V2 are listed in the "deprecated" section - both are already dead since 2012.
I'm writing an app development guide and I'm struggling with a few things:
First of all there are currently 2 endpoints in AAD (v1 and v2), there are also 2 pathways of registering apps in the AAD portal (app registrations and app registrations preview). I can't seem to find confirmation that usage of the app registrations preview blade enforces usage of the v2 endpoint, can anyone confirm? Our users authenticate using WS-Federation which is currently not supported by the v2 endpoint which is why I want to avoid usage of v2 for now.
I'm also looking for the best method of allowing access to the Graph API through a service account with delegated permissions (for more granular scoping).
Anyone that can clarify?
Thanks
I can't seem to find confirmation that usage of the app registrations preview blade enforces usage of the v2 endpoint, can anyone confirm?
An app registered in either registration experience can be used with both the v1 and v2 endpoints. Some features can only be configured in the preview experience, though (e.g. support for Microsoft Accounts).
I need to add PayPal button on client's website. It is first time I am doing this and I asked for credentials he gave me API signature, API username and API password. I was checking lots of tutorials how to add PayPal button, they use sandbox/live Client ID and Secret. Can I use this API credentials instead?
I searched a lot but couldn't find an answer.
I am coding in CodeIgniter 3.
Thanks
Username, Password, and Signature are related to Classic API integration.
Client ID and Secret are related to the REST API integration.
Which one do you want to work with?
Or, the easiest option is to use PayPal Standard Payment Buttons, but that will also be the most limiting.
We actually have a PayPal CodeIgniter Library that you might be interested in. It was built for the Classic API.
The general PayPal PHP SDK that it's based on is now available with Composer, so I would recommend installing it that way.
We'll be releasing an update to that library before the end of the year that adds all of the REST APIs. It's available in the dev branch on GitHub already.
I'm trying to authenticate to Google Talk. The X-OAUTH2 mechanism, which uses OAuth2 tokens, is well documented. But what is X-GOOGLE-TOKEN and where is it documented?
Ah, found it. It's the deprecated ClientLogin API:
Important: ClientLogin has been officially deprecated as of April 20, 2012. It will continue to work as per our deprecation policy, but we encourage you to migrate to OAuth 2.0 as soon as possible.
Based on the question I asked here, but I wanted to get feedback from the stackoverflow community on this.
It seems from my tests using the twitter API with oauth that oauth_verifier check that should be done by the service provider (twitter) in step E of http://oauth.net/core/diagram.png is not being done by api.twitter.com; this happens whether the oauth_callback is oob or a regular callback url.
To test this on twitter is simple: just don't send the oauth_verifier parameter as part of step F for acquiring an access token.
This issue should be easy to reproduce, but if necessary I can post my test code.
The oauth_verifier was part of the solution to the session fixation threat, and was only introduced in the oauth 1.0a specification. Because of this twitter API may still not be forcing application developers to use it to avoid breaking backwards compatibility.
Is this correct? Or am I misinterpreting the oauth specification?
Does this also happen with other APIs that should be compliant with oauth1.0a? (LinkedIn etc..)
ps - This question is somewhat related but the issue no longer applies because twitter is returning the oauth_verifier for both types of callbacks (oob and regular callbacks).
I got a reply from the official twitter discussions:
Currently the API supports both the OAuth 1.0 and OAuth 1.0a authorization flows. We strongly encourage developers not using OAuth 1.0a to update their code as soon as possible.