I need to build oAuth provider and started to do my homework around Facebook and Google, as they are the largest example there is I think. What I still don't understand, when a web site wants to use oAuth from Google or Facebook, does it have to apply their SDK or SDK is just to simple the hard work, but there is the way to do it your self from scratch? I asking this, because I wonder, if after my oAuth provide will be ready, I will have to create SDK as well.
No, you do not have to create any SDK for OAuth provider or clients. You can look at an google's playground for a sample end to end demonstration of OAuth2 flow.
Related
I am currently trying to implement OpenID Connect using Okta as my identity provider.
The only plugin I found that was capable of handling OpenID Connect was the Flutter AppAuth Plugin .
Unfortunately I was not able to use it with a Native Webview in order to have a seamless experience for the end user or more especially to not have any navbar cf. image below:
Anyone was able to implement this flow as a native Webview ?
I don't believe you'll be able to do this in a native Webview. OAuth and OIDC are designed so the application never knows about the user's credentials - the application just receives an ID token and access token. If you tried to embed Okta (or any OAuth flow) in a native login, the application could get at the user's credentials, and possibly harvest them. Popping a browser is a more secure way of doing things.
To add to Matt's answer, AppAuth is the standard pattern here, which involves use of special InApp / system browsers:
Chrome Custom Tabs
ASWebAuthenticationSession
My blog has some details on this. I always recommend people to start with AppAuth samples. A couple of posts:
AppAuth Setup with Private URI Schemes
Advanced Sample with Claimed HTTPS Schemes
I hope you can direct me with my query.
I wish to create my own authentication method for users in my Google Apps for Work account. Currently I am using built in Google Authentication, however I wish to build my own authentication method in PHP, Phyton or .NET; language doesn't matter really. So I want users to go to the page I will create, then they will need to pass authentication and be logged to Google Apps.
I know SSO is the way to do it but after my research I found very little about how to achieve it with Google Apps. I mean there is tones of third party platforms like OneLogin etc but I would like to have something I build myself. Ideally I would like to have some examples of SSO which works with GAFW so I could figure out the rest myself. I read somewhere that building own SSO portal it's not a piece of cake and also found an article that you can create something based on oAuth2.0 instead. So tried research about oAuth2.0 but all documentation I found is about authenticating to the application that I build using Google Apps Credentials, where I want the opposite; to be able to access Google Apps using the app that I build.
Hope someone could direct me to some examples or documentation or explain the process of learning curve to get my head around this project of building SSO for GAFW.
If you want to write your own Auth system and become the Identity Provider (IdP), you need to use SAML as that is the only supported method for now.
Here are the step by step instructions
I have one problem regarding OAuth integration in iPhone App.
Can anyone help me how to integrate OAuth 2.0 with facebook in iPhone ?
I have referred so many sites about OAuth but I haven't got satisfied answer yet. I referred this question of stackoverflow. There is one good option about ShareKit. But my client wants only OAuth 2.0.
I downloaded framework from google code. I integrated it in my application. But How to use it ? Without guidance I can't implement it in proper way.
I have got stuck between my application and 0Auth 2.0 since last 3 days. Please can anyone give me idea or demo project or any another tutorial ?
Rather than implement OAuth for Facebook, make use of the Facebook iOS SDK which makes handling Facebook Auth and Requests much easier. You can read about it and download it here... http://developers.facebook.com/ios/
I just done a research
This post will really help you
Also please look at the below posts
iphone-facebook-oauth2-graph-api
OAuth and Facebook iPhone SDK
The framework you mentioned in your post is not for OAuth 2, but for OAuth 1.0a.
You can try the OAuth2Client we developed for talking to the SoundCloud API. It's build against draft 10 of the spec. I'm not sure which one is used by Facebook. Unfortunately the spec is not final yet and over the years different services adopted different drafts of the spec.
If you're able to argue with your client I'd try to convince him to let you go with the official iOS SDK. This gives you many benefits like automatic token refresh, single sign on via the official app & much more.
I am doing an iPhone app which requires OAuth 2.0 protocol to be implemented for the login of the user to a particular website. I have the client id and client secret which i got after registering my application on the website. I would like to know a few things about this.
I saw a number of links regarding this. But yet in my head I'm not very sure of whether i need to use OAuth classes or OAuth consumer classes?
Is authentication of the user possible in OAuth without sending the email id and password of the user in a query string?
Is is possible to load the website in a uiwebview and login to the website and get the user credentials for the further screen functionalities.
This is the first kind of such an app I'm developing. It would be great if someone could help me out so that i can know clearly how i should go about.
EDIT: if there any good tutorials for achieving Login to a website using OAuth please do share.
Thanks in advance
OAuth spec and documentations
OAuth 1.0 protocol: https://www.rfc-editor.org/rfc/rfc5849
OAuth 2.0 protocol: https://www.rfc-editor.org/rfc/rfc6749
http://oauth.net/documentation/getting-started/
http://hueniverse.com/oauth/
SDKs for OAuth on iOS
YToolkit (OAuth 1.0 & 2.0)
Source on GitHub
OAuthConsumer (OAuth 2.0)
Source on Google Code
Wiki
LROAuth2Client (OAuth 2.0)
Source on GitHub
Simple document
Demo project
MPOAuthConnection (OAuth 1.0)
Source on GitHub
Wiki
(Speaking of "a particular website", does it have official or third-party SDK for iOS? If yes then you don't need to implement OAuth authorization yourself.)
You can find a good tutorial on OAuth Tutorial.
This tutorial is a for MAC applications and uses Google OAuthCustomer library.
OAuthCustomer related readings and source codes can be find within the below URLs
Google OAuthCustomer
Sample Application
Make sure to remove non ARC stuff from the OAuthCustomer Library files for iOS applications
I am creating a twitter application in iphone using oauth. But my application request for:
oauth_consumer_key,
oauth_signature_method,
oauth_signature,
oauth_timestamp,
oauth_nonce,
oauth_version,
oauth_callback,
Please anyone help me how to create all these keys for my application.
In my twitter account xauth is disabled by default. So, how can I enable it in my application?
It's highly unlikely you need to enable xAuth. The Twitter API documentation, specifically the authentication guide explain these parameters in more detail. Also have the OAuth 1.0 spec open to refer to, even if you're using a third party library- you will save your sanity if you understand the mechanics of the token exchange.
You'll need to read up about OAuth. All the fields are part of the standard. Twitter will give you the first one (oauth_consumer_key), and the version number is always 1.0. (Version 2.0 is not yet complete and Twitter doesn't use it.) The others you need to calculate. Or at least find an open source library that does it for you.
As for enabling xAuth, you need to send a message to Twitter. Sounds like they're getting more and more strict about which apps they allow, though.