I would like to build a web service (RESTful JSON API) and I would like to secure my API with OAuth 1.0 or 2.0. I'm using Play2 with Scala and I cannot find examples on writing OAuth providers (not consumers) in Scala nor in Play2.
I believe the combination should be very familiar, suppose you are building an API like GitHub and you want to authorize certain applications and offer them CONSUMER_KEY, CONSUMER_SECRET to access your APIs. There must be an easy-to-use library to help you do that. Not to say that this should be baked into Play2.
Any ideas? libraries? tricks?
We built an OAuth 1.0 provider in Scala/Lift. Its coded for the Open Bank Project but should be pretty easy to extract for another Lift app.
Please See:
https://github.com/OpenBankProject/OpenBankProject-Server/wiki/OAuth-1.0-client---Server-connexion
By the way, we chose OAuth 1.0 rather than OAuth 2.0 because OAuth 2.0 is not really fixed yet.
cheers, Simon.
Related
I am using Play2 with scala. I am new in Play2 and scala. I need authentication and authorization in a project. So which is the best for me from following? And why?
Play2-Auth
SecureSocial
Deadbolt2
Is any one like a Spring security?
I need authorization based on a user role and also need social login like google+, facebook and twitter and also our own side login.
So please tell me the best solution for me. And also explain why it best?
Deadbolt2 is only an Authorization framework. Play2-Auth and SecureSocial both do Authentication and Authorization but their Authorization capabilities are much weaker than Deadbolt2. Play2-Auth does not have social login capabilities (that I know of). SecureSocial does.
I am using SecureSocial for the exact use case you are mentioning: social and local logins with role-based authorization. It works well for my purposes. I am using the current stable version (2.1.4 for Play 2.2.x) but be advised that the next version (that supports Play 2.3.x) is quite different and the upgrade procedure is painful. I have tried it once and have given up on it for the time being.
I am pretty new to Play framework. My intention is to create a web application which could allow the users to post to all his social networking accounts from my web app.
I saw a lot of modules (Like SecureSocial, Secure, fbConnect) that can provide me the authentication for the application, but I doubt they would allow me to post content.
Is there any module that could suit my needs? Is this idea possible atleast?
I am currently planning to use Play 2.2.0, but I see lot of modules are built for Play 1.x. Can I use the same module in Play 2.x as well?
This is a fairly common use case, I would recommend SecureSocial for what you are trying to achieve as it appears to be the most utilised Authentication library for Play.
Your basic flow would be:
Users on your site authenticate their various social networks using SS. Be sure to configure SS to request any extended permissions you require (in order to post on behalf of the user).
Most social APIs will return some kind of auth token, which can be persisted using SS. Note: you will need to implement a custom UserService for persistence.
When you want to post on behalf of a user, use the auth token that you have persisted, and hit the relevant social API. Make sure you have error handling in place to deal with expired tokens etc.
Hope this helps!
I need to build oAuth provider and started to do my homework around Facebook and Google, as they are the largest example there is I think. What I still don't understand, when a web site wants to use oAuth from Google or Facebook, does it have to apply their SDK or SDK is just to simple the hard work, but there is the way to do it your self from scratch? I asking this, because I wonder, if after my oAuth provide will be ready, I will have to create SDK as well.
No, you do not have to create any SDK for OAuth provider or clients. You can look at an google's playground for a sample end to end demonstration of OAuth2 flow.
Is it possible to use facebook authentification with WIF without using an acs/azure? Or this is absolutely necessary?
Yes, it's possible but you'll have to write a bit of code. There is a WIF extension that adds OAuth 2.0 support to the framework:
https://connect.microsoft.com/site1168/Downloads
Another option you might consider:
http://facebooknet.codeplex.com/
You can also write your own STS and add DotNetOpenAuth to it.
IdentityServer does something like this with OpenId in a (hidden) page. This was based on a post from Matias Woloski, updated here.
The Facebook Platform uses OAuth 2.0 for authentication and authorization. So when you try to build an authentication application for Facebook you are actually looking for a provided which supports Claim Based authentication. WIF does provide ASP.NET and WCF based framework for you to authenticate your application with Facebook through a claim based Identity Framework. (Windows Azure ACS simplify this process to bare minimum level and that is what you pay for.)
I am doing an iPhone app which requires OAuth 2.0 protocol to be implemented for the login of the user to a particular website. I have the client id and client secret which i got after registering my application on the website. I would like to know a few things about this.
I saw a number of links regarding this. But yet in my head I'm not very sure of whether i need to use OAuth classes or OAuth consumer classes?
Is authentication of the user possible in OAuth without sending the email id and password of the user in a query string?
Is is possible to load the website in a uiwebview and login to the website and get the user credentials for the further screen functionalities.
This is the first kind of such an app I'm developing. It would be great if someone could help me out so that i can know clearly how i should go about.
EDIT: if there any good tutorials for achieving Login to a website using OAuth please do share.
Thanks in advance
OAuth spec and documentations
OAuth 1.0 protocol: https://www.rfc-editor.org/rfc/rfc5849
OAuth 2.0 protocol: https://www.rfc-editor.org/rfc/rfc6749
http://oauth.net/documentation/getting-started/
http://hueniverse.com/oauth/
SDKs for OAuth on iOS
YToolkit (OAuth 1.0 & 2.0)
Source on GitHub
OAuthConsumer (OAuth 2.0)
Source on Google Code
Wiki
LROAuth2Client (OAuth 2.0)
Source on GitHub
Simple document
Demo project
MPOAuthConnection (OAuth 1.0)
Source on GitHub
Wiki
(Speaking of "a particular website", does it have official or third-party SDK for iOS? If yes then you don't need to implement OAuth authorization yourself.)
You can find a good tutorial on OAuth Tutorial.
This tutorial is a for MAC applications and uses Google OAuthCustomer library.
OAuthCustomer related readings and source codes can be find within the below URLs
Google OAuthCustomer
Sample Application
Make sure to remove non ARC stuff from the OAuthCustomer Library files for iOS applications