Is it possible to authenticate with client service libraries via ClientLogin?
There are only OAuth2 examples in Google Code but it requires unneeded manipulations.
ClientLogin is deprecated and should not be used. It also doesn't work with newer APIs like the Tasks API.
Sorry but the answer is no. While it may seem more complicated at first, using OAuth 2.0 and NOT storing passwords yourself is ultimately a much simpler and safer solution.
https://developers.google.com/google-apps/tasks/auth
Jay
Related
I have an API REST made in node js, and now I'd like to implement some XACML policy. I have been searching and I found that I can use ALFA to make the XACML rules. But I need a PDP for applying the rules. What can I use / how can I implement it?
I have read about WSO2 Identity Server (which I think I can use as a PDP? I'm not sure). It is probably too much for a little project. Any other suggestions? Or is WSO2 IS adecuate?
The go-to open source implementation of XACML 3.0 nowadays is AuthZForce. In OSS, it's the most up-to-date. In the commercial realm, look into Axiomatics (where I worked). They have the most up-to-date PDP and are the authors of the standard.
Yes, you can use Wso2 Identity Server as your PDP. Once I had a requirement to secure a Spring Boot rest API through XACML[1]. Anyway, It would be much easier for you to use the Identity Server PDP than implementing one. You have easy beginner samples that you can try out for your use case.[2] There are tools in the identity server that you can use to create the XACML rules.
[1].https://medium.com/#buddhimau/role-based-authorization-for-spring-boot-using-wso2-identity-server-3d74ab307fb9
[2].https://medium.com/#gdrdabarera/how-entitlement-management-works-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-7a60940d040c
Adding to Buddhima Udaranga reply, If you think IS too much for a little project, then you can directly use balana, which is the entitlement engine used inside IS. You can refer to this for more details. But balana have only java API.
My project has plan to use SSO (maybe use Gluu or Auth0,...) and is also considering to apply GraphQL to our API.
On first look, it seem that these two should be easily compatible as they are working on different layers. But I still want to hear from someone experienced with both if there is any problems, considerations or guidelines when apply them to the project?
GraphQL has no opinion in how you Authenticate or Authorize users. So you can use any auth you like.
I am looking to build a Scalatra based API. One of the requirements is OAuth authentication. I noticed the guide for OAuth isn't yet put up on the official Scalatra site. Is the best way to currently add OAuth support by figuring out how to add an OAuth based strategy into Warden? I come from a Ruby on Rails based background, so new to a lot of Scala/Java conventions. There's probably several ways to tackle this but I'm hoping for any solution that's documented and can be referenced for implementation in my own application.
I am currently rewriting a Ruby/Sinatra app in Scala/Scalatra. I found the easiest way to add OAuth is to use Scribe (https://github.com/fernandezpablo85/scribe-java). There is a guide on using Scribe with Scala here:
https://github.com/earldouglas/nuevos#consuming-the-twitter-api-in-scala-with-scribe
Note that the exact implementation of the Twitter API is outdated. He made some minor updates to the code without actually updating the README (That confused me for some time.) I suggest you read the normal Java Scribe guide first, then take a look at the source code of the Scalatra example.
What are some web apps that allow me to play with any REST APIs visually (by clicking) and also get some code generated (in any language) that captures what I have described visually?
Similar to Swagger or Google API Playground but allows me to talk to anything that speaks REST (assuming I have the proper auth credentials and I know what messages it understands).
Bonus points for something that can also "discover" what messages are understood, given a URL endpoint.
Microsoft has 2 that I know of
OData API explorer
The data market service explorer (requires signing in, and then you can access free data sets)
Considering that REST API's are going to follow their own conventions, terms, and have their own documentation (hopefully), this is an impossible problem. If you restrict your quest to visualizing API's that follow a "standard" form of self-documentation (see REST web service WSDL? for some hopeful scenarios) you might be able to accomplish this.
Or you can use something like http://www.programmableweb.com/ to discover tutorials, tools, examples, and mashups of various existing APIs.
You could mock an API at http://apiary.io/.
You could explore and existing one through tools (e.g. REST Console for Chrome)
What you can't have, is one-size-fits-all explorer for "every possible REST API." Some APIs follow conventions that others don't.
apigee and apihub (now part of mulesoft) are two that I frequently visit. Of the two, apigee is my preferred provider.
One of the reasons that you're not going to see a lot of websites like this is because of the same-origin policy. This means that you can't access a RESTful API located at api.google.com from a web app running at, say, www.restfiddle.com without sending all the API traffic through restfiddle.com's servers. Sites like JSFiddle can exist (and are used widely) because all the processing is done on the client side.
Browser plugins, however, are exempt from the same-origin policy. If you're using Chrome, try Postman. If your REST client doesn't need to be web-based, check out SoapUI. IntelliJ IDEA has a nice REST client as well.
Try Restlet Studio, it's the only visual API designer I've found, and seems pretty good, it imports and exports swagger & RAML.
http://studio.restlet.com/
I'm using this library with my codeigniter rest service. Basically, I have a REST_controller, that is inherited, and checks for a valid token, using that library.
All I want is to provide an API to secure some of the API methods.
Now, I'm lost reading most of the specs for oauth2 and tutorials regarding that library.
Can anyone help me, proving good tutorials, examples and explanations on I can achieve, a simple login system and then, call user authenticated methods.
Thanks in advance
Just constructed a pictorial tutorial for OAuth2.0 specs. In case you may find this useful:
Tutorial : http://restful-fundamentals.blogspot.in/2013/04/oauth-20-introducation.html
Also adding a web app demo demostrating the different Authorisation Grants flows. It contains the path to the google code as well as some other tips.
http://restful-fundamentals.blogspot.in/2013/04/svn-repository-oauth20-spectifications.html
***Your comments at that blog may be useful to me to improve the contents there*
I did a demo using spring MVC and spring security you can find source code here