User authorization on a rest service via an access token

I have a mobile application (HTML 5, JavaScript) and a Restful service (Java, Jersey) to cater the mobile application. Mobile application sign in is handled via a Facebook (Sign in using Facebook account). And currently there is no any security mechanism integrated for the Restful service So my question is, can I authorize users on the Re...

Need advice on authentication for android client connecting to the WCF Rest setup

Basically I would like to connect to the WCF windows service from android with authentication. I am an android developer. I have tinkered with the WCF Rest service from this article also configured the https Now I need to think about the authentication process (to the username and password in the database) to the WCF service from android.

Can you get a public Facebook page's feed using Graph API without asking a user to allow?

I've never used Facebook's Graph API, or OAuth. I'm simply trying to get a public Facebook page's feed using the Graph API, but it requires an access token. I don't want to hassle the users to login and allow access to get their token. A Facebook app access token could be used to get a public feed, but I'm trying to do this entirely in Ja...

How to get user email with google access token?

I followed all these steps. https://developers.google.com/+/web/sign in/ I have client id and client secret. I got access token now, how can I get user profile and email with access token? And how to check whether user logged in or not?...

Trying to understand the OAuth2 flow

So, I'm implementing a Provider with OAuth2. I get the part where the client applies for a client_id and a client_secret. This uniquely identifies them to the provider. So, now that they have that, and they are going over SSL, why is an authorize token needed? And then, after that, why is an authorize code needed? Also, why a refresh toke...

sign in with oAuth, what should i store/use to identify the user?

im trying to implement a login with facebook/twitter functionality in my app, i read some guides on oAuth, and i think i understood some of the basic concept, and here is what i understood (please correct me if i'm wrong): myApp send request to the oAuth provider, get the (A)request token. send user to authenticate the (A), returns with (...

Authentication & Authorization in Openbravo community version through REST web service

I am unable to find a REST webservice way to Authenticate (Login) and know his roles (authorization). Although, Openbravo wiki says there is a way to login, but doesnt provide any other detail about its URL etc. Can anyone help in this regard? Thanks...

undefined method `user' for nil:NilClass

In my model email token i have def self.token_valid(token, type) return unless token.present? token = EmailToken.where("token = ? and verification_type = ? and confirmed = 'false' and created_at <= ?", token, type, EmailToken.expires).includes(:user).firs t user = token.user end And i call this method from my controller def confirm_pas...

Facebook PHP SDK 3.1.1 "Error validating access token" after Go to App page

I'm having some strange issues building an iframe app for Facebook. The app seems to get stuck in an infinite loop on the Go To App page. After the user authorizes the app in the Go To App page, and returns to the app, the /me api call throws the "Error validating access token" exception. I checked and there is a valid access token in the...

facebook chat using asmack on android with the new access token

I have a FB chat client developed for Android. I've been using facebook android-sdk to obtain the access token from a user. Using asmack, user was logged into the chat. Token was in the form: 226409362971500|3b29bc82baa7901a9baca042 .4-72793766|9eb417f06fc376897222938295a0 dd0c The code I used was: XMPPConnection xmpp = new XMPPConnection(c...

Getting Access Token from cookies to use with Facebook Graph API

Assuming I have a user logged in to Facebook (Cookies are saved in the browser's cache), what is the simplest way to get its access token? I'm experimenting with Facebook's Graph API, and I don't want to bother with creating an application in order to get access tokens (at least not now). If I remember correctly, a few days ago I went to...

Can a sniffer installed by user on his machine eaves drop on my application and reverse engineer it? (Fiddler 2 HTTPS Sniffing)

I have a web service and an application that connects to it. I do not expose the web service via any discovery protocol to the outside world. I have two security mechanisms: My software uses SSL and encrypts all messages using a public/private key mechansim. I use WCF WIF integration username/password authentication, so my application has...

redirect user based on Roles?

Hi I have problem on setting up the admin Module for Web app I had two roles on my System Admin and Tech If the go to admin module the system will see if he is admin or not If the user is not admin will be redirect him to page Sorry, you don t have access to this page ! I used Web.config to restrict access for sub directory Admin <?xml...

iOS keychain access on device based on Provisioning profile

I have written an iPad (iOS 5+) app that saves the GTM-Oauth library to save the oauth token to the keychain. Based on the existence of the auth token, I perform different actions in my view controller: //Fetch the auth token from keychain GTMOAuthAuthentication *auth = [self myCustomAuth]; //perform actions: if (auth) { BOOL didAuth =...

How to use custom authorization and authentication in asp.net MVC 3 without using Membership?

I am new in Mvc and I am struggling for last 4 days to find any good tutorial for custom authorization and authentication in asp.net MVC 3. Problem is:- We are having our own custom User Master table and also Custom Role Master Table. Now I want to know How can we authenticate a particular User from Login Page with our Existing Custom Use...

How to access to a shared resource with a windows service using local system user?

I need to access to a shared resource with a windows service using local system user. I have tryed with the class UserImpersonation (http://stackoverflow.com/questions/1192 631/open-a-shared-file-under-another-use r-and-domain), but it only works in debugging. When I install my service, I can't access to a shared folder. I have read about t...

Authorize request in ASP.NET Web API based on specific user

I followed this tutorial http://www.tugberkugurlu.com/archive/api -key-authorization-through-query-string- in-asp-net-web-api-authorizationfilterat tribute to create custom Authorization filter. I have CarController with my custom Authorize Attribute: [ApiKeyAuth("apiKey", typeof(ApiKeyAuthorizer))] I send two parameters in the url .. host/C...

Google OAuth2 Error 400 when exchanging for an Access Token

I am receiving a "400 Bad Request" error when using the following VBA code to exchange a valid Authorization token for an access token in the Google API. Can anyone shed light as to why, I have been struggling with this one for over a week. Dim http As MSXML2.XMLHTTP Dim sUrl As String Dim sUrlHeader As String Dim svarbody As String Set h...

CAS authentication for a glassfish 3.1 web app. What about authorization?

I'm trying to set up a web application based on glassfish 3.1 + JSF2. The authorization is performed using a CAS server installing the jasig cas client in the web app as suggested here: Configuring the JA-SIG CAS Client for Java in the web.xml and I'm able to catch the principal object inside an EJB when the user is authenticated. CAS pri...

How to access Google Analytics from BlackBerry?

I'm trying to access Google Analytics API from my BlackBerry's Mobile App (written in JavaScript) using Google's OAuth 2.0 procedure described here: https://developers.google.com/accounts/d ocs/OAuth2InstalledApp I have no problem with it's first step - "Forming the URL". I've registered my App as "installed application" in the Google APIs...

Is Facebook's OAuth 2.0 Authentication a strict implementation of the RFC?

I'm working to add FB sign-in to my website. In the process, I thought I might as well write a quick helper for OAuth 2.0 handshakes in general. In reading the OAuth RFC http://tools.ietf.org/html/draft-ietf-oa uth-v2-25#page-7 FB appears not to adhere to the standard. For example; In 4.1.1. Authorization Request, FB don't care for the req...

Authentication and authorization with Flatiron's Resourceful & Restful

I want to implement authentication and authorization in the Flatiron stack (using Flatiron, Resourceful and Restful). I want to require that a user has the necessary permissions, when trying to change a resource. In the Restful Readme file, there's a note about authorization There are several ways to provide security and authorization fo...

Retrieving notes of a Facebook page with an app access token

I have an app which retrieves events and photos from a facebook page and shows them on a website. Both the facebook page and the website belong to the same company, i.e. they're using their facebook page to manage events and photos they show on their website. Now the client would like the same arrangement for notes: Use the public notes o...

Java Web Application 2nd Level Security for Sensitive Pages

I'm building a web application which features buying and selling, mean i will have to collect the user credit card information. So i want the user to re authenticate himself to access the sensitive pages like change password, update/delete credit card etc. I'm using Struts, Springs and Hibernate I've worked out a little scheme here, but I...

How to make webservice pass errors through NSURLConnection's connection:didFailWithError:?

What does a web service need to do to cause NSURLConnection's delegate to receive the connection:didFailWithError: message? For example: iOS app passes a token to the web service, web service looks up the token, and then the web service needs to respond with an error saying "invalid token" or something of the like. Currently, the data is...

Exposing my API with OAuth and consuming it with an iPhone App

I've been playing with OAuth today and I implemented it on my API. So far I was consuming the services of my API with an iPhone app and I still want to do that but since I added OAuth it is getting harder to use it and I'm facing some problems. Here is what I have : Provider side A small page providing keys and secret keys to the consumer...

Facebook native Android API generates error for non-admin users

I wanted to obtain user access token for my application to access logged-in user's photos etc. I created a login button as given on facebook android SDK tutorials. I am able to get access token for my admin account which created this application on facebook. But when I login with any other account, it throws following exception: I don't...

Should I return a 401 or a 405 response code to a REST API user without sufficient access?

I'm developing an API which will also have an authentication/authorization component. Anybody, regardless of authentication status, will be able to write (POST), but depending on if you are unauthenticated, authenticated as a normal user or authenticated as an admin and what resource you are trying to access I'm going to return different...

Having problems accessing methods in WCF service from C# client

I have been working on a service that is to be used for authentication and to send and receive data for an android client and desktop client. The service is based off of a previous one that was created as a template for people who needed a service for authentication that uses SQL membership provider. So the project is split into 3. One is...

Is it possible to retrieve the description along with the statuscode when JSON parsing in iOS

In my iPhone application I am making some web service calls using JSON . In the return data i am getting a status code (200, 404 etc), along with that they are sending a message. Here is the result what I got in Rest client: Status Code: 401 Invalid Access token Cache-Control: private Connection: Keep-Alive, Proxy-Support Content-Length:...

How to configure Magento REST and oAuth settings

(This article is for Magento 1.7.0 and greater . Older Magento versions does not have implemented these features.) In my last article , I wrote about the REST and oAuth to explain the terms that are used in Magento admin area for Magento REST configuration. This article will show the steps necessary in order to be able to consume REST ser...

App Access Token can't retrive Test Users?

I can't get the list of my test users with my app access token. First I get the app access token with the following graph api call: https://graph.facebook.com/oauth/access_ token?client_id=APP_ID&client_secret =APP_SECRET&grant_type=client_creden tials which succeeds, I get an access token in the format APP_ID|SomeRandomChar...

About persisting DotNetOpenAuth 4.0 client tokens

I'm working on a OAuth2.0 client with DotNetOpenAuth 4.0.0 I have a question about the the page “SampleWcf2.aspx” under the OAuth 2.0 Client sample project. In this page, the property IAuthorizationState Authorization is remarked the following: /// <remarks> /// Because this is a sample, we simply store the authorization inf...

Single oauth token and secret to access multiple services from google

I am using oauth to access different services provided by google.I am able to generate token per service basis. But I want to generate single token to use multiple services from google. Can anyone tell me the solution for this?...

Fetch Event Of Google Calender Api.

I am working on Google Calender Api. I am able to retrieve all the events for a particular Calender Using it's Calender Id. but for that i have to type authorization url in browser and it will send me authorization code in Url .and by giving that token it will give me all the Events. But i dont want to do these manually. I want to send re...

Why is the scope parameter required in spring-security-oauth oauth 2.0 implemenetation

I'm implementing an OAuth 2.0 provider for my company's REST API using spring security oauth For some reason when using the Token endpoint spring security oauth mandates the client to send their desired scope as a request parameter (this happens in the ClientCredentialsChecker.validateScope method). As I understand the spec section abou...

How to enable hprof on the server side?

We have out Rest Service that is being deployed on one of our server here. The Container for that is Geronimo 3 . I have remote access to that machine where it is being deployed currently. And it's a Linux machine. Now I need to enable profiling on our Rest Service as I am making a lot of calls to our Rest Service. Problem Statement:- I...

can't access new database colum in code - MVC4

Im make a mechanism to reset password of a user by email. In the reset password request I create a random token, store it in the database for that user, and send an email with a reset link containing that token. I needed to add a column in my database for the token so I went into it with SSMS, and tried to add a column called PasswordRese...

redmine - web service authentication

I am working on Rails 2.3.5. In my redmine app I am providing web services for iphone. How to authenticate a user from iphone and after login how my rails app identify me as a logged user. Whether i need to provide any token after login and using token for further request for an API call. please suggest me the way to implement authenticat...

Facebook api. Active access token - Программирование Android

Пишу приложение facebook мессенджер. Нашёл на одном сайте пример входа в аккаунт и загрузки списка друзей. http://dajver.blogspot.com/2013/03/f...n droid_11.html Также в примере присутствует ещё одно активити - DetalsActivity , в нём я хотел реализовать запрос на вывод последних сообщений с выбранным пользователем, но в ответ в json прихо...