I'm using OAuth2 that comes with MVC4 templates by default.
I use Facebook and Google+ authentication today and collect aditional info from them using the access token provided from the Standard OAuthWebSecurity.
Now I'm adding Linked In. When a user connects with Linked In I call different methods (under ExternalloginCallback Method in the Account Controller) depending on the provider.
The LinkedinClient returns the object DotNetOpenAuth.AspNet.AuthenticationResult with extra-data: accesstoken, name, headline and industry.
When I use the accesstoken to get more information about the user, LinkedIn returns "invalid accesstoken".
The accesstoken that is returned turnes out to be the Linked In Oauth User Token, and not the user specific token that I need to have to access more information about the loged in user.
Is there a way without writing a custom Oauth Client to retreive the correct token or does the Client make a call that does not receive the correct token?
So typically when I finally posted my question I found this Custom OAuth client in MVC4 / DotNetOpenAuth - missing access token secret answer which will solve my problem and it seems it would not be possible to intercept the other token in another way.
Related
I don't have much experience with CA sitemider so please bear with me, if I am asking silly question.
I am creating a excel add-in which uses win-forms for the interface. I have added a Web reference of a web-service which I need to call to perform operation. The web-service supports the SAML authentication. So my requirement is, I need to validation the user from the Active Directory using CA sitemider and get the token (like access token or auth token) and then pass it to the webservice.
I'm not sure how can I implement this? What should I do to get that token and also do I need to use the web browser control in winform to implement the siteminder authentication flow?
Check the System.IdentityModel namespace for this , you can implement via Windows Identity foundation. The namespace has validators for SAML1/2 tokens. To request a valid SAML token and pass it to your webservice you might need to configure an interface which can get you the token first.
How Siteminder sends the token is same as other Identity providers, the user has to be a valid user of IDP (Siteminder in this case), once the request goes to Siteminder, it shows its login page and once user logs in the server returns a SAML token (try using 'SAML parser' extension of firefox to see how the token looks when its returned). You can extract the token in your interface after request is sent back to your end from Siteminder, then validate it (if needed) and send it to your webservice.
I'm working on implementing ASP.NET C# Single Page Application + Web API with OWIN for Twitter.
So a quick summary:
The SPA client opens a popup window of the Web API that, via the OAuth/Owin-Twitter middleware, redirects the user to Twitter where he enters his username and password. Via back and forth of requests and responses, the Web API receives an authenticated access token from Twitter. The only reliable piece of data I have at this point is the access token.
So the question is:
Is there a way to verify an access token, that it was issued for such user and for such app/consumer?
After days of research, the only thing I have seen so far is:
GET account/verify_credentials
https://dev.twitter.com/rest/reference/get/account/verify_credentials
But thing is it requires a user context. I need a way that is workable with just an access token.
Any help would be greatly appreciated.
I'm implementing some WebApi to upload/convert/return videos.
Another developer will implement a PhoneGap application that will call my WebApi to upload/convert/show videos to users.
The PhoneGap application uses OpenId to allow users to login using google and facebook.
My problem is that I want to make sure the client that is calling my WebApi has been logged in on the PhoneGap app using google or facebook.
I know that all I need is the client to send me a token in the request header that I can "extract" on the web api to validate the user. My question is how can my WebApi know what is the token that has been generated by openId (google/fb) on the PhoneGap app?
Well I am also searching into this and what I have got so far i will share with you in following steps:-
1) Whenever user call my login page I will create the token in response header to make sure that request is coming from legitimate user. just like antiforgery token in mvc.
2) Then upon successful login i will create the authentication cookie and set the current user context value this will Authorize the user and generate another token as mentioned above.
3)Then after this i will use normal Authorise, Roles attribute provided by WEBApi.
Let me know what you think? I am more than happy to contribute.
Another approach is when user login create a hashed token and add it to response header and create custom attribute which grab that token and check it against the database. The problem with this approach is that you will be hammering ur database all the time.
I am developing a project where I need to send tweets from my web applications. These tweets must be send via my account instead of user's account. The OAuth library forces us to show log-in screen which is not required in this case. I am looking for a way to log-in to twitter via my username and password (we are not asking user to submit username and password) and tweet a user activity or something...
the OOB/Pincode method is not feasible as well as it requires human interaction by entering pin code...
It could achieve if twitter have support for old authentication method (I believe Twitter no more support old auth method) .... Does anyone have idea how can I achieve this by OAuth or anything else?
I believe you need to use Twitter XAuth for this. It will allow you to generate a non-expiring access token for your application using a username/password. Once you have this you can dispose the username/password and use the token to authenticate further requests to the API.
If you want to send the tweets from the same account as the one your application is registered with, I believe you can also just use the access token provided in your app settings page. The documentation is here. You can skip down to the part where you have the OAuth token and need to sign the request.
I've provided an example of how to authenticate against Twitter using oAuth and the application access token here.
I am totally lost finding the right API to create a sign up process like Foursquare. I am attaching a document of what I am trying to do. I have already tried OAuth, JavascriptSDK, Facebook.NET API from Codeplex and FacebookToolkit.NET from Microsoft. Nothing looks what I actually need. I think some one experienced can lean me towards where I should go straight.
https://docs.google.com/fileview?id=0B6mlBkccI34zNDNmMGMyNTYtMDY2NS00NmEwLTlkMjQtZjA5NmVmZDMzYzlj&hl=en&authkey=CNPH9LEL
Note: I am trying to achieve this via ASP.NET with C#.
Facebook Graph Api is the best.The url is http://developers.facebook.com/docs/api
The Graph API uses OAuth 2.0 for authorization. Check out the authentication guide for the details of Facebook's OAuth 2.0 implementation.
OAuth 2.0 is a simpler version of OAuth that leverages SSL for API communication instead of relying on complex URL signature schemes and token exchanges. At a high level, using OAuth 2.0 entails getting an access token for a Facebook user via a redirect to Facebook. After you obtain the access token for a user, you can perform authorized requests on behalf of that user by including the access token in your Graph API requests:
https://graph.facebook.com/220439?access_token=...
Check out the PHP example code or the Python example code on GitHub to see a complete example of obtaining an access token for the current user. The steps to obtain an access token are:
Register your application to get an app ID and secret. Your Facebook app ID is your client_id and your Facebook application secret is your client_secret.
Redirect the user to https://graph.facebook.com/oauth/authorize with your client_id and the redirect_uri. The redirect_uri parameter needs to begin with your app's URL. For instance, if your URL is http://www.example.com then your redirect URI could be http://www.example.com/oauth_redirect.
https://graph.facebook.com/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect
After the user authorizes your application, we redirect the user back to the redirect URI you specified with a verification string in the argument code, which can be exchanged for an oauth access token. Exchange it for an access token by fetching https://graph.facebook.com/oauth/access_token. Pass the exact same redirect_uri as in the previous step:
https://graph.facebook.com/oauth/access_token?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect&
client_secret=...&
code=...
Use the access token returned by the request above to make requests on behalf of the user:
https://graph.facebook.com/me?access_token=...
You are looking for the Facebook Connect API.
More info for the single login process can be found here
You could also leverage OpenID
Your document notes the Yelp signup process, which is very low friction and allows the user's information to be available to the website without having to go through Facebook's authentication process.
Yelp, Microsoft Docs, and Pandora are using a feature of Facebook called Instant Personalization. Instant Personalization is not available to developers as of yet and is only available to those three partners.
That being said, you likely would need to use the Facebook Login Button to allow the user to grant you access to their information (including their friends list).
As far as the process of getting a list of friends, use the graph call "me/friends"
I manage FaceSharp, a .NET open source project to help people get started with Facebook Development and will be adding functionality similar to what you are looking to do in the future, perhaps some of that code will help you in your efforts. It's under the MIT license, so take whatever you want.