I'm building a system with OIDC and OAuth 2.0 (using Auth0), and I'm unsure how to properly use the id_token and access_token. Or rather, I'm confused about which roles to assign to the various ser...

I am receiving messages from firebase for notifications with APNs. In firebase, I have the certificate of APNs key, with the same id in the Xcode project in Firebase that is extracted from Apple De...

I am currently facing a very strange problem, indeed I've been following this very same guide (https://developers.google.com/google-apps/calendar/quickstart/php) from Google API documentation. I tr...

I wanted to generate Azure token from Postman for API authorization in my project. I am able to generate token using below API request but getting the below error message "Authorization denied for ...

In a Authorization Code Grant flow, once a public client such as a Single Page Application (SPA) obtains a OAuth 2.0 access token, where should the SPA keep it? Storing the access token in locale...

We store the access token in the database, it is a random string and is stored as it is, without encryption. Should it be encrypted? Are there some security risks?

I am trying to request access and refresh tokens from Google using oauth2, all I am getting is a "HTTP/1.1 400 Bad Request" error. I am using IdHTTP in Delphi XE5 with the IdSSLIOHandlerSocketOpen...

Is it necessary to store the personal access token somewhere locally on the machine after generating it in GitHub? If yes, is there any preferred way where it could be stored?

Following Taiseer Joudeh excellent article Enable OAuth Refresh Tokens in AngularJS App using ASP .NET Web API 2, and Owin (http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app...

In my react app i am using axios to perform the REST api requests. But it's unable to send the Authorization header with the request. Here is my code: tokenPayload() { let config = { headers: ...

I want to verify that all our get requests have a specific token in their authentication header. I can add this to our get endpoints: app.get('/events/country', function(req, res) { if (!req.hea...

I am trying to build a method which validates my tokens. I am retrieving my tokens from Azure Active Directory with Open Id Connect Authorization Code Flow. The tokens that I get are the access_tok...

I have a Facebook Page that I want to get some things from it. First thing are feeds and from what I read they are public (no need for access_token). But I want to also get the events... and they a...

I received an email saying GitHub will require token authentication after August 13 2021. I want to ensure I don't have an interruption of service (push/pull) after this date. So I logged into GitH...

Section 4.2 of the draft OAuth 2.0 protocol indicates that an authorization server can return both an access_token (which is used to authenticate oneself with a resource) as well as a refresh_token...

I'm referencing another SO post that discusses using refresh tokens with JWT. JWT (JSON Web Token) automatic prolongation of expiration I have an application with a very common architecture where m...

The problem I have a private repository that I am trying to add python-semantic-release to the GitHub Actions. When trying to increment the version number, I am getting the error that I don't have ...

I use the git integration with VSCode. I have my new token (obtained through the GitHub web interface). How do I put it in? The VSCode docs suggest the following: To execute the 'GitHub: Set Perso...

I have an Azure AD app and I am trying to add custom claims to a JWT. I'm using the claims mapping feature in Azure for my specific app, and updated the app manifest in the Azure Portal to include ...

I am trying to implement stateless authentication with JWT for my RESTful APIs. AFAIK, JWT is basically an encrypted string passed as HTTP headers during a REST call. But what if there's an eaves...

I create token using http://localhost:8080/auth/realms/{realm_name}/protocol/openid-connect/token endpoint. grant_type=client_credentials client-id: ------------ client-secret: 78296d38-cc82-4010-a...

I am using GitHub Actions. To access the self-hosted runners API needed admin:org scope aceess token I'm creating a personal access token with admin:org scope But with this token we can access all ...

I am designing a new web application which requires an oAuth2 implementation. I've been reading up on oAuth2 Authorization Code flow with PKCE. That makes sense, it ensures that de client who is in...

I am currently developing a REST-API which is HTTP-Basic protected for the development environment. As the real authentication is done via a token, I'm still trying to figure out, how to send two a...

I am doing example of Spring Boot Security with wso2is server from this post https://github.com/angel-git/wso2is-springoauth, when I am trying to access resource with access token I am getting ...