I read several post talking about some similar problems, but I don't get yet to do this to work. I'm doing ajax to "Account/ExternalLogin" which generates the ChallengeResult and starts the flow f...

I followed the tutorial in the readme of the omniauth-google-oauth2 gem and when I click the link on my root (@ pages#home), <%= link_to "Sign up with Google", user_google_oauth2_omniauth_author...

I have to build a .Net console application that runs on server side as a batch, and sends email to recipients using Office365 and MailKit. Our company has recently introduced MultiFactor Authentica...

When using Google's OpenIDConnect authentication system, it's possible to specify email or profile or both in the scope parameter. If you request the email scope, the "email" and "email_verified" c...

I am asking a question conceptually here as I am trying to understand the relationship between scopes and user roles in an OAuth2 based system. As I am implementing an API, I want to restrict acc...

I am trying to use OAuth authentication to get the Salesforce Authentication Token, so I referred wiki docs, but after getting authorization code, when I make a Post request with 5 required paramet...

OAuth 2.0 defines "state" parameter to be sent in request by client to prevent cross-site request attacks. Same is mentioned in OpenID spec for "nonce". Apart from the fact that "nonce" is returned...

I'm currently using Cognito User Pools, federated with Google as an identity provider, to handle user sign in for my web app. At the moment, I have only implemented Sign-In with Google. This is cur...

I am trying to athenticate to the gcloud sdk using : gcloud init. I get a URL I'm supposed to access in order to copy a token and return it to the CLI... but instead of a token, I get this error : ...

I have seen the Spring security docs.https://docs.spring.io/spring-security/site/docs/5.2.1.RELEASE/reference/htmlsingle/#oauth2 But I don't really know the different use-case between oauth2Login()...

I have a mobile app(react-native), a resource service(spring boot) and Keycloak Authenticatioin Service(Auth-Service). Client makes authentication directly with Auth-Service and gets the access to...

I'm using IdentityServer4 and trying to connect an MVC app up for authentication. I currently have things working by using the implicit flow, but I have run into the problem that my access tokens a...

I've been trying to use the API of the website Idealista (https://www.idealista.com/) to retrieve information of real estate data. Since I'm not familiarized with OAuth2 I haven't been able to ob...

I am trying to use the PKCE flow for the user authentication. After successful redirection by using the following pattern: https://twitter.com/i/oauth2/authorize?response_type=code&client_id=M1...

I'm using the identity API in my Chrome extension to authenticate users and prove to my backend who they are. This works fine for the most part, I use getAuthToken to get an OAuth access token that...

I am using firebase and its google auth tool , everything works fine the user data is getting saved in the database but i get a error every time the popup window appears (Cross-Origin-Opener-Policy...

I've been working with authentication providers and custom implementations of authentication at the application level, and I can't still wrap my head around these 2 concepts entirely. I understand ...

Section 4.2 of the draft OAuth 2.0 protocol indicates that an authorization server can return both an access_token (which is used to authenticate oneself with a resource) as well as a refresh_token...

I am following the official Microsoft instructions in Sign in with Linkedin (there are also the Linkedin instructions here), which also link here for the authorization code flow. As instructed, I h...

after trial and error it seems to me that Google OIDC does not support the code flow without supplying the client secret: https://developers.google.com/identity/protocols/oauth2/native-app#exchange...

I have the following Setup: A Single Page Application, which gets OAUTH2.0 Tokens from a Keycloak-Server. The application then makes API-Calls to a different server of mine, authorized with a valid...

Referred https://msdn.microsoft.com/en-us/office/office365/api/use-outlook-rest-api. Still I couldn't understand the AD, Outlook and windows live. I got refresh token and access token from https:...

I don't get what I'm doing wrong. I can't set token expiration time. <?php namespace App\Providers; class AuthServiceProvider extends ServiceProvider { public function boot() { $this->r...

I am trying to integrate google authentication in my ASP.NET Core 2.0 web api and I cannot figure out how to get it to work. I have this code in my Startup.cs ConfigureServices: services.AddIdent...

Background information: I have two different types of authentication happening in one single application in addition to some unsecured endpoints. Let's call these endpoints the following: /non-oau...