I am designing a new web application which requires an oAuth2 implementation. I've been reading up on oAuth2 Authorization Code flow with PKCE. That makes sense, it ensures that de client who is in...

I have an app deployed with docker, one of the microservices is a jboss/keycloak server. Everything works fine, but keycloak RSA public key need to be retrieved manually. Is it possible to retrieve...

I'm facing an issue with oauth2 proxy and Ingress Nginx (with the latest versions) in a Kubernetes cluster where the X-Auth-Request headers are not being passed through to the client during the sta...

Safari now can use web extensions. But browser.identity or chrome.identity is not supported. So launchWebAuthFlow is not working. In the docs they just say. identity Not supported. Initiate an OAu...

For my application, I want users to be able to sign in with their Azure Account (Single Sign On). I also need an access token to access the secured backend. So I can get both, the id_token and the ...

While implementing Azure OAuth flow I have used state parameter, Azure docs says about state param: A value included in the request that is also returned in the token response. It can be a string ...

I'm trying to understand how OAuth 2 works. I don't understand this thing: if Authorization Server and Resource Server are not the same system, as in this image: How the resource server can know...

I tried to create a testing client id for an android app which uses OAUTH 2.0 as login for retrieving user profile. I followed the steps to complete the creation of the client id on google console,...

I'm getting this error Error 400: redirect_uri_mismatch even after giving the proper redirect uri. You can check the images below for the reference. It works for my localhost but it shows this erro...

I was going through Keycloak cookies, and specifically on KC_RESTART. While reading on link : Keycloak Authentication flow found that KC_RESTART will be used to re-create authentication flow when b...

In our organization, we use our own custom Oauth2 provider (which does not have “.well-known/OpenID-configuration” discovery endpoint because it id not OIDC provider). We have a React single page a...

Looking for some AzureAD help with this error - "error": "invalid_request", "error_description": "AADSTS50146: This application is required to be configured with an application-specific signin...

Can an individual developer utilize Facebook OAuth for obtaining user emails? Is there a legitimate way to achieve this without business verification, i.e., without having a company? Based on e-mai...

I'm running bitnami's Keycloak image on my local. what I want to do is; use Keycloak REST APIs. but no matter how hard I try, I'm getting 401. I have done what's written in the doc. so this is a sc...

Can I use OAuth 2.0 without a browser (or an embedded browser in my app) to perform nightly uploads? Setup I have a refresh token and access token from provider console-- Google Drive API I wish ...

I was reading the documentation on the Auth0 site regarding Refresh Tokens and SPA, and they state that SPA's should not use Refresh Tokens as they cannot be securely stored in a browser, and inste...

In the UPS developer portal, I have created an application that has a Client Id and a Client Secret. Next, I want to obtain an OAuth token so I can use it to access their other APIs. I am creating ...

I am writing a script in python to authenticate to my Dynamics web api app and be able to perform operations (get/patch/post, etc). I am trying to authenticate via authorization code flow but am st...

In the Spring OAUTH library under org.springframework.security.oauth2.client.token.grant package we have grants for client, code, implicit and password. There are some extension grants like jwt-b...

I was reading article on JWT web token as an access token that is being sent to the user. Some of it mentions that the web token should be able to be decoded by the user. Does that mean it is bad p...

To my knowledge, in Google's authentication code flow it is required for the redirect_uri to be 'postmessage' instead of a URI. Could anyone explain what this value is specifically doing? My be...

Here is my current implementation with react-router-dom, oidc-client-ts, react-oidc-context with the keycloak authorization server With the following library versions "oidc-client-ts": &q...

Is it possible to use Android App Links, starting with https:// such as: https://my-app.com/callback to redirect back to my application from an Android WebView in the end of an OAuth2 flow? I know ...

I'm developing an Angular + Flask application that uses Microsoft's OAuth2 (On-Behalf-Of-User Flow). I'm trying to call an API from the backend, but I get an exception. Here is the configuration in...

I got some question about the OAuth2.0 process. I would like to achieve something like Stack Log with google account feature. I'm using the PHP library from Google. I'm ok retrieving the refresh ...