I'm interested is it possible to generate a project with JHipster which has properties like OAuth2 refresh token?
Yes, just choose OAuth 2.0 for authentication type when creating your app.
Related
So I'm trying to implement a SPA on an Azure App Service and was asked to use MSAL.js 2.0 for PKCE. I'm reading the documentation but I'm confused about the built-in auth from the Azure side and applying custom authentication. Can Built-in Auth be used for login and not rely on MSAL.js 2.0 anymore? Or is it something you apply both, like a Built-in Auth with MSAL.js 2.0 on code?
I'm expected to apply MSAL.js 2.0 but they're also saying I should use Built-in Auth. We've applied the App Registration for Built-in Auth but it's an Implicit Grant so I'm thinking it will not satisfy the requirement of using PKCE. So I'm confused if it's 2 separate things that shouldn't be done together or if they are dependent on each other.
Can someone help to login to an application having Microsoft OAuth authentication using JMeter? I'm having trouble to identify the unique token that is being used in the login call. Is there a way to identify?
Which exactly OAuth?
As of now the following OAuth 2.0 and OpenID Connect protocols are implemented/supported:
OpenID Connect
OAuth 2.0 implicit grant flow
OAuth 2.0 auth code grant
OAuth 2.0 on-behalf-of flow
OAuth 2.0 client credentials grant
The instructions will differ depending on your application authentication flow and covering all of them with examples in a single answer.
The universal way would be using i.e. MSAL library from the JSR223 Test Elements using Groovy language in order to get the access token.
I'm new to OAuth and its app identity method. I use app identity to access an API using OAuth. I found a tutorial here.
In the source code, since both web application and API will be using AAD, why does it not have AADAuthenticationExtensions.cs and AADOptions.cs classes?
It is an asp.net sampe which uses ADAL library to obtain the access token. Here is the the client credential flows.
The AzureAdAuthenticationBuilderExtensions.cs and AzureAdOptions.cs apply to ASP.NET Core and you find the sample here.
Kinda new to this area of customizable sign-in/sign-up.
I'm currently planning to use social sing-in/sign-up in my Web API project, that handles backend process for my Web App and Desktop Client. I found it is easy to add a OpenID Connect provider to my Identity Provider, but am not sure how can I add OAuth2 provider. Is there a good example or tutorial on this topic?
Also, according to this and that post, it is recommended to use OAuth2 for native apps and OpenID Connect for Web API/Web Apps. Unfortunately the organization whose authentication I'd like to let customers use doesn't provide OpenID Connect. Is this still fine for my scenario?
This sample should be able to help you achieve what you are looking for. It uses the OAuth2.0 authorization code grant with confidential client and ADAL to obtain access tokens for the web app to call the Graph API with the user's identity.
This reference on authentication scenarios should also be useful to you.
The documentation (under "configure your SCIM test app") states that a bearer token is required.
Is this a never-expiring OAuth access token? Can OneLogin be configured to use a refresh token to obtain new refresh and access tokens?
OneLogin doesn't currently support refreshing access tokens for SCIM (but we're working on it) - Just the standard bearer tokens available either directly or via an OAuth authentication flow.
Currently, we've only seen one application that has this requirement (out of many, many dozens of SCIM implementations) so it hasn't been a priority for us.