What I want is grant a specific auth key with specific chat rooms using the PubNub REST API.
Can that be done?
Related
We have a REST API built for our company products listing and user accounts. We want to expose this REST API for external clients so they can use integrate our API into their websites. We have the client domains registered in our database. We will be giving them a API key specific to each client for access to our API. The users from the external sites will be registered via our API using phone number and verification code. Can you please advice me on the Oauth 2 Grant type to be used for authentication in this case?
I have an API Service where users can manage ToDo's and I want to create a Bot to allow Signed Up users to create ToDos on their accounts using my Slack Bot.
The steps that I'm thinking of are:
My Bot will show the user a message asking him to authenticate
The API will send to the user's mobile phone a verification code
The user will write that code in the chat with my Bot
My bot will make an HTTP request to the API Service to validate that code
Then the API will authenticate the user and generate a JSON Web Token for that user.
The API will return this JWT to my Bot
And my bot will storage this token using Azure Blob Storage.
Now, when the user wants to create a ToDo, the steps should be the following:
The user enters something like "Pay bill tomorrow".
My bot will retrieve the user JWT from the Azure Blob Storage
Then my bot will make an HTTP request to the API service using this token
And the API can authenticate the user by checking the Token and create the ToDO.
By doing that, I'll be able to keep the user logged in for 1 year and the user can request the bot to create ToDos on their behalf without the need to authenticate again during this period.
However, I don't know if I'm missing some security issues in this process.
Is there a better way to do that?
thanks!
Here is the link to Bot-authentication that demonstrates how to integrate OAuth providers for user authenticated flows. Bot Service collects no customer data for service improvement.
i am able to fetch all the data based on my developer account's keys from tweepy api. But i am not sure how to dynamically authenticate a new user id with the help of twitter api and fetch information of that.
I have an API Management resource on Azure which uses an API running as a Kubernetes cluster.
I want to have OAuth2.0 authentication for clients/applications which connect to the API management URL. I do not want any user authentication, but only want clients which want to use the URL to send a client ID and client Secret.
How do I do this?
I could not find anything related to this in the documentation.
If you dont want user context to be involved, You must prepare client credential flow from Oauth2.0 which uses client id and client secret.
I am explaining using Azure AD.
1) Create Application in Azure AD and get client id and secret
(https://www.netiq.com/communities/cool-solutions/creating-application-client-id-client-secret-microsoft-azure-new-portal/)
2) Call token end point of Azure AD to get secured token
(https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service)
3) Pass this token to APIM using authorize or from any header
4) Validate JWT and check issuer,audience and application level scopes
(https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT)
No sure what exactly are you asking!
But here are two places where you will find a solution to your question:
How to secure your backend apis: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
API Management access restriction policies: https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies. More specific here check the Validate JWT (https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT)
I have som questions about the Spotify web api endpoint /v1/browse/new-releases.
I want to list new Spotify releases on my site for my users to see. I don't want any details from my users about their spotify account.
For my site i have created a application over at Spotify developer and i have a client ID, client Secret and a redirect uri.
Which of the three Authorization methods will best suite my needs?
Thanx
A
The Client Credentials oAuth flow is best suited since you don't need a user's permission to make requests to this endpoints. The other flows, Authorization Code flow and Implicit Grant flow, both require a user's permission to retrieve an access token.