I have som questions about the Spotify web api endpoint /v1/browse/new-releases.
I want to list new Spotify releases on my site for my users to see. I don't want any details from my users about their spotify account.
For my site i have created a application over at Spotify developer and i have a client ID, client Secret and a redirect uri.
Which of the three Authorization methods will best suite my needs?
Thanx
A
The Client Credentials oAuth flow is best suited since you don't need a user's permission to make requests to this endpoints. The other flows, Authorization Code flow and Implicit Grant flow, both require a user's permission to retrieve an access token.
Related
My chatbot with Microsofts Bot Framework is online and working. It has an API, which is sadly publicly accessible.
But it shouldnt! The API should be secured and only accessible for Microsoft Accounts of my Tenant.
But most of the time the API is accessed by scripts.
Whats the best way to secure?
What is comfortable?
Like other public APIs, your API (your bot) needs to implement some form of user auth in order to validate authorized requests and reject unauthorized requests. Take a look at this sample (the C# version is linked, but the repo has samples in other languages) to see how you can implement user auth using the Microsoft Graph API. In addition to auth, Graph will also allow you to get info about the user, such as their Tenant ID (assuming your user logs-in and grants your bot permission). You can then implement whatever access controls are appropriate for your scenario.
My company (C1) has DocuSign implementation feature set up with RestApi and we use oAuth to authenticate users with email and password to create and send envelopes. This functionality works perfect.
One of our clients said they have SSO enabled in their org and would like to SSO directly to DocuSign from my company page instead of providing password option. In our current implementation, users are prompted for email address first and then the password.
If clients have SSO enabled, I assume they go directly to Docusign but to get that functionality, is there anything I need to do regarding changing the existing workflow or implementation for RestAPI.
Do we need to obtain consent for our Client (who has SSO enabled)?
Thanks in advance
You don't need to do anything differently. These clients would be able to authenticate to your integration/app using SSO. If they are already autneticated, a cookie remembers it and they would automatically be redirected back to your app. The first time, the would have to give consent to your app to enable it to do things for them, but after that - smooth sailing, without any need to login or anything.
Feel free to let me know if you run into any issues. Otherwise, you'r good.
As Inbar says, if your application uses either the OAuth Authorization Code or OAuth Implicit grant flow, then your application will automatically support SSO once the user's DocuSign account has been set for SSO.
If your application uses the OAuth JWT grant, then SSO has no bearing on your application since your application is itself authenticating with DocuSign and impersonating a user.
And the above is why Authorization Code grant or Implicit grant is preferred over JWT grant whenever there's an option to not use JWT grant.
If you're using Legacy Header authentication, your application won't be able to authenticate as users who have SSO Login enforced. Until you're able to implement one of the OAuth workflows, users who need to use your API integration will need to have their Login Policy set to allow them to login with a password. More info on Login Policy is available here: https://support.docusign.com/en/articles/How-to-exclude-specific-users-from-SSO-requirements
We have a web application where we log users in with Google's auth2.
We also have crone jobs that are used to reply to certain emails through the gmail api.
Is the authorization for signing in and for gmail's api the same? If it is, how can we sign users out of the web app while still authorizing crone jobs?
If what you meant by signing is by using Google+ Sign-in, it says from this documentation:
Why use Google for authentication?
Providing OAuth 2.0 user authentication directly or using Google+
Sign-in reduces your development overhead. It also provides a trusted
and secure login system that's familiar to users, consistent across
devices, and removes the burden of users having to remember another
username and password.
Wherein Gmail uses the OAuth 2.0 protocol for authenticating a Google account and authorizing access to user data. This will be the same.
At a high level, all apps follow the same basic authorization pattern:
During development, register the application in the Google API Console.
When the app launches, request that the user grant access to data in their Google account.
If the user consents, your application requests and receives credentials to access the Gmail API.
Refresh the credentials (if necessary).
The difference is you will need to enable Gmail API for the credentials.
Here's the details for server-side authentication.
I'm creating a Xamarin.forms mobile app with Azure. I have enabled Authentication/Authorization in Azure to protect the APIs in Backend.
What I need is that to ask user to login with Facebook or Google and get some information of the user such as name, email and... and then save this data in a table as user information. I like to ask user just once for login and get the data and I don't need to keep the token provided by Facebook for example and refresh it always (which I red refreshing is not supported by Facebook), but also need to keep the user logged in and has access securely to Backend APIs. I am new in this and completely confused of using Azure AD, facebook and...
What is the best way to do that? I have followed this tutorial and now am able to login with Facebook.
Maybe what you are looking for is Azure AD B2C (Business to Customer), which will provide facilities to allow your customers to create an account for your app, but also login with Facebook (see here) or Google (see here).
Since Azure AD B2C implements OAuth2, integrating it in a Xamarin.Forms app by means of Xamarin.Auth should be possible (see here). Once you have acquired the OAuth2 token, you can include the token in the headers of your HTTP requests in the Authorization header with the Bearer type (see here)
Authorization: Bearer <token>
On the server side you can then validate the token. I have not used Xamarin.Auth with Json Web Tokens (JWT), but maybe you'll be able to retrieve a JWT with Xamarin.Auth, which you'll be able to validate on yourself. Otherwise, if Xamarin.Auth is restricted to access tokens, you might have to contact the authentication server to verify the token. If the token is verified successfully, you can grant the user access, otherwise, answer them with a 401.
I've read through every resource our there on the servicestack wiki, examples on github, forums and stackoverflow to figure out implementing facebook integration with a mobile app and servicestack backend. However, none of them have the answer or I'm missing something basic.
In our workflow, a user decides to Register on through the mobile app using Facebook:
We contact Facebook requesting permissions to the user's account
User grants permissions (let's not worry about denied for now)
We get a user access token and everything is good so far
Next, we want to access our ServiceStack backend (using the Facebook Auth Provider) to create an account and automatically log the user in the first time. The examples refer to the method where a web browser is used. What if I want to pass the user auth token from my mobile app to the server to fetch the user permissions and create an account if it doesn't exist and then log the user in?
The existing endpoint seems to work only for a browser app because it also does a redirect. We need a way to pass in the user auth token and log the user in (or create an account if it doesn't exist). Any idea how this can be accomplished?
To login via OAuth in Mobile Apps, you'd typically launch a browser control to have it redirect to the remote OAuth site where it gets the users permission and captures their credentials just as it would with a website.
If you're developing a Mobile App using Xamarin the TechStacksAuth shows an example on how you can use Xamarin.Auth control to authenticate with a ServiceStack back-end via OAuth.