How to get authorize and then get access token in Box API using Console or Library project in C#. I have tried authorize API but it returns HTML. I need only THE_AUTHORIZATION_CODE so that it can be passed into Token API for getting access_token.
Or can there be an enterprise access_token which is gotten through the web portal, just like developer token, but which never expires?
Today I discovered that Box is making available a new service called 'Box for Developers' that enables server-to-server token grants and does not require end-user authentication. It's currently in beta. Read more about it.
The BoxDevEditionHelper package provides an implementation of the server-to-server OAuth workflow.
Original Post
How to get authorize and then get access token in Box API using Console or Library project in C#.
OAuth2 requires the user to authenticate with the service in a browser or embedded browser window. There are no exceptions to this requirement.
Or can there be an enterprise access_token which is gotten through the web portal, just like developer token, but which never expires?
No. All Box access tokens expire after ~60 minutes. Access tokens granted through the standard OAuth workflow can be indefinitely refreshed, but the tokens granted through the developer portal do not follow this workflow and thus cannot be refreshed.
I have resolved it By using call oauth2/token API, which returns access_token and refresh_token. access_token will expire as mentioned by #Jonh in above post. But you can store refresh_token in persistence storage. When access_token expires you can get new access_token by using refresh_token by calling same token API.
Related
I'm coding a project composed by an SPA and an API.
On the SPA, I have a button to link Google or Microsoft accounts to the user's account.
The API can whenever it wants call google/microsoft apis.
I've succeeded with google using the Authorization code flow:
From the SPA redirecting the user to https://accounts.google.com/o/oauth2/v2/auth with query parameters response_type=code and access_type=offline
Send the returned code to the API
The API call https://oauth2.googleapis.com/token to get an access_token and a refresh_token
Tokens are saved in the database, and can be used whenever the API wants.
==============
Microsoft has a similar authorization flow (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow) but I can't use the authorization_code retrieved from an SPA into the API because of CORS policies.
I'm not using PKCE codes because tokens are retrieved from the API that use client_id and client_secret.
=============
Am I missing something ? Is it even possible to get an authorization_code from an SPA and use it to generate access_tokens and refresh_tokens from an external API ?
Thank you so much, sorry for my english !
In the SPA, many authorization servers and identity providers do not support CORS requests, in such case, your option is to use the Azure AD Implicit grant flow rather than the auth code flow, you can get the access token directly via the /authorize endpoint. This flow does not provide refresh tokens, so your app must be prepared to refresh these tokens periodically.
Reference - Microsoft identity platform and Implicit grant flow
I want to use DocuSign embedded signing to sign a document.
How can I get a access token to sign a document?
I manually get the access token, which is valid for 8 hour, but I want to generate access token in Node.js API. How can I get it?
I have tried the following:
doc1
doc2
If you are using User Application then you need to check Authorization Code Grant to learn how DocuSign using this type of Grant to generate AccessToken and RefreshToken.
In User Application flow, AccessToken is provided for 8 hours and once AccessToken expires then your App needs to use Refresh Token to generate new set of Access and Refresh Token.
But if you are using System Integration then you need to check JSON Web Token Grant to learn how DocuSign provides AccessToken using JWT.
In System Integration flow, it is assumed that an API user in your App behind the scene will call DS API, and there is no DocuSign User interaction to login after certain interval to provide access to your App to generate Access token on behalf of the logged in user once Refresh token expires. System Integration Flow will get one time consent, Obtaining Consent explains how to get Consent. Once consent in provided to the Integrator Key then Integrator Key via your app can generate AccessToken any time, and this AccessToken will be valid for 3600 seconds, once it expires then you create new JWT and call DocuSign OAUTH API to generate new AccessToken for next 3600 seconds.
Node JS_03 is an example showing how User Application flow works.
Node JS_01, check for dsJwtAuth.js is an example showing how System Integration flow works using JWT.
finally i got my answer from this article
This article explains how to obtain and use an Access Token from a Refresh Token in the Authorization Code Grant Flow for the Docusign REST API
user login once and then have the application use the Refresh Token returned on the first successful authentication attempt to obtain a new Access Token so that the user would not need to login again and again. You can use docusign-auth-code-grant.
I'm creating a Xamarin.forms mobile app with Azure. I have enabled Authentication/Authorization in Azure to protect the APIs in Backend.
What I need is that to ask user to login with Facebook or Google and get some information of the user such as name, email and... and then save this data in a table as user information. I like to ask user just once for login and get the data and I don't need to keep the token provided by Facebook for example and refresh it always (which I red refreshing is not supported by Facebook), but also need to keep the user logged in and has access securely to Backend APIs. I am new in this and completely confused of using Azure AD, facebook and...
What is the best way to do that? I have followed this tutorial and now am able to login with Facebook.
Maybe what you are looking for is Azure AD B2C (Business to Customer), which will provide facilities to allow your customers to create an account for your app, but also login with Facebook (see here) or Google (see here).
Since Azure AD B2C implements OAuth2, integrating it in a Xamarin.Forms app by means of Xamarin.Auth should be possible (see here). Once you have acquired the OAuth2 token, you can include the token in the headers of your HTTP requests in the Authorization header with the Bearer type (see here)
Authorization: Bearer <token>
On the server side you can then validate the token. I have not used Xamarin.Auth with Json Web Tokens (JWT), but maybe you'll be able to retrieve a JWT with Xamarin.Auth, which you'll be able to validate on yourself. Otherwise, if Xamarin.Auth is restricted to access tokens, you might have to contact the authentication server to verify the token. If the token is verified successfully, you can grant the user access, otherwise, answer them with a 401.
I'm trying to set up an Azure Web App to to authenticate with Azure AD and refresh ID Token behind the scenes automatically.
A great blog post helped me understand how the whole thing works:
https://cgillum.tech/2016/03/07/app-service-token-store/
And this guide linked from it helped me set it up:
http://cgillum.tech/2016/03/25/app-service-auth-aad-graph-api/
It seems enabling refresh tokens for Azure AD authentication isn't that simple so as recommended I used the aforementioned guide to set it up as if it were for GraphApi.
The problem I'm having is even after calling the ".auth/refresh" endpoint and then calling the ".auth/me" endpoint, the only token which is refreshed is the Access Token. That token is of no use to me since I use the Id Token when communicating with my backend server (using an "Authorization Bearer" header).
So how do I get the Id Token to refresh as well?
Unfortunately AAD does not support refreshing the ID token. Only the access token can be refreshed. See here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/#refreshing-the-access-tokens
But even if it could be refreshed, it's more correct to use an access token when authenticating with another service, so I suggest changing your apps to work this way. The claims on the access token and the id_token are very similar so it should not be a very disruptive change.
I am using flicker PHP sdk phpFlickr-3.1 to access media content into a web application. I have successfully obtained the authentication token with required grants. I need to support the logout feature in web application. The logout from web application should either logout from yahoo account or it should revoke grants form authentication token.
Is there any API to logout / expire authentication token / remove grant permission from authentication token?
I'm not aware of an API to explicitly log out. However, you can simply discard the access token that you received from the OAuth workflow, once your access is complete. This will force your application to go through the workflow again, the next time your app needs access. Quoting from the docs, emphasis added:
After the user authorizes your application, you can exchange the
approved Request Token for an Access Token. This Access Token should
be stored by your application, and used to make authorized requests to
Flickr.