I am using flicker PHP sdk phpFlickr-3.1 to access media content into a web application. I have successfully obtained the authentication token with required grants. I need to support the logout feature in web application. The logout from web application should either logout from yahoo account or it should revoke grants form authentication token.
Is there any API to logout / expire authentication token / remove grant permission from authentication token?
I'm not aware of an API to explicitly log out. However, you can simply discard the access token that you received from the OAuth workflow, once your access is complete. This will force your application to go through the workflow again, the next time your app needs access. Quoting from the docs, emphasis added:
After the user authorizes your application, you can exchange the
approved Request Token for an Access Token. This Access Token should
be stored by your application, and used to make authorized requests to
Flickr.
Related
I am using vue-adal library in my VueJS application to connect to Azure AD.
AD Token valid for 1hr after login.
When my token expires i am unable to renew it from client side.
Is there any way to renew token from client side using VueJS or
Any other alternate approach can be used for this scenario?
Thanks,
Gowtham
Since you are using implicit flow, azure AD will not return refresh token in implicit flow for you to refresh the token. As per this documentation, here is the recommended approach for this.
A JavaScript application has another mechanism at its disposal for
renewing access tokens without repeatedly prompting the user for
credentials. The application can use a hidden iframe to perform new
token requests against the authorization endpoint of Azure AD: as long
as the browser still has an active session (read: has a session
cookie) against the Azure AD domain, the authentication request can
successfully occur without any need for user interaction.
I want to use DocuSign embedded signing to sign a document.
How can I get a access token to sign a document?
I manually get the access token, which is valid for 8 hour, but I want to generate access token in Node.js API. How can I get it?
I have tried the following:
doc1
doc2
If you are using User Application then you need to check Authorization Code Grant to learn how DocuSign using this type of Grant to generate AccessToken and RefreshToken.
In User Application flow, AccessToken is provided for 8 hours and once AccessToken expires then your App needs to use Refresh Token to generate new set of Access and Refresh Token.
But if you are using System Integration then you need to check JSON Web Token Grant to learn how DocuSign provides AccessToken using JWT.
In System Integration flow, it is assumed that an API user in your App behind the scene will call DS API, and there is no DocuSign User interaction to login after certain interval to provide access to your App to generate Access token on behalf of the logged in user once Refresh token expires. System Integration Flow will get one time consent, Obtaining Consent explains how to get Consent. Once consent in provided to the Integrator Key then Integrator Key via your app can generate AccessToken any time, and this AccessToken will be valid for 3600 seconds, once it expires then you create new JWT and call DocuSign OAUTH API to generate new AccessToken for next 3600 seconds.
Node JS_03 is an example showing how User Application flow works.
Node JS_01, check for dsJwtAuth.js is an example showing how System Integration flow works using JWT.
finally i got my answer from this article
This article explains how to obtain and use an Access Token from a Refresh Token in the Authorization Code Grant Flow for the Docusign REST API
user login once and then have the application use the Refresh Token returned on the first successful authentication attempt to obtain a new Access Token so that the user would not need to login again and again. You can use docusign-auth-code-grant.
I have 3 applications, one is desktop application and this is my client, second is my Web Api to secure and the last one is api which checks if the user with password exists.
In my case I want to connect this flow with Azure AD.
I think this should work like this:
1.DesktopApplication sending request with clientid,clientsecret, username and password to AZURE
2.Azure sending request with username and password to my api where I can check this user exist if exist I will return "true"(or somthing like this)
3. If api return "true" Azure can return to DesktopApplication token
4. DoesktopApplication will send request ot secure Web Api with token
5.DesktopApplication recive content from secure Web Api
Api in 3 point is not same api in 5 point.
Is it posible to do this flow with Azure AD or not? And if not can I do something with my flow something to secure Web Api by Azure and still store users in my old db(oracle)?
It would be better to use OpenID Connect authentication flows to authenticate the user and acquire a token that way.
The approach you are suggesting has a few downsides:
You are storing a client secret in a desktop application, which can be easily extracted by anyone.
The authentication flow that allows you to do this will not work with users who have MFA enabled / are federated users (on-prem AD/MS account/Guest account) / have expired password.
It trains users to be phished as they really should only enter their password to the actual login page.
So it would be better to use a flow like this:
Your desktop application uses Azure AD Authentication Library (ADAL) or Microsoft Authentication Library (MSAL) to authenticate the user, requesting an access token for your API
Desktop app calls API, API validates token signature, issuer, validity time etc.
It will show the user a pop-up window where they can login, and as a result you'll get an Id token (which tells your desktop app who the user is) and an access token for the API.
I am trying to revoke a refresh token so that it cannot be used any further to obtain more access tokens via oauth2.
I am using simple-oauth2 nodejs library that wraps the requests to obtain access and refresh tokens. Once I have these tokens, I can use the access token to make graph.microsoft.com calls. When the token expires, I can obtain a new one. This library has a .revoke() method that takes a revoke url. I specify this as http://login.microsoft.com/common/oauth2/v2.0/logout
but the refresh token is still valid.
According to https://support.office.com/en-us/article/Session-timeouts-for-Office-365-37a5c116-5b07-4f70-8333-5b86fd2c3c40?ui=en-US&rs=en-US&ad=US
The Azure Active Directory: "An administrator can apply conditional access policies which restrict access to the resource the user is trying to access."
Is it possible to revoke using oauth2 request? I see this https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oidc
which shows the oauth2 logout url /common/oauth2/v2.0/logout.
Azure Active Directory does not support or provide an endpoint for an application to revoke the refresh tokens. The recommended approach is to clear the token cache on logout to prevent the re-use of the token.
A similar post is here: Revoke a refresh token on Azure AD B2C
You can read more about the policies on token lifetimes of refresh tokens here
https://learn.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes
How to get authorize and then get access token in Box API using Console or Library project in C#. I have tried authorize API but it returns HTML. I need only THE_AUTHORIZATION_CODE so that it can be passed into Token API for getting access_token.
Or can there be an enterprise access_token which is gotten through the web portal, just like developer token, but which never expires?
Today I discovered that Box is making available a new service called 'Box for Developers' that enables server-to-server token grants and does not require end-user authentication. It's currently in beta. Read more about it.
The BoxDevEditionHelper package provides an implementation of the server-to-server OAuth workflow.
Original Post
How to get authorize and then get access token in Box API using Console or Library project in C#.
OAuth2 requires the user to authenticate with the service in a browser or embedded browser window. There are no exceptions to this requirement.
Or can there be an enterprise access_token which is gotten through the web portal, just like developer token, but which never expires?
No. All Box access tokens expire after ~60 minutes. Access tokens granted through the standard OAuth workflow can be indefinitely refreshed, but the tokens granted through the developer portal do not follow this workflow and thus cannot be refreshed.
I have resolved it By using call oauth2/token API, which returns access_token and refresh_token. access_token will expire as mentioned by #Jonh in above post. But you can store refresh_token in persistence storage. When access_token expires you can get new access_token by using refresh_token by calling same token API.