I am using multiple authentication providers and protocols(Oauth2, Open ID 2, SAML) for authentication which need client to be redirected to providers authentication URL. After successful authentication server will redirect client back to application server URL with user information/code/token in header.
This is already working fine in web browser, node webkit app and cordova as I can use window.open and then see the changes in the url or close the popup window after getting the access token.
Since this is not an extension I will not be able to use chrome.tabs. I tried chrome.window also and it also doesn't allow redirection.
Even webview allows to open an external url, but doesn't allow redirect.
I can't use chrome.identity as its just specific to Oauth 2. Sandbox also doesn't work.
Can someone please tell me if they have ever used Oauth, OpenID, SAML, redirections in chrome packaged apps without using the chrome.identity
Related
I'm tasked with making a server using Node.js which will read emails from a Google account and parse the content from those emails into data we can store in a database. I'm using Google's googleapis package (v103.0.0) in NPM to authenticate/authorize with whichever account we'd like to use.
The issue comes when we try to switch accounts and have the user re-auth. During development on a local machine, the Auth process works as expected:
The client requests an Auth URL.
The server generates a new Auth URL and sends it back to the client.
The client redirects to that URL and the Google Consent Screen is shown.
The client is asked to choose between logged-in Google accounts.
The client authorizes the application and is redirected back to the server with a code.
The server uses the code to generate/save a token, which allows it to use the Gmail API.
However, after deploying to Heroku, the Google Consent Screen no longer allows the user to select an account. Instead, at step 3, it shows this message. In just about every other question related to this error, there's always additional information below the error code/message, but nothing's there for me. I made sure: (1) the domain I'm using in Heroku is verified on the Google Cloud Console, and (2) the redirect_uri within the Node.js application is passing the correct domain to the Auth URL, even while in production.
I can't provide the URL for privacy reasons, but let me know if there's any source code or Cloud Console info I should include.
It didn't take long after posting this question, but I realized I was using an incorrect OAuth 2.0 Client ID type. I was attempting to use "Desktop" when I should've been using "Web application" instead. Take a look at this image to see the difference.
When you select "Web application", you're given some new options: Authorized JavaScript origins, and Authorized redirect URIs. This is where you need to fill out the allowed URIs. Here's a sample of what that should look like.
I have a Blazor server application with JWT authentication. The application authenticates using a JWT token in the URL. The applications runs successfully in debug mode under localhost locally without any issues.
When published the application to Azure service the following happens:
Go to google or any website
Paste url with token
It doesn’t validate the token and redirects to the error razor page
Paste same url again and it works completely fine and loads correctly
As it’s not happening in debug mode on visual studio not sure on the best way to debug this? Or why this could be happening?
You could have an issue with CORS? Does it work if you go through the normal authentication flow on the app? E.g., using incognito browser, open Azure app, you are unauthenticated so you get redirected to login, after login you get redirected to app again?
If that works, you are having issues with where the request is coming from (possibly). There really isn't much info to work with here - can you update with browser Developer Tools console output/network tab and then the server logs?
I am trying to build an app in node.js that connects to Pinterest via its API. I can get an access token via Postman and test my app in single-user mode, but I am unable to incorporate OAuth2 to test my app for a second user. Every configuration of my code and settings at developer.pinterest.com yields the error "The provided redirect_uri ... does not match any of my registered redirect URIs."
I registered what I believe are correct callback URLs at developers.pinterest.com--many variants, with and without trailing slashes. My callback is hosted via https.
I tried calling Pinterest's auth URLs OAuth2 in my server code (node.js), and via browser address bar.
https://api.pinterest.com/oauth/?response_type=code&redirect_uri=https://www.outfinterest.com/auth/pinterest/callback/&client_id=5042375080944909391&scope=read_public&state=true
I attempted the auth from a browser logged into Pinterest as me, and from a browser logged in as a registered tester of my app.
What must I do to get Pinterest to accept my callback URL?
Do I need to submit my app for approval before I can authorize via OAuth2?
I resolved the problem by reducing the set URLs registered at developer.pinterest.com to just the one I need, then reloaded the page with the app settings.
With web based applications running in Chrome, I have been able to leverage Chrome to negotiate passing local credentials via SPNEGO. In the XMLHttpRequest, we set the option pass withCredentials. It seems like the http module in nodejs/electron does not have this capability.
Has anyone been able to pass the credentials of the currently logged in Windows user using the http module in electron? I am looking to make calls to some internal web services that require authentication and I don't want to force the user to enter login credentials again.
Is browser redirection necessary to get autorization and access token ? Is there a way how to get autorization programatically ? I am a bit suprised i found this in the OAuth2 google documentation :
https://developers.google.com/accounts/docs/OAuth2#scenarios > Chapter Installed Application
sequence begins by redirecting a browser (either a browser embedded in the application or the system browser) to a Google URL with a set of query parameters that indicate the type of Google API access the application requires...
We run small java utility app which contains username and password in config file to our google account. i would expect there will be way to get autorization and access token without any browser interaction (it`s a bit hard to do when we run it as a cron job on virtual server)...
It's about trusted path between credentials holder (user), and authentication entity (it can by google app's server, or openID or facebook...). Someone who uses OAuth, provides his credentials to server he trusts, and in turn this server not revealing any secret data about him, provides identity assurance for your app.
So you have to provide trusted path to Oauth porvider. This can be done by opening a simple http server within your app, and opening user browser pointing to it, and then authentication would be done using, browser, and after auth is finished your server would recvive OAuth response and your app could authenticate user.
That's the idea, I would not input my "global" credentials to some app, and trust it that it will not, copy and use them later on. You've registered within specific OAuth provider and only he should know, and recive your credentials.