I am building a third party webapplication which will create automatically create users in Yammer service.For this I need to use the API of yammer,which requires a authentication mechanishm OAUTH,which send the authorised code to some redirect url which is not a feasible solution .Can any one out here help me to Access API but any other means?
Thanks in advance
Namrata
Related
We have developed a windows application to upload/download file on a OneDrive account using LiveSDK.
As new requirement now we need to support OneDrive for Business also.
Url for access token for LiveSDK :
https://login.live.com/oauth20_authorize.srf?client_id={client_id}&scope=wl.signin%20wl.offline_access%20onedrive.readwrite&response_type=token&redirect_uri=https://login.live.com/oauth20_desktop.srf
As switching to code flow for using OneDrive for Business we are using
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id={client_id}&redirect_uri=https://login.live.com/oauth20_desktop.srf
Can anyone please help with redirect_uri to be used here?
Application is been registered in azure portal.Following the steps in this MS blog post
[https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/aad-oauth?view=odsp-graph-online#register-your-app-with-azure-active-directory]
I think what you are talking about should be the auth code flow of Azure AD. Your redirect_uri does not seem to be a problem, you only need to add it to the application.
Here is what I'm using.
URI_PERSONAL_ACCOUNT = "https://login.live.com/oauth20_desktop.srf"
URI_BUSINESS_ACCOUNT = "https://login.microsoftonline.com/common/oauth2/v2.0/"
Hellooo
I am integrating Stripe connect with my app and am trying to configure a universal link as a redirect for once the user has signed up an account with stripe.
Does anyone know if this is possible?
I am trying to host this link on my api. I have added a apple-app-site-association file to the root folder of my api, and specified a path as an endpoint /users/integrations/stripe/redirect.
I have added the api.mycompany.com as an associated domain on my app.
I am not being redirected to the app when I sign up with Stripe.
Any help or guidance would be great, even if to tell me I'm being an idiot and can't achieve my goals.
thanks
I'm faced with the current dilemma. My application flow is as follows:
Admin logs in
Has to select a list of clients
The selected Client data is then loaded in
Admin should now be able to Link Facebook, for example, to that
client's account with their credentials on a click of a button. Same
would apply for other social media accounts that the user has. The
reason that's important is the app then goes and fetches data from
their social media, such as Facebook Insights.
Is there a way I could achieve is ? I was thinking maybe Auth0 but I had a look on their documentation and it seems I could do it but only if Admin was the one linking his own social media account to his account. Can't really see a way where he could link other accounts to the Client's account currently selected.
I'm working with a React-Redux, Express and MongoDB app.
Even a push in the direct direction would be greatly appreciated.
This is certainly achievable using Auth0 - take a look at the Link Accounts API (User) - you want to use the second option using an API v2 token
See sample here that illustrates how this might work using Node.js.
You could possibly rework this to your technology stack pretty easily. Since you are using a Management Token you'd want that to remain server side (Express) and the react/redux app could make ajax calls via the Express Server side component - which in turn calls out to the Auth0 endpoint to perform the user search / linking actions.
I'm trying to connect to Sharepoint Online (Sharepoint 365?) content using OAuth2 and the REST API. I need to do this from Python as it is an addition to an existing application. I have already managed to connect the application to Google Drive using OAuth2 and REST, so I think I understand the fundamentals of using OAuth2.
I've tried a number of combinations of places to configure the client_id and client_secret and authenticate and receive access and refresh tokens.
So far I have been able to receive a refresh token and use it to obtain an access token; however, I'm unable to use the access token to access content on the Sharepoint 365 site.
For configuring the client_id and client_secret I associated my Sharepoint site with AAD using the Azure Management Portal. Then I added an application to the Sharepoint AD entry with the client_id and client_secret. In Sharepoint I used appregnew.aspx to register the client_id and verified the application appears in appprincipals.aspx.
I call the authentication service using:
.../login.windows.net/common/oauth2/authorize?api-version=1.0&response_type=code&client_id=&redirect_uri=&resource=Microsoft.Sharepoint
and am able to authenticate, receive a code, call back to
.../login.windows.net/common/oauth2/token with the code and receive access and refresh tokens.
I serialized those tokens and from a separate process call
.../login.windows.net/common/oauth2/token with the refresh_token, client_id, client_secret, and grant_type=refresh_token and receive a new access token.
Finally I call in to Sharepoint service endpoint
-my.sharepoint.com/personal//_api/web/files'
with the new access token and it fails telling me the resource Microsoft.Sharepoint is invalid (Invalid audience Uri 'Microsoft.SharePoint')
I've been spinning my wheels trying various permutations of where the client_id is configured and this is as far as I've gotten. Since all the documentation and examples seem to depend on using C# libraries such as TokenHelper I feel like I'm missing something key but simple and can't find the required information.
Has anyone connected to Sharepoint Online using Python, Ruby, Java, etc? If so:
Where should the client_id be configured?
What are the endpoints for obtaining the refresh and access tokens?
What is the appropriate audience uri or resource for which to request tokens?
Many thanks!
I've successfully connected to SharePoint Online using PHP. It looks to me like you're combining two different methods to do so.
Here is what I did:
Register my app in Azure AD on the Management Portal to get client_id, client_secret, redirectUri and the right permissions on Office 365 for sites.
Call the authorization endpoint at https://login.microsoftonline.com/common/oauth2/authorize
Call the token service endpoint at https://login.microsoftonline.com/common/oauth2/token
Call the SharePoint REST endpoint with the access token.
The resource should be simply the URL of your SharePoint site.
The appregnew.aspx and appprincipals.aspx pages are used for apps for SharePoint but it doesn't look like you're building one.
I think you are trying to do OAuth from Sharepoint Online without creating an Add-In inside Sharepoint. This was the exact problem I was facing. I know this is an old question but my answer might be helpful to someone else coming here.
It is possible to do OAuth from any web-app. Here are the step by step instructions in my blog -
https://medium.com/#yash_agarwal2/performing-oauth-and-rest-calls-with-sharepoint-online-without-creating-an-add-in-677e15c8d6ab#.6pf4wp83b
High Level overview -
1) Get client id and secret by registering yourself here - https://sellerdashboard.microsoft.com/Registration
2) Get Access Token, Refresh Token by following steps here -
https://msdn.microsoft.com/en-us/library/office/jj687470.aspx
Im probably a bit late to the party, but to whoever stumbles into this one, you can have a look at how the SharePoint Oauth App Client lib does it.
You'll probably want to check the SPSite and SPAccessToken classes.
I know this is old by had to deal with similar problem and have 2.5 solutions.
This solution is specifically for the federated logins.
Simple hacky solutions works like a magic for files :)
On Windows 10 - the silliest solution:
First login to your sharepoint with Internet Exploer/Edge. Must be IE/Edge.
Then in Start-> Run dialog or any Windows Explorer address bar do this: \\<your_sharepoint_site.com>#SSL\rest\of_the\path. Note #SSL after host name.
Make sure to replace all the forward slashes with backslashes.
This makes sure that your login credentials are captured by the system.
Then navigate to "This PC", menu "Computer->Map Network Drive" and paste either that same path from above or your normal URL https://<your_sharepoint_site.com>/rest/of_the/path into Folder text field of Map Network Drive.
Now you have Sharepoint folder mapped as regular network drive X:\! Which allows you to treat is just as normal file system folder from any program or programming language.
This solution uses WebDav WebClient and by default you will hit a 50MB limit! Worry not follow these steps to release yourself from the shackles of the silly limit.
Simple Hacky.
Open your browsers and open the 'Developer Tools'.
Navigate to 'Network' tab of 'Developer Tools'
With Network tab open login to your sharepoint site.
Click on any of the requests and you shall see that every single Request Header has a Cookie with FedAuth=some_very_long_base64_encoded_xml_struct;rtFa=something_else_long.
Basically you need these two cookies FedAuth and rtFa.
Now with every GET POST (curl, wget etc) request to the Sharepoint just add a new header Cookie with the value FedAuth=<fedauth-cookie-value>;rtFa=<rtFa-cookie-value>.
Programmatic-hacky (example in python on windows), essentially #2 but cookie manipulation all done programmatically.
We shall steal the cookie directly from the kid... I mean from the Chrome browser.
Navigate to your Sharepoint With the chrome browser and perform all the necessary login actions.
Steal the cookie gist. Plagiarized from here.
Use the cookie gist.
REST of Sharepoint REST API wisdom here and ref here.
Finally open a beer enjoy your day.
Consider the following (common) scenario. I will first try to specify how I understand a (nice) Web API should look like, using OAuth. Please do correct me if I got any of the flows wrong.
My API: the center of attention, all clients use this.
My Web App: Uses the API just like any other client would.
My Mobile App: Also uses the API, the same exact way as the web app. Users should be able to authenticate without opening a browser.
3rd party Web App: Also uses the API - however, the user/resource owner must grant permission for the app to do something. They do this by redirecting to my site (or opening a popup to it), logging the user in if necessary, and prompting the user for access.
3rd party Mobile App: Same requirements as the 3rd party web app.
The Question(s)
Should the API handle authentication and authorization?
How does the API know who (the resource owner that is using the client application), is using the API?
When a user is using my official clients, they should obviously not have to grant any permissions - my clients should have all permissions. How would I distinguish between my official clients, and 3rd party clients when calling the API?
Here is what I understand, and would do so far. This is where I really need help - getting this done right.
Official Web app
- Client attempts to `GET /api/tasks/".
- API says "who are you? (HTTP 401)
- Official web app redirects to login form.
> Bob enters his credentials.
- .. now what? Get an authentication token? Cookie?
Since the web app is just a consumer of my API, how would I manage the logged-in state? Should the web app do that?
Should the web app have direct access to the users database instead of verifying credentials against the API?
I am using .NET (C#) primarily, but I'd love an approach that is applicable to, say, Node JS based API's as well.
How would you go about this? Especially the client flows are a problem for me. The reason I ask, is that I have read that you should not roll your own security solution unless absolutely necessary, so if there are any standard-ish guidelines for this, do let me know. :)
Take a look at the new web API 2 oAuth stuff.
Basically fire up a new web API project and ensure you select to change the authentication.
Then, it's a simple case of calling the register controller. This then creates a token for you which can then be sent in the header of each request for that user.
Check out the API calls using fiddler and create some mock up accounts.
It's been awhile, but I thought I would document what I ended up doing.
I use DotNetOpenAuth. I have a database with clients, and they have a Trusted field - if this is set, it lets the client use the password grant, which automatically grants all scopes that have been predefined for that client.
The 1st-party web app uses plain cookie auth - exposing the client credentials in JS would be too risky.