I'm using Token Flow as described here https://developer.foursquare.com/overview/auth
User authenticates foursquare and is sent to a callback page on my server from which I parse the access token for that user out of the url.
Once i have this access token, how do I look up the user so I can grab her uid?
thanks
Use the /users/USER_ID endpoint with user id "self" to get information about the acting user.
Related
What I ideally want to achieve is to be able to Login with Google SignIn, and put authentication on my Nodejs server's endpoints.
What I have done till now is log in the user in the browser, and send the IdToken to the server, validate this TokenId using verifyIdToken() using this link.
https://www.google.com/search?q=verify+idToke&rlz=1C5CHFA_enIN936IN936&oq=verify+idToke&aqs=chrome..69i57j0i13l2j0i13i30l3j69i60l2.12008j0j7&sourceid=chrome&ie=UTF-8
Question:
Once verified, should I generate an access_token using some package, and use that to secure my server's API? Or Use Google SignIn's IdToken as an access token for it?
Or Is there some other flow I'm not getting?
The id_token contains information about the user i.e. email, name, and profile picture.
If that's all that your application needs then the access_token won't be of use to you.
If you're trying to access/modify data belonging to the user, (i.e. trying to add an event to their calendar using the calendar api) then you need the access_token. The access_token is what will give you access to the user's account. If your application requests offline access to the user data then you will also receive something called a refresh_token that will let you regenerate your access token once it expires. If you add the refresh token to your oAuthClient it should automatically renew the access token for you when you make an api call.
Based on what you described I don't think you need the access_token and the id_token might be all you need.
More information is available on this page: https://developers.google.com/identity/protocols/oauth2
We are developing application for e-signature on PDF for different users of oru system, which call many docusign APIs and we try use JWT to authenticate the APIs. I able to get token. But I have doubt on one parameter of JWT request body. I refer link https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-jsonwebtoken.
What do you mean by "The user ID of the user to be impersonated.", I used API account user id.
Please refer my previous query Signer URL for an envelope - calling docusign API and getting 400 bad request error. I think, this is not correct what I use to pass here. However I am getting token.
Please let me know if you want to know more details.
"The user ID of the user to be impersonated." means exactly this, you can impersonate a user or "act on behalf of the user" by providing his userId in the JWT call.
So the impersonated user will be the sender of the envelope.
If you use your account userId you will be acting as the sender
I am doing service integration with DocuSign platform using JWT Grant auth type. DocuSign account has multiple users setup.
My service is SendEnvelopService and one of the important request param to the service is user email. SendEnvelopService need to impersonate user with given email-id when calling DocuSign and send envelope in behalf of that user. Note that every request to SendEnvelopService will have different value of email request param.
I have following questions around it -
Question#1) Since I need to impersonate different user every time (based on email id in my request), I assume I need to get new JWT auth token every time, before making actual api call. Is that right? Is it usual and ok to request new JWT auth token so frequently before every api call? Does it raise any integration concerns with DocuSign?
Question#2) In my request, I have email id of the user to impersonate. I don't have user's GUID which I need, to get JWT auth token and impersonate it. Is there any api that I can use to get user GUID by email id? I wonder what kind of authentication will be needed for such api because I don't have JWT auth token yet.
One idea I have is may be I need to setup one admin user in DocuSign and keep admin userId (GUID) in application config. Now I have 2 users, one is admin user and another is request user which I have email from the service request. I can following steps -
Do requestJWTUserToken impersonating admin user. We get
oAuthTokenAdmin
Using oAuthTokenAdmin make
https://developers.docusign.com/esign-rest-api/reference/Users/Users/list
api call to get userId (GUID) of request user email.
Now do another requestJWTUserToken impersonating request userId. We
get oAuthTokenUser
Now make actual api call using oAuthTokenUser and to send envelope
Go to:
https://admindemo.docusign.com/
Log in with your demo (sandbox) credentials.
Then you have two options:
If it is only for you, simple thing is to click "API and Keys" page under Integrations on the left nav.
You will see this:
You can also click on "Users" on the left and select the user you want, any user really, doesn't have to be you.
then you'll see it under this:
For your first question, no, you don't have to do that. You can use the same user for all API calls. Especially if this user is an admin, then you can do all API calls under that context.
During account linking process, Alexa user is redirected and presented with a form to enter his credentials (ID and/or password). Based on what's provided, the user is then being validated by the authentication flow, upon which success an accessToken is embedded in Alexa request and the user is redirected to the OAuth resource.
Is there a way to pass the ID of the user obtained in the above interaction as part of the Alexa request (JSON session\user\userId), instead of (or in addition to) it being a userId that gets generated during user's enabling their skill on a device? Or can the userId be gleaned from the accessToken generated after linking user's account?
Are you referring to the userId specified by your OAuth provider? There should be an API to retrieve the userId based on the accessToken. Using Login with Amazon for example, when you verify the access token, it would return user_id as part of the response.
If you're referring to getting the user's email (that's the "ID" to login to an Amazon account), you would need to add the relevant scope (e.g. profile for LWA) based on your OAuth provider in order to retrieve that from an accessToken.
During connected app integration user is redirected to a callback url provided by application developer. At the last step of authentication it is written that "Save this access token for this user in your database." . But the problem is you do no get userId during this authentication process.
https://developer.foursquare.com/overview/auth#access
I get authentication code but can not access userId. How can get userId of authenticating user...
regards..
Once you have the access token, you can make a request to the users/self endpoint to get any information about the user associated with that token, including the user's id.