I just downloaded the libspotify and was looking at the examples and learning more about it. I want to know does the current version of the libspotify support oauth? I have tried searching but didnt find anything so I'm asking here in case I'm missing an important link. My client says that instead of username and password for signing in to spotify they will give me a oauth token (taken from facebook I think) and through that I should be able to sign in. Please guide, thank you.
Unfortunately, your client is mistaken.
libspotify logs into the Spotify service using either Spotify or Facebook username/password credentials, and nothing else. You cannot log into Spotify with a Facebook OAuth token.
It's worth noting at this point - never save these details yourself - libspotify can remember them for you in its secure store.
Related
The spotify client lets you see friends or people you follow are playing. Is it possible to do that with the API? I looked through the whole API Reference but couldn't find anything.
In the spotify client this is under "recent activity".
No, it is not currently available with the Spotify Web API. There is already an existing feature request about this issue on Spotify Web API Issue Tracker Github page. Feel free to +1 there :)
No public API to do this, but...
If you MITM your Spotify app you can observe the requests to https://spclient.wg.spotify.com/presence-view/v1/buddylist as well as your authentication token. From there you can just hit this automatically. If you use Charles you can just click "copy request as cURL" and it's super easy.
Of course you need the app's auth token, so this only works for you and not for a 3rd party app that other people authorize too. (at least, not without a lot more work)
I'm working on a project to connect Google Apps (Contacts, Gmail, etc.) to our own private software.
I'd like to use Hapi.js in order to achieve this, but since I have no expertise in the matter (OAuth, Google, etc) I found it to be quite challenging.
I wonder if it's posible to use Hapijs and Bell to handle the "ask permission" flow, and once authorized save the credentials to long-term uses.
Also, is it possible to use Bell to handle token refresh and consume api? (like requesting http://www.google.com/m8/feeds/contacts/default/full)
In the documentation for Bell, there's an example for twitter, basically you need to change the provider to Google: https://www.npmjs.com/package/bell
When you request access, you can add the parameter access_type with a value of offline. The server will response also with a refresh token that you can use in further requests to the API's without asking for the user credentials again.
You won't be able to store the actual user's credentials since it wouldn't be secure.
You can use the Google OAuth playground to learn more about the authentication process, here is the link https://developers.google.com/oauthplayground/
Here you can find more information and examples of using node.js and the Google API's
I am trying to learn and implement MEAN stack (node, express, mongo, angular) to create an SAAS application I have been working on.
Currently i'm working on the REST API that the frontend will consume. I am having trouble understanding / deciding on an authentication scheme.
I am looking into passport.js to use with the REST API but I feel like maybe i'm confused about its implementation. Everything I read about oauth 2.0 says its pretty much the defacto standard for authentication with modern REST api's however most of what i'm reading says you click a button and it asks for authorization, just like a facebook or twitter signon.
So i'm wondering, is it even necessary to have a token based authentication if I just want my users to provide an email and password and sign in.
Can someone explain this at least: If I use Oauth 2.0, do I have to have sign in buttons that initiate some kind of facebook connect looking flow, or can I have a user provide an email and password and use that as a means to obtain the tokens from the oauth server.
SO CONFUSED. haha. I just need to figure out a good, acceptable way besides plain old username / password authentication to secure the api so I can get on with the build. All suggestions and links to applicable tutorials are appreciated. Thanks.
I am developing an app using node.js which will also have an mobile client. I am looking to make the authentication using OAuth 2.0. Is there any good module which allows me to have OAuth 2.0 authentication server?
I looked at a subsidiary module of Passport "OAuth2orize". I found it quite good enough, but the real problem was understanding how it will work for my own app (the example and docs specify about third party authorisation).
Basically what I want is that the client logs in with client id, user's username, user's password and there by I hand him a token after verifying the above 3 things. But the problem with Oauth2orize is that there there are redirect URI and all which is confusing me a lot.
Please help me know as to how can i achieve this using Oauth2rize or any other really good module. Or If its easy enough I can also roll my own, but will that be a good idea regarding security ??
What you are looking for is the Resource Owner Password Credentials flow. As you've seen, the examples for oauth2 do not include functionality that supports this flow. In fact the examples only cover the Authorization Code flow.
It should end up being fairly easy to implement. All you need to do is accept a request that contains the information you are looking for (and authorize it) and create a token in your token database and return it. As long as you use the same token database that the rest of oauth2orize is using, it should work just fine. See: Passing Trusted Client Information with oAuth2orize for the "Resource Owner Password Flow" where that is exactly what is suggested.
Correction:
The all-grants example of oauth2orize supports the Implicit flow as well as Authorization Code flow.
I've integrated CocoaLibSpotify with my iOS app, and I wonder if there's a way to save the user from having to enter credentials if they've already signed in to the Spotify app on their phone.
I know Spotify doesn't support OAuth, but I did want to ask if anybody knows if Spotify (1) plans to support OAuth in the future, or (2) is working on another way to spare the user from re-entering credentials into another app for the same service.
This isn't possible with CocoaLibSpotify — the first time the user wants to log in, they have to enter their credentials.
Once that's done, CocoaLibSpotify has APIs for saving the user's credentials and using them next time, though, so the user only should ever have to input their credentials once. To be honest, since an app with OAuth would have authenticate the user once as well, the method CocoaLibSpotify uses isn't really extra effort for user.
Look at the delegate method session:didGenerateLoginCredentials:forUserName: to get the credentials after logging in, and the attemptLoginWithUserName:existingCredential: to log in again next time.