authentication – Page 2

No authenticationScheme was specified, and there was no DefaultChallengeScheme found Cookies Authentication

January 9, 2024 by Tarik

authenticationBuilder.AddCookie(“MyCookieMiddlewareInstance”, …) This registers a cookie authentication handler using the authentication scheme name “MyCookieMiddlewareInstance”. So whenever you are referring to the cookie authentication scheme, you will need to use that exact name, otherwise you will not find the scheme. However, in the AddAuthentication call, you are using a different scheme name: services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) This registers the … Read more

OAuth Refresh Token Best Practice [closed]

January 9, 2024 by Tarik

The client should always be prepared to handle an error returned from the API that indicates that the access_token validation failed. Depending on the implementation the access token may have been revoked or declared invalid otherwise. The client may then use a refresh_token to get a new access token and try again. So you can … Read more

How to send POST data with code in an android webview

January 9, 2024 by Tarik

Rails authentication across apps/servers

January 9, 2024 by Tarik

Yes, SSO using OAuth is a viable solution, but it’s not the simplest one. When building anything new, OAuth 2.0 is the way to go. The OAuth standards cover a lot of ground. The primary advantage of OAuth is that it allows users to give 3rd party apps access to their account without disclosing their … Read more

Update/change roles claim (or any other claim) in JWT

January 8, 2024 by Tarik

Refresh tokens don’t seem to be the solution if you care about the changes you make being instant, you probably don’t want an user to access moderation tools for some time if you revoke his permissions. What you could do is keep a version number in the jwt token relative to the user, much like … Read more

Best practices for managing auth token

January 8, 2024 by Tarik

For brevity I’ll assuming you’re calling an endpoint that you can’t change. How you should implement will heavily depend on whether the token is app or user based (one token for all users on a shared app instance or one token per user). If it’s one auth token for the entire app: Store it in … Read more

What is an API token [closed]

January 8, 2024 by Tarik

Using active directory to authenticate users on intranet site

January 8, 2024 by Tarik

Using OAuth for server-to-server authentication?

January 8, 2024 by Tarik

There are actually two OAuth specifications, the 3-legged version and the 2-legged version. The 3-legged version is the one that gets most of the attention. The 2-legged version does exactly what you want initially, it allows an application to grant access to another via either a shared secret key (very similar to Amazon’s Web Service … Read more

How to config git to pull from http and push through ssh in one ‘remote’?

January 7, 2024 by Tarik

From the git-config man page: remote.<name>.url The URL of a remote repository. See git-fetch(1) or git-push(1). remote.<name>.pushurl The push URL of a remote repository. See git-push(1). Try setting the former to an http: url and the latter to a git+ssh: (or just git:) url?