After lots of research, I discovered that client_credentials grant type is for this scenario. Once you punch this term into google, you can find loads of very helpful resources. This is the normal flow for 3-legged OAuth 2.0 (we want the user to sign in): Assume we have the following endpoints in our app for … Read more
Edit (August 14th 2012): A week ago the official Facebook PHP SDK was updated. The function name was changed to setExtendedAccessToken, and it was decided we actually needed to destroy the session afterwards, to remove the risk of having two active sessions. Also, the function no longer actually returns the token, but instead stores it … Read more
UPDATE July 21st, 2012 Google Analytics API V3 now supports OAuth2 tokens returned by a .p12-signed JWT request. That is, we can now use the Analytics API w/ service accounts. Currently pulling 4 years of day-by-day metrics, just for the hell of it. Here’s a quick ‘n’ dirty step-by-step: Go to the Google API Console … Read more
https://graph.facebook.com/app/?access_token=[user_access_token] This will return the app this token was generated for, you can compare that against your app’s id.
keycloak has REST API for creating an access_token using refresh_token. It is a POST endpoint with application/x-www-form-urlencoded Here is how it looks: Method: POST URL: https://keycloak.example.com/auth/realms/myrealm/protocol/openid-connect/token Body type: x-www-form-urlencoded Form fields: client_id : <my-client-name> grant_type : refresh_token refresh_token: <my-refresh-token> This will give you new access token using refresh token. NOTE: if your refresh token is … Read more
Another answer mentions Flask-Rauth, but doesn’t go into detail about how to use it. There are a few Google-specific gotchas, but I have implemented it finally and it works well. I integrate it with Flask-Login so I can decorate my views with useful sugar like @login_required. I wanted to be able to support multiple OAuth2 … Read more
What are these concepts? Passport is an official Laravel package that implements Oauth2 and JWT. Auth0 is an authentication and authorization service. It is kinda “all in one” solution for API auth. It implements JWT by default and can implement Oauth2 as well as many other protocols. OAuth2 is an authorization framework or protocol that … Read more
CAS-Server: A stand-alone central login page where the user enters their credentials (i.e. their username and password). CAS supports the standardized SAML 1.1 protocol primarily to support attribute release to clients and single sign-out. (a table in a SQL database, ActiveDirectory/LDAP, Google accounts, etc.) Full compatibility with the open, multi-platform CAS protocol (CAS clients are … Read more
For anyone else that comes across this post and might find it useful… There is actually nothing wrong with my code. I made the mistake of requesting client_credentials type access code instead of password access code (#facepalms). FYI I am using urlencoded post hence the use of querystring.. So for those that may be looking … Read more