This is a good question — there is a lot of confusion around tokens and OAuth. First up, when you mention OAuth, you are likely referring to the OAuth2 standard. This is the latest version of the OAuth protocol, and is what most people are specifically talking about when they say ‘OAuth’. The OAuth protocol … Read more
It’s in lib/devise/controllers/helpers.rb1 and is generated dynamically (user being only one of the possible suffixes): def self.define_helpers(mapping) #:nodoc: mapping = mapping.name class_eval <<-METHODS, __FILE__, __LINE__ + 1 def authenticate_#{mapping}!(opts={}) opts[:scope] = :#{mapping} warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) end def #{mapping}_signed_in? !!current_#{mapping} end def current_#{mapping} @current_#{mapping} ||= warden.authenticate(:scope => :#{mapping}) end def #{mapping}_session current_#{mapping} && warden.session(:#{mapping}) … Read more
Just implemented my OWIN Service with Bearer (called access_token in the following) and Refresh Tokens. My insight into this is that you can use different flows. So it depends on the flow you want to use how you set your access_token and refresh_token expiration times. I will describe two flows A and B in the … Read more
The response is a bit late – but in case anyone has the issue in the future… From the screenshot above – it seems that you are adding the url data (username, password, grant_type) to the header and not to the body element. Clicking on the body tab, and then select “x-www-form-urlencoded” radio button, there … Read more
The reason this is out of scope for the specification is the wide range of ways to accomplish this connection between the two entities. The main question is how complex is your deployment. For example, do you have one server managing authentication and access, and a set of discrete services each with its own servers … Read more
For anyone who is as stuck and frustrated as I was, I’ve left a detailed blog post on the entire process (with pictures and ranty commentary!). Click the link if you want that: http://www.calvinfroedge.com/salesforce-how-to-generate-api-credentials/ Here is a text only answer: Step 1: Create an account. You can create a (free) developer account at developer.salesforce.com Step … Read more
Let me come to your questions a little later down the line and start by actually discussing the whole purpose of a refresh token. So the situation is: The user opens the app and provides his login credentials. Now, most probably the app is interacting with a REST backend service. REST is stateless, there isn’t … Read more
So I’ve got an answer for you. In the OAuth request you can add hd=example.com and it will restrict authentication to users from that domain (I don’t know if you can do multiple domains). You can find hd parameter documented here I’m using the Google API libraries from here: http://code.google.com/p/google-api-php-client/wiki/OAuth2 so I had to manually … Read more
So i finally figured out how to do this. The basic idea is that you have the token you get the first time you ask for authentication. This first token has a refresh token. The first original token expires after an hour. After an hour you have to use the refresh token from the first … Read more