oauth-2.0 – Page 3 – Tarik Billa

Refresh token using Omniauth-oauth2 in Rails application

December 23, 2023 by Tarik

Omniauth doesn’t offer this functionality out of the box so i used the previous answer and another SO answer to write the code in my model User.rb def refresh_token_if_expired if token_expired? response = RestClient.post “#{ENV[‘DOMAIN’]}oauth2/token”, :grant_type => ‘refresh_token’, :refresh_token => self.refresh_token, :client_id => ENV[‘APP_ID’], :client_secret => ENV[‘APP_SECRET’] refreshhash = JSON.parse(response.body) token_will_change! expiresat_will_change! self.token = refreshhash[‘access_token’] … Read more

How to use OAuth2 in RestSharp

December 22, 2023 by Tarik

See RFC 6749 – 4.4.2. Client Credentials – Access Token Request Here is the basic format of the request POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=client_credentials Your cURL request curl -H “Accept: application/json” \ -d grant_type=client_credentials \ client-app:[email protected]/myapi/oauth/token The reason your cURL command works Default Content-Type (if not specified) with POST … Read more

Should clients get OAuth 2 access tokens using GET or POST?

December 17, 2023 by Tarik

The most common argument is that you should not put sensitive information in a query string (GET parameter) as Web servers typically log the HTTP request URL. POST data can be arbitrarily long, so is not usually logged. Therefore when you’re dealing with something like client_secret or code (although it’s one time use), it makes … Read more

Rails api and native mobile app authentication

December 17, 2023 by Tarik

How to perform OAuth 2.0 using the Curl CLI?

December 16, 2023 by Tarik

what’s the alternative to password grant now that it is deprecated? OAUTH 2.0

December 16, 2023 by Tarik

To summarize your situation: You have your own backend (server of some kind, such as a web application implementing a REST API) where users should be able to login using a username and password to obtain an access token giving their access to their own resources on the server, and they should be able to … Read more

How does server return JWT token to the client?

December 16, 2023 by Tarik

there is no standard for how to return JWT token to the client, however, check this URL, it answers your question https://github.com/dwyl/hapi-auth-jwt2/issues/82#issuecomment-129873082 putting the JWT token in the Authorization header gives us flexibility to send an actual response in a web application. For a REST-only App/API you are free to send the JWT as the … Read more

OAuth2.0 Implicit Grant flow. Why use url hash fragments?

December 16, 2023 by Tarik

the Implicit Grant flow is done for java script clients and I think they are using ‘#’ instead of ‘?’ to not send the access token to server side of your redirect URL but it is still reach to javascript which is the client in our case may be for security reason “not sharing your … Read more

401. That’s an error. Error: invalid_client The OAuth client was not found

December 15, 2023 by Tarik

Handling openURL: with Facebook and Google

December 13, 2023 by Tarik