Add this to the scope – https://www.googleapis.com/auth/userinfo.profile And after authorization is done, get the information from – https://www.googleapis.com/oauth2/v1/userinfo?alt=json It has loads of stuff – including name, public profile url, gender, photo etc.
State and nonce seem to be similar. But if you dig deep, you will find that they serve different purposes. State is there to protect the end user from cross site request forgery(CSRF) attacks. It is introduced from OAuth 2.0 protocol RFC6749. Protocol states that, Once authorization has been obtained from the end-user, the authorization … Read more
Go to the Graph API Explorer Choose your app from the dropdown menu Click “Get Access Token” Choose the manage_pages permission (you may need the user_events permission too, not sure) Now access the me/accounts connection and copy your page’s access_token Click on your page’s id Add the page’s access_token to the GET fields Call the … Read more
After digging around a bit, i found this. It seems to be the answer: Updated (11/April/2018) The token will expire after about 60 days. The token will be refreshed once per day, for up to 90 days, when the person using your app makes a request to Facebook’s servers. All access tokens need to be … Read more
I don’t believe you can restrict github OAuth tokens in that way. The github docs for OAuth say that While Git over HTTP with OAuth reduces friction for some types of applications, keep in mind that unlike deploy keys, OAuth tokens work for any repository for which the user has access. So while you can … Read more
OpenID is a way to specify one identity for multiple sites so you don’t need to register over and over again. OAuth is a way to allow one application access to one account without giving said application your account login information. You can use them in conjunction. More info: OAuth-OpenID: You’re Barking Up the Wrong … Read more
Yes, this is an issue with the OAuth design that we are facing ourselves. We opted to proxy all calls through our own server. OAuth wasn’t entirely flushed out in respect of desktop apps. There is no prefect solution to the issue that I’ve found without changing OAuth. If you think about it and ask … Read more
First I’d like to emphasize the difference between authentication and authorization: A user authenticates to your web site by supplying some credential such as a username+password. OpenID allows this to be displaced by having the user authenticate to another service, which then asserts the user’s identity to your web site on the user’s behalf. Your … Read more
Store them as shared preferences. Those are by default private, and other apps cannot access them. On a rooted devices, if the user explicitly allows access to some app that is trying to read them, the app might be able to use them, but you cannot protect against that. As for encryption, you have to … Read more
What exactly is OAuth (Open Authorization)? OAuth allows notifying a resource provider (e.g. Facebook) that the resource owner (e.g. you) grants permission to a third-party (e.g. a Facebook Application) access to their information (e.g. the list of your friends). If you read it stated plainly, I would understand your confusion. So let’s go with a … Read more