oauth
OpenID Connect Authentication Flow (using KeyCloak) in a Mobile App + REST Backend
I believe Resource Owner Credentials flow should be avoided unless really needed AND the client app and environment are under your own full control. You may have full control over the app but you cannot control the phone OS (security updates, …) This blog post goes over the various problems. I do not fully agree … Read more
Should clients get OAuth 2 access tokens using GET or POST?
The most common argument is that you should not put sensitive information in a query string (GET parameter) as Web servers typically log the HTTP request URL. POST data can be arbitrarily long, so is not usually logged. Therefore when you’re dealing with something like client_secret or code (although it’s one time use), it makes … Read more
Can I really not ship open source with Client ID? [closed]
On November 5th 2014 Google made some changes to the APIs terms of Service. Like you I had an issue with the following line. Asking developers to make reasonable efforts to keep their private keys private and not embed them in open source projects. I have several open source projects on GitHub they are basically … Read more
Get started with Office 365 REST API
[Update Aug 20th, 2015]: It looks like there is a new getting started experience, which will help register your app, and even create a starter project in the language of your choice. I would certainly recommend trying that first, rather than going through the manual steps outlined below. To register apps manually (e.g., not through … Read more
Possible to test Google social login locally?
You can set “Authorized redirect URI” to local IP (like http://127.0.0.1/callback), it’s working fine for me. What really agonizing is that google don’t allow user to config an external IP (let’s say your server IP like 99.99.99.99) as “Authorized redirect URI”, google want the “Authorized redirect URI” to end with a public top-level domain (such … Read more
DotNetOpenAuth oAuth in ASP.NET MVC [closed]
Have a look at Rob Conery’s TekPub ASP.Net MVC 2.0 Starter Site. He has setup DotNetOpenAuth as part of that. It should point you in the right direction EDIT My assumption was based on the the fact the OpenID and OAuth are the same. They are not the same but complimentary ideas. OpenId is about … Read more