What is the purpose of the ‘state’ parameter in OAuth authorization request

The state parameter is used to protect against XSRF. Your application generates a random string and sends it to the authorization server using the state parameter. The authorization server sends back the state parameter. If both state are the same => OK. If state parameters are different, someone else has initiated the request. The example … Read more

Allow OPTIONS HTTP Method for oauth/token request

@EnableAuthorizationServer is adding http security configuration for endpoints like /oauth/token, /oauth/token_key etc at order 0. So what you should do is to define a http security rule for /oauth/token endpoint only for the OPTIONS http method which is at a higher order. Something like this: @Order(-1) @Configuration public class MyWebSecurity extends WebSecurityConfigurerAdapter { @Override protected … Read more

How to make Facebook Login possible in Django app ?

Summary; https://github.com/mlavin/django-all-access https://github.com/pennersr/django-allauth https://github.com/omab/django-social-auth https://github.com/uswaretech/Django-Socialauth https://github.com/hiidef/oauth2app https://github.com/timetric/django-oauth https://github.com/daaku/django-oauth-consumer https://github.com/eldarion/django-oauth-access https://github.com/dgouldin/python-oauth2 https://github.com/henriklied/django-twitter-oauth https://launchpad.net/django-openid-auth https://www.djangopackages.com/grids/g/oauth/ http://peterhudec.github.io/authomatic/ django-all-access django-all-access is a reusable application for user registration and authentication from OAuth 1.0 and OAuth 2.0 providers such as Twitter and Facebook. The goal of this project is to make it easy to create your own workflows for authenticating with … Read more

Session management : How to generate Authentication token for REST service ? (Jersey)

For simplicity sake, I generate my own authentication token using UUID before encrypting the entire token with Jasypt:- String key = UUID.randomUUID().toString().toUpperCase() + “|” + someImportantProjectToken + “|” + userName + “|” + creationDateTime; StandardPBEStringEncryptor jasypt = new StandardPBEStringEncryptor(); … // this is the authentication token user will send in order to use the web … Read more

Configure the authorization server endpoint

EDIT (01/28/2021): AspNet.Security.OpenIdConnect.Server has been merged into OpenIddict as part of the 3.0 update. To get started with OpenIddict, visit documentation.openiddict.com. Okay, let’s recap the different OAuth2 middleware (and their respective IAppBuilder extensions) that were offered by OWIN/Katana 3 and the ones that will be ported to ASP.NET Core: app.UseOAuthBearerAuthentication/OAuthBearerAuthenticationMiddleware: its name was not terribly … Read more