I'm reading about this OAuth2 but I can't find anything to get my token from JHipster I saw an api to connect to google , facebook... but nothing to JHipster.
My JHipster is already set up and running but i can't find this url/methods.
Does JHipster come with default url to get request and access token? and how can I retrieve that from my android app?
It is ​http://localhost:8080/oauth/token
Look at src/main/webapp/scripts/components/auth/provider/auth.oauth2.service.js for more information.
Related
I am trying to integrate the Facebook SDK into a client-server Android application and can't find a way to delegate the code->access token exchange step to the server-side. The app uses a non-encrypted connection, so acquiring the access token on the client and sending it to the server is not desirable.
Other OAuth providers (e.g. Google) have a way to configure the SDK to not perform the exchange and only return a temporary token (code in Facebook's terms).
Facebook docs mention the "code flow" without giving any particular details.
Is it possible? If so, then how can I do it?
Looking through the SDK docs, reference and code yielded no results. Requesting only the code token does not seem to be possible
I have integrated PayPal SDK in my android app and done transaction successfully in sandbox environment.Now the second step mentioned in docs is verification . I tried to hit rest Api with payment id in browser but it dint give me any response . So please tell me the proper way of verification .Here is the link I have followed
Also I have got client secret key but dont know where to use it . Will it be needed in verification process ?
Yes, you will need your ClientID and Secret to generate an Access Token that will then be used in subsequent Payment Lookup call. More information on creating the Access Token can be found here under step 2 of Getting an Access Token. That Access Token is then used in the payment lookup API call that you see on the Verify Mobile Payment link you provided in your question. More information/samples of a RESTful Payment Lookup call can be found here as well.
My Android app needs to send an authorization code to my server so that the server can use that to acquire an access token for the user's Google Drive account. I have been trying to figure out how to acquire the authorization code and I found this in the Google API documentation (Using OAuth 2.0 for Installed Applications):
This sequence starts by redirecting a browser (system browser or
embedded in the application as a web view) to a Google URL with a set
of query parameters that indicate the type of Google API access the
application requires. Like other scenarios, Google handles the user
authentication and consent, but the result of the sequence is an
authorization code. The authorization code is returned in the title
bar of the browser or as a query string parameter (depends on the
parameters sent in the request).
After receiving the authorization code, the application can exchange
the code for an access token and a refresh token. The application
presents its client_id and client_secret (obtained during application
registration) and the authorization code during this exchange. Upon
receipt of the refresh token, the application should store it for
future use. The access token gives your application access to a Google
API.
Now I am not sure how to get this authorization code in my Android app since the Android examples I have seen seem to get the access tokens directly. I am looking at the Android AccountManager class and it has a method getAuthToken but this seems to refer to the access token and not the authorization code.
So how does one acquire the authorization code that can be shared with a server? If it is possible I would greatly appreciate some example code. If this is not possible what are the possible workarounds?
You may want to take a look at the Cross-client Identity document. It should keep you from needing to pass user tokens back and forth.
I believe you can actually take the access token returned by the Android AccountManager, send this to your server, then have your server make a call against the Google Drive API using that same access token - it is a bearer token and not bound to the channel that created it, so please take good care of it and only send over encrypted connections.
Documentation on how to get that access token can be found here:
https://developers.google.com/drive/quickstart-android
While that access token is good for immediate use, it will expire in less than 1 hour, so if you are looking for a solution that enables your backend server to have continued access to the Drive data, without the user being present at your app at the time of request, an alternate approach will be needed.
Is there a way to request for offline access using the Google play services sdk on android? I know that the raw HTTP api has an option to do this by requesting for a refresh token, but couldn't find a way to do it via the new Google Play services sdk.
The new sdk gives the app an access token using the GoogleAuthUtil.getToken() method, but the access token expires every hour. I could make the raw http request and have the user sign in from a web view or the browser, but would prefer a way to do it natively using the sdk, since that is a much better experience for the user.
Searching the Google docs near and far, it does look like that this is possible. Google calls this "Cross-client Identity" under its "Hybrid Apps" category.
You can apparently massage the string for the scope parameter you pass into GoogleAuthUtil.getToken(...) method to coax it into returning an "Authorization Code" rather than an OAuth2 Token. (For the difference between these, I've found this chart helpful.)
The details are here, specifically the last section titled "Android app obtains offline access for Web back-end".
It seems you'll need to pass in the following as "scope" string to getToken:
oauth2:server:client_id:<your_server_client_id>:api_scope:<scope_url_1> <scope_url_2> ...
The doc then claims this:
In this case, GoogleAuthUtil.getToken() will first require that the
user has authorized this Project for access to the two scopes.
Assuming this is OK, it will return, not an OAuth token, but a
short-lived authorization code, which can be exchanged for an access
token and a refresh token.
Disclaimer: I've not tried this myself yet; our Android developer will shortly. Please report if this is working for you.
I am trying to use Google Calendar API from Android client. I have opted OAuth 2.0 for Installed Apps instead of Account Manager for some reasons.
https://developers.google.com/accounts/docs/OAuth2InstalledApp
I have registered my application on Developer API Console and hence I have client_id and redirect uri. The console does not show client_secret.
I have recieved Authorization code from the google server which is 4/XdlW5dvFW3OWCnKdeG8yDOOjYGAw
https://accounts.google.com/o/oauth2/token?
code=4/XdlW5dvFW3OWCnKdeG8yDOOjYGAw&
client_id=54957922365-fjaa2quhukho8sr5bkpkoq8038vdjh9m.apps.googleusercontent.com&
redirect_uri=urn:ietf:wg:oauth:2.0:oob&
grant_type=authorization_code
If I make this HTTPS URL with the mentioned parameters, I recieve 405 Error Method not allowed in my code.
As specified in the URL above, I have added the parameters but am not able to exchange the auth code with access token.
Does anyone has any idea why I am not getting access token while I am able to retrieve authorization code?
Thanks for the code snippet but I was not posting the link on browser, I have written proper android HTTPS code in Android Project. Just for the reference I shared the url.
I have solved this issue. To help other developers, I am attaching the code:
https://github.com/misskhushboo/Code-Snippets.git