oauth-2.0 – Make Me Engineer

Javamail api in android using XOauth

I researched this for some days and I found a solution that is working for me at the moment. I get the oauth2 token from the android AccountManager and then send the email via SMTP using JavaMail. The idea is based on the Java example here http://code.google.com/p/google-mail-oauth2-tools/wiki/JavaSampleCode and on this java Xoauth example here http://google-mail-xoauth-tools.googlecode.com/svn/trunk/java/com/google/code/samples/xoauth/XoauthAuthenticator.java … Read more

Adding http headers to window.location.href in Angular app

When you use $window.location.href the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization with your token value. You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want … Read more

Can you get a public Facebook page’s feed using Graph API without asking a user to allow?

If you’re anything like me your clients won’t want a standard Facebook likebox plugin, they’ll want it all styled and customised their own way. You don’t need to spend all day going round the official documentation wondering if any of it applies to you for something simple like this, it’s quite easy. The confusion arises … Read more

Error: invalid_request device_id and device_name are required for private IP

An alternative to editing a hosts file is to use the “Magic DNS” service https://nip.io/ nip.io is a magic domain name that provides wildcard DNS for any IP address. Say your LAN IP address is 10.0.0.1: 10.0.0.1.nip.io resolves to 10.0.0.1 (dot syntax) 192-168-1-250.nip.io resolves to 192.168.1.250 (dash syntax) 0a000803.nip.io resolves to 10.0.8.3 (hex syntax) foo.bar.10.0.0.1.nip.io … Read more

Access to Google API – GoogleAccountCredential.usingOAuth2 vs GoogleAuthUtil.getToken()

The Google APIs Client Library for Java is as the name suggests a library for accessing Google APIs and it is available for several platforms such as Java (in general) and Android while the Google Play Services and GoogleAuthUtil is only available on Android. By looking at the wiki page of the project it is … Read more

Is it possible to use OAuth 2.0 without a redirect server?

Yes, it is possible to use OAuth2 without a callback URL. The RFC6749 introduces several flows. The Implicit (now deprecated[1]) and Authorization Code grant types require a redirect URI. However the Resource Owner Password Credentials (deprecated as well[1]) grant type does not. Since RFC6749, other specifications have been issued that do not require any redirect … Read more

Should jwt web token be encrypted?

JWT (RFC7519) is just a compact way to safely transmit claims from an issuer to the audience over HTTP. JWT can be: signed (JWS – RFC7515) encrypted (JWE – RFC7516) signed then encrypted (this order is highly recommended). The whole JWS is the payload of the JWE encrypted then signed. It makes sense to encrypt … Read more

OAuth Authorization vs Authentication

OAuth is a specification for authorization OAuth 2.0 is a specification for authorization, but NOT for authentication. RFC 6749, 3.1. Authorization Endpoint explicitly says as follows: The authorization endpoint is used to interact with the resource owner and obtain an authorization grant. The authorization server MUST first verify the identity of the resource owner. The … Read more

Difference between OAuth 2.0 “state” and OpenID “nonce” parameter? Why state could not be reused?

State and nonce seem to be similar. But if you dig deep, you will find that they serve different purposes. State is there to protect the end user from cross site request forgery(CSRF) attacks. It is introduced from OAuth 2.0 protocol RFC6749. Protocol states that, Once authorization has been obtained from the end-user, the authorization … Read more

YouTube Data API v3: video upload from server without opening the browser

+ More