OAuth is a specification for authorization OAuth 2.0 is a specification for authorization, but NOT for authentication. RFC 6749, 3.1. Authorization Endpoint explicitly says as follows: The authorization endpoint is used to interact with the resource owner and obtain an authorization grant. The authorization server MUST first verify the identity of the resource owner. The … Read more
State and nonce seem to be similar. But if you dig deep, you will find that they serve different purposes. State is there to protect the end user from cross site request forgery(CSRF) attacks. It is introduced from OAuth 2.0 protocol RFC6749. Protocol states that, Once authorization has been obtained from the end-user, the authorization … Read more
Here is some code I wrote for a PHP -> NS integration using Restlets and OAuth: define(“NETSUITE_URL”, ‘https://rest.netsuite.com/app/site/hosting/restlet.nl’); define(“NETSUITE_SCRIPT_ID”, ‘XXXXXX’); define(“NETSUITE_DEPLOY_ID”, ‘XXXXXX’); define(“NETSUITE_ACCOUNT”, ‘XXXXXX’); define(“NETSUITE_CONSUMER_KEY”, ‘XXXXXX’); define(“NETSUITE_CONSUMER_SECRET”, ‘XXXXXX’); define(“NETSUITE_TOKEN_ID”, ‘XXXXXX’); define(“NETSUITE_TOKEN_SECRET”, ‘XXXXXX’); function sendOrderToNS($details) { $data_string = json_encode($details); $oauth_nonce = md5(mt_rand()); $oauth_timestamp = time(); $oauth_signature_method = ‘HMAC-SHA256’; $oauth_version = “1.0”; $base_string = “POST&” . urlencode(NETSUITE_URL) … Read more
I just used and tested it using Try It. I tested it with all of the different scopes. https://www.googleapis.com/auth/plus.login Know your basic profile info and list of people in your circles. https://www.googleapis.com/auth/plus.me Know who you are on Google https://www.googleapis.com/auth/userinfo.email View your email address https://www.googleapis.com/auth/userinfo.profile View basic information about your account It doesn’t appear to matter … Read more
You don’t have to upload an extension to the Chrome Web Store in order to use the chrome.identity API. It suffices to have a valid extension ID. The easiest way to get started is to copy the 32-character extension ID from chrome://extensions/ to your project’s credentials section at the API console see screenshot below. Though … Read more
Try set this property to see if it helps, http.keepAlive=false I saw similar problems when server response is not understood by UrlConnection and client/server gets out of sync. If this solves your problem, you have to get a HTTP trace to see exactly what’s special about the response. EDIT: This change just confirms my suspicion. … Read more
Google has dropped support for the accepted answer above! After April 20th 2017 use of the In-App browser as described by @Deep Mehta will no longer be supported. If you use the accepted answer then it is going to start failing very soon. Here’s Google’s post about the change: https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html Luckily there’s a new plugin … Read more
There is a JS client implementation for OAuth here: https://developers.google.com/identity/protocols/OAuth2UserAgent It contains example code to get you running. Basically, what you do is this: var url = “…”; var accessor = { token: “…”, tokenSecret: “…”, consumerKey : “…”, consumerSecret: “…” }; var message = { action: url, method: “GET”, parameters: {…} }; OAuth.completeRequest(message, accessor); … Read more
If you want to change the email address that is displayed to the user you have to: Add permission for the new email address to handle the project: Menu > IAM & Admin > IAM, then click on the Add button, enter the email address and select Role > Project > Owner Accept the invitation … Read more
For user check, just post get the access token as accessToken and post it and get the response https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=accessToken you can try in address bar in browsers too, use httppost and response in java also response will be like { “issued_to”: “xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com”, “audience”: “xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com”, “user_id”: “xxxxxxxxxxxxxxxxxxxxxxx”, “scope”: “https://www.googleapis.com/auth/userinfo.profile https://gdata.youtube.com”, “expires_in”: 3340, “access_type”: “offline” } The … Read more