This question isn’t duplicate AT ALL. I hope this help others not spending days like I have spent. After almost 4 days I have found out how to get a fresh access token in the google api using OWIN. I’m going to post the solution, but first, I MUST say that what helped me to … Read more
OAuth is a specification for authorization OAuth 2.0 is a specification for authorization, but NOT for authentication. RFC 6749, 3.1. Authorization Endpoint explicitly says as follows: The authorization endpoint is used to interact with the resource owner and obtain an authorization grant. The authorization server MUST first verify the identity of the resource owner. The … Read more
The Google APIs Client Library for Java is as the name suggests a library for accessing Google APIs and it is available for several platforms such as Java (in general) and Android while the Google Play Services and GoogleAuthUtil is only available on Android. By looking at the wiki page of the project it is … Read more
The authentication flow must happen in a visible browsing context, not with a fetch request. In other words: You must navigate the current tab to (or open a new tab at) http://localhost:8000/api/mail/login, the tab will then be redirected to https://accounts.google.com/o/oauth2/v2/auth?… and this page becomes visible. Now the user must interact with that page to choose/confirm … Read more
For me the https://api.linkedin.com/v1/people/~?format=json&oauth2_access_token=[accessToken] didn’t work. Adding reguest header Authorization: Bearer [accessToken] didn’t work until I went through linked in sdk and tested and found out that they also require you to add request header x-li-src: msdk With those two headers the call https://api.linkedin.com/v1/people/~?format=json worked. Hopefully Linkedin fixes this undocumented requirement soon…
I believe you are getting the Unable to unprotect the message.State error because one of your OIDC providers is trying to decrypt/unprotect the message state of the other one. (The message state is just a random string to help with security.) I suggest that you name the AuthenticationSchemes for each OIDC provider like oidc-demo and … Read more
There used to be another property auth-server-url-for-backend-requests but was removed by pull request #2506 as a solution to issue #2623 on Keycloak’s JIRA. In the description of this issue, you’ll find the reasons why and possible workarounds: that should be solved at the DNS level or by adding entries to the host file. So there … Read more
Make sure you have set your cookie-policy to a value other than none in your sign-in button code. For example: function handleAuthClick(event) { gapi.auth.authorize( { client_id: clientId, scope: scopes, immediate: false, cookie_policy: ‘single_host_origin’ }, handleAuthResult); return false; } Note that sign out will not work if you are running from localhost.