Background: I’ve written client and server stacks for OAuth 1.0a and 2.0. Both OAuth 1.0a & 2.0 support two-legged authentication, where a server is assured of a user’s identity, and three-legged authentication, where a server is assured by a content provider of the user’s identity. Three-legged authentication is where authorization requests and access tokens come … Read more
You should reuse the access token you get after the first successful authentication. You will get an invalid_grant error if your previous token has not expired yet. Cache it somewhere so you can reuse it.
We are actively working on OAuth support for IMAP connections to O365 mailboxes. We will make a public announcement once the same is available.
This isn’t easily achieved as OAuth 2.0 and JSON aren’t easily handled by Bash. Having said that, here’s a basic version that’ll give you the data you’re looking for. The greps could use some cleanup but then again, interpreting JSON with grep is a really bad idea anyway. This is a perfect example of why … Read more
System.Net.Mail does not support OAuth or OAuth2. However, you can use MailKit‘s (note: only supports OAuth2) SmtpClient to send messages as long as you have the user’s OAuth access token (MailKit does not have code that will fetch the OAuth token, but it can use it if you have it). The first thing you need … Read more
You shouldn’t design your application based on specific lifetimes of access tokens. Just assume they are (very) short lived. However, after a successful completion of the OAuth2 installed application flow, you will get back a refresh token. This refresh token never expires, and you can use it to exchange it for an access token as … Read more
It looks like you’re using the Resource Owner Password Credentials OAuth 2.0 flow e.g. submitting username/pass to get back both an access token and refresh token. The access token CAN be exposed in JavaScript, the risks of the access token being exposed somehow are mitigated by its short lifetime. The refresh token SHOULD NOT be … Read more
A lot of the difficulty in implementing OAuth comes down to understanding how the authorization flow is supposed to work. This is mostly because this is the “starting point” for logging in, and when working with a third-party backend (using something like Python Social Auth) you are actually doing this twice: once for your API … Read more
Postman will query Google API impersonating a Web Application Generate an OAuth 2.0 token: Ensure that the Google APIs are enabled Create an OAuth 2.0 client ID Go to Google Console -> API -> OAuth consent screen Add getpostman.com to the Authorized domains. Click Save. Go to Google Console -> API -> Credentials Click ‘Create … Read more