oauth - w3toppers.com

How to validate an OAuth 2.0 access token for a resource server?

Google way Google Oauth2 Token Validation Request: https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=1/fFBGRNJru1FQd44AzqT3Zg Respond: { “audience”:”8819981768.apps.googleusercontent.com”, “user_id”:”123456789″, “scope”:”https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email”, “expires_in”:436 } Microsoft way Microsoft – Oauth2 check an authorization Github way Github – Oauth2 check an authorization Request: GET /applications/:client_id/tokens/:access_token Respond: { “id”: 1, “url”: “https://api.github.com/authorizations/1”, “scopes”: [ “public_repo” ], “token”: “abc123”, “app”: { “url”: “http://my-github-app.com”, “name”: “my github app”, … Read more

Can I really not ship open source with Client ID? [closed]

On November 5th 2014 Google made some changes to the APIs terms of Service. Like you I had an issue with the following line. Asking developers to make reasonable efforts to keep their private keys private and not embed them in open source projects. I have several open source projects on GitHub they are basically … Read more

How is OAuth 2 different from OAuth 1?

Eran Hammer-Lahav has done an excellent job in explaining the majority of the differences in his article Introducing OAuth 2.0. To summarize, here are the key differences: More OAuth Flows to allow better support for non-browser based applications. This is a main criticism against OAuth from client applications that were not browser based. For example, … Read more

Get user info via Google API

Add this to the scope – https://www.googleapis.com/auth/userinfo.profile And after authorization is done, get the information from – https://www.googleapis.com/oauth2/v1/userinfo?alt=json It has loads of stuff – including name, public profile url, gender, photo etc.