With our IdP server team we discussed while implementing code authorization flow with OIDC and they proposed to add a new http/query parameter to the http call to token endpoint named "resourceServer", would you say it should be possible to…
I requested authorization for a public application to be able to access store data via the Shopify API. The store successfully authorized my application via an authorization request URL such as https://some-store.myshopify.com/admin/oauth/authorize?client_id=123abc&scope=read_inventory%2Cread_products&redirect_uri=http%3A%2F%mysite.com%2Fauth.php&state=123456 and the response was passed back to my…
I'm trying to implement OAuth2 server for a RESTfull API with a login option through social platforms (Github, Facebook, Instagram) using Python and Falcon web framework. But I've struggled to understand how this thing should work. My current understanding led…
I've successfully provisioned apache web server using mod_auth_openidc to protect our internal dashboards, using Auth0 and Google App Oauth, described in this documentation: - https://github.com/zmartzone/mod_auth_openidc#openid-connect-sso-with-google-sign-in - https://auth0.com/docs/quickstart/webapp/apache/01-login (without using auth0 rule pipeline) My question is how to pass the user's…
I'm trying to understand the basic organizations and login flow between social logins on a mobile app and how that app requests resources from a backend flask api. If the user logins into the app through Facebook, how does the…
For the past 10+ days I've read an watched ALL the content I could find on understanding OAuth2 and OpenID Connect, only to find that many people disagree on the implementation, which really confuses me. To my understanding, all the…
I'm creating a new application with a set of microservices and frontend using React. I have my own auth server using Oauth. Ideally I want to keep the user login and register process within the React app as I own…
I am building an application using JWT for authentication. I started doing some research and I am surprised by the lack of consensus about topics such as refresh tokens and storage for tokens. As far as I can see JWT…
From what I understand, the end-result of the implicit flow is the access token, which allows the client (in my case a JS SPA) to authenticate into resource servers (APIs). The access token is usually only valid for ~1 hour,…
I currently have a web project for a game and I want users to be able to login to share stuff, that is currently done (and neatly working) using google's firebase authentication. But I want people to be able to…