Questions tagged [oauth]
The oauth tag has no usage guidance.
56
questions
0
votes
0
answers
43
views
Best design pattern for integrating Google OAuth with existing JWT token-based authentication system
We currently have a backend authentication mechanism in place that utilizes JWT tokens. Users sign in or sign up using email and password, and upon successful authentication, the backend issues JWT ...
0
votes
0
answers
49
views
API authentication for iOS applications
I am currently working on my own iOS application and am going to be using a locally developed API for fetching data. I wanted to outline my current account sign-in architecture and verify this is ...
0
votes
1
answer
432
views
Any way to forward an auth session from OAuth system to another system (with API key)?
Description
This is a long shot, but I'm in dire need of advice. If you know of a more appropriate forum for this type of question please share!
I'm working with a legacy OAuth system using email + ...
0
votes
2
answers
456
views
If my API depends on a third party OAUTH2 provider (Microsoft) - how do I write tests to test my API endpoints?
this is a followup question to the following StackExchange question -
If you had a medium size company, several developers - but zero tests written in your REST API's - where would you start?
At the ...
0
votes
0
answers
42
views
Synchronising OIDC Provider and User Table
I asked this question on SO which is related to this.
In this question, I propose exchanging a token from my OIDC provider for a token in my own custom OIDC provider, which becomes the ultimate token ...
-1
votes
1
answer
837
views
Can I call a WCF endpoint from ASP.Net Web API?
I have a web api with controller methods that use rest http(post/get calls).
Clients consume this API with normal httpclient calls and I pass an http response back.
My use case is I have a legacy ...
1
vote
1
answer
426
views
Passing an OAuth Token between services with Zero Trust and audience checks
Let's say, we're using an OAuth / OpenID Connect (OIDC) flow (in a Zero-Trust situation) to secure two APIs: ServiceA and ServiceB. To implement some of the functionality of ServiceA, it depends on ...
1
vote
1
answer
206
views
Best way to renew OAuth token before expiry
I am building a simple application built in Rails that allows the client to connect to a third party api to sync customer data.
The customer inputs their username and password and my application ...
3
votes
1
answer
439
views
Store OAuth 2.0 tokens for use in testing and CI/CD
I have a web application where users must authenticate with a 3rd-party OAuth 2.0 service in order to do what they need to do in the app. On initial registration/login, they will connect with the ...
1
vote
0
answers
53
views
Defining custom OIDC provider with delegating authentication to another OIDC provider and using own authorization database
I wanted to ask about your ideas on how to solve the problem that I have to solve in my application (App1). This is the classic Fronted + Backend (Angular + Java EE) application to which I am ...
0
votes
0
answers
51
views
Proper way to use oauth with external auth server and an api
I have an api server that relies on an auth server (both owned by the same company). Once the client gets a grant from the auth server, it is no longer needed, because the only information I need from ...
0
votes
1
answer
159
views
OAuth2.0 Grant Type for User Logged In With Google
I have a confusion. So, in OAuth2.0 there are 4 types of Grant (Authorization Code, Password, Client Credentials and Implicit). In my use case, I have two login scenario. The first one is using ...
6
votes
1
answer
1k
views
Client generated JWT
I'm working with a 3rd party company who are providing an API along with an unusual security approach.
The security approach is essentially using a JWT by itself (no oauth). What's odd is that they'...
13
votes
1
answer
4k
views
How to handle per-resource (fine grained) permissions in OAuth?
I'm designing an app architecture using OAuth 2.0. I have a separate Resource Server and Authorization Server. The latter keeps a database of users and the scopes available to them.
Now, my question ...
1
vote
1
answer
769
views
JWT with shared secret to share data between services of different vendors
We offer a platform that provides certain data processing services. All our APIs are accessible via RESTful services. All services require authentication and authorization to work properly (user/...