Is it possible to use the 3-legged OAuth token without having some type of web application? Can you run the redirect URI to a localhost page?
Yes, absolutely. When you define your application, create a callback url like https://localhost:3000/callback. Next, in your code create a local web server which listen port 3000 and wait for the callback.
I wrote an example here - run command:
node forge.js 3legged auto
It should start your browser, and return you the 3legged access_token.
The redirect URI can be set to localhost but you still do need some simple web application to run on the localhost.
If you're looking for inspiration, take a look at how the vscode-forge-tools support a 3-legged token workflow from within Visual Studio Code. It basically starts a temporary localhost server that waits for the callback from Forge: https://github.com/petrbroz/vscode-forge-tools/blob/develop/src/commands/authentication.ts#L15-L55
Related
I want to ask about the Deployment of Forge API by Azure.
I had done it through the resource from Learn Forge, and it seems to work smoothly on the local site, but when I try to publish it, Although it shows permission
after I sign in, it shows 400 error refused, how can I do this for this error?
This is typically caused by an incorrect callback URL for the 3-legged authentication workflow.
When you develop your application locally, you typically set the callback URL (both in your application's code and in https://forge.autodesk.com/myapps) to something like http://localhost:3000/api/forge/callback/oauth).
However, when you deploy your application to Azure, AWS, Heroku, or any other cloud hosting provider, the callback URL must be updated accordingly. For example, if you deploy your application as an Azure Web App, the callback URL could look something like https://my-cool-app.azurewebsites.net/api/forge/callback/oauth. And again, you'll have to change the URL both in https://forge.autodesk.com/myapps, and in your Azure Web App settings.
I'd like to implement kind of SSO for openshift, what I mean: from my webapp a user can open openshift console in a new window without giving his credentials. I've configured Basic Authentication Remote and it's working, can open new window and post username/password but it's looks that openshift is protected with crsf token. Thus not sure if it's possible at all. It seems that developing custom identity provider is not supported either. Any idea ?
PS I'm aware of Request Header Identity Provider but that solution requires my webapp to provide idp functionality (not even sure if it's feasible), also apache (we use nginx), a lot of issues for dev to install it all on a single computer due to port conflicts, valid ssl etc etc
Best option will be to use oauth proxy. See if this helps in your case.
https://github.com/openshift/oauth-proxy
Finally I've implemented SSO using js postMessage to send user/token data and Basic Authentication Remote.
I'm currently testing my application using phpmyadmin as my local web server.
Here's the steps I've taken so far:
In the Test Plan, I added a Thread Group, an HTTP Request Defaults and Recording Controller.
In the Workbench, I added a HTTP(s) Test Script Recorder, and a View Results Tree.
I already removed the contents in the No proxy for field in my browser, after removing that, the View Results Tree is working and is recording the pages I've navigate in my application.
My problems and questions are:
The Recording Controller is not recording the pages I navigated.
What did I do wrong?
Is Recording Controller not applicable for localhost web server testing?
I hope that someone may help me with this. Thank you.
Check in your browser configuration that localhost is not excluded from proxy managed urls.
Also be aware that you shoud use the Recording Template.
In Menu, select File > Templates > Recording.
See:
http://www.ubik-ingenierie.com/blog/templates-or-how-to-speed-up-your-tests-scripting-with-jmeter/
Also please check if you are using correct path for recording in HTTP(s) Test Script Recorder ->Recording controller, also port number should same on HTTP(s) Test Script Recorder and browser proxy.
I was watching the java quickstart video for the google drive API and in that video it is mentioned that when developing real time console application the login flow should be done by :
starting a web browser in the local machine.
opening the native browser and taking the user directly to the authorization link.
making the redirection link as the local host and then let the local server receive the code and then shut down the browser and continue with you app.
but i have no idea how to execute these steps any idea or guidance???
The tiny application on Java quickstart implements these steps. Use "urn:ietf:wg:oauth:2.0:oob" as your redirect URL.
Is it possible to call json service from JavaScript which is behind a windows authenticated web site?
Ultimately, I would like to do this from phonegap but right now trying to do this from browser.
My first attempt was to open a window have the user authenticate against the server and was hoping subsequent JavaScript/ajax requests would send the authentication information with the request. I don't think this is working is desired. I certainly know from phonegap this is not working.