I have earlier set-up JWT authentication for smooch API, and it works fine.Now when I'm trying to authenticate using key_id and secret, it's not authenticating. Is there any way to enable both the authentication or revert back to key/secret authentication.
Related
Our EWS managed API application is currently using basic authentication with service account.
We are planning to change it to use OAuth authentication due to basic authentication won't work in 2020.
Will OAuth works with windows service in which there will be no user interaction? can we use OAuth Token from Azure AD when making EWS requests to read, update and delete user's calendar for on-prem exchange server and exchange online?
OAuth will work with a Windows service, using client credentials flow, AKA two-legged OAuth. Until Exchange 2019 appears, you can only do this with Exchange Online and Azure AD tokens.
One other thing: not only won't Basic Auth work in 2020, but I believe all of EWS will be deprecated in lieu of the Graph API by 2020.
I'm attempting to understand how spring boot uses http sessions to manage the oauth authorization code flow.
I understand that after the user submits their credentials via the /login form spring will persist the authentication object so it can be retrieved when the browser is redirected to retrieve the authorization code.
What I dont understand is if the browser needs to sends jsession cookie to the server or http basic authentication header when invoking this flow.
For example if I wanted to initiate the flow manually via curl do I need to specify any special headers ?
It doesn't use HTTP sessions to persist it, the client ID and authorisation code (the code that's passed back to the client app after the user authenticates) is used to identify the authentication object. The authorisation code is then used to obtain the access token.
So:
The client app redirects to the auth server, passing in their client ID.
The user authenticates with their username and password on the auth server , which stores the authentication against the code and client ID and passed the authorisation code back to the calling app as a request param on the redirect URL.
The client app calls back to the auth server, authenticating with it's client ID and secret and passing in the authorisation code. This is then swapped for the access (and possible refresh) token.
If the app needs the user details, the client app calls the user details endpoint authenticating with the access token it now has.
I am facing the following problem.
I have to log in users in Openshift using Keycloak and then these users should be able to use the Openshift API using a custom external Web GUI which I made.
When I log in, Keycloak returns a Keycloak JWT-token. But my problem is that with this Keycloak JWT-token I cant use the Openshift API, for that I need an Openshift token, which is a different token. I could get the Openshift token using an http request to -openshiftmaster-/oauth/authorize , But I don't wanna do this cause this second authentication would mean a second login screen for the user.
Is there a way, once logged in usingKeycloak and in possession of a Keycloak JTW-token, to get the Openshift token without having to authenticate again against Openshift with username and password?
You can set up keycloak as an open id provider. Link 2. Link 3.
Can we authenticate against OpenShift enterprise 3.2 or 3.3 REST API's using username and password instead of tokens?
Thanks much in advance!
As stated in openshift documentation:
Requests to the OpenShift Container Platform API are authenticated using the following methods:
OAuth Access Tokens
Obtained from the OpenShift Container Platform OAuth server using the /oauth/authorize and /oauth/token endpoints.
Sent as an Authorization: Bearer… header or an access_token=… query parameter
X.509 Client Certificates
Requires a HTTPS connection to the API server.
Verified by the API server against a trusted certificate authority bundle.
So you need to authenticate using either of these ways
I am building a "proxy client" extension for chrome and i have following scenario:
Users can login to the extension and get a token from API. Tokens are valid for 2 hours.
After login users can select a proxy server from a list and that proxy is set with chrome.proxy api.
I am using Squid on proxy servers. When a user connects to a proxy server and lands on onAuthRequired i return email and token as authCredentials.
Chrome uses those credentials from cache until token is not valid anymore and proxy server responses "407, Proxy Authentication Required". Now the problem i am facing here is when i login with another username on same browser and connect to same proxy server it still sends old users credentials to the server because they are still valid. My question is how can delete chromes proxy auth cache so that it lands onAuthRequired again and i can return new users Credentials.
I tried to modify the response from proxy server to "407, Proxy Authentication Required" when user makes his first request over the proxy server to force a onAuthRequired but its not working. Chrome still uses cache and still returns credentials from old user to the proxy server.
Have you tried to hook up another event handler within the webRequest API in order to manipulate the http headers before Chrome takes on authentication?
E.g. onBeforeSendHeaders or onHeadersReceived