Stack Overflow
Stack Overflow

Questions tagged [access-token]

Access Token is the last token acquired during the OAuth authentication process.

4002 questions
41
votes
9 answers

Cannot clone git from Azure DevOps using PAT

I cannot clone a simple repository from Azure DevOps. OS: Ubuntu 18.10 I do this: Got to Azure DevOps Click on the top right corner on my user name Go to the security tab Create a PAT with all the scope (to be sure there is no scope problem) Copy…
Jose
  • 1,389
  • 3
  • 16
  • 25
36
votes
10 answers

How to get a Facebook access token on iOS

iOS beginner here. I have the following code: [facebook authorize:nil delegate:self]; NSString *string1=[facebook accessToken]; NSLog(string1); The log shows:…
John
  • 5,835
  • 8
  • 28
  • 36
35
votes
5 answers

Why are Refresh Tokens considered insecure for an SPA?

I was reading the documentation on the Auth0 site regarding Refresh Tokens and SPA, and they state that SPA's should not use Refresh Tokens as they cannot be securely stored in a browser, and instead use Silent Authentication instead to retrieve new…
Eric B.
  • 23,425
  • 50
  • 169
  • 316
34
votes
3 answers

Do OAuth2 access tokens for a mobile app have to expire?

The accepted answer here as to why OAuth2 access tokens expire: Many providers support bearer tokens which are very weak security-wise. By making them short-lived and requiring refresh, they limit the time an attacker can abuse a stolen token.…
Thilo
  • 257,207
  • 101
  • 511
  • 656
31
votes
8 answers

Getting access tokens from Postman: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests

We recently made a switch from Implicit Grant Flow to Authorization Code Flow with PKCE for our application, and now we're having some trouble getting access tokens from Azure AD from Postman. The app is registered in Azure AD and we're basically…
PalBo
  • 2,203
  • 3
  • 22
  • 43
31
votes
2 answers

OAuth Refresh Token Best Practice

I am implementing OAuth for a project, and I want to know the best way to handle refresh tokens. The API I call will return a JSON object with access_token, expires_in, and refresh_token. So I was wondering, is it better to: Calculate the time when…
Angel Gao
  • 478
  • 1
  • 5
  • 12
29
votes
1 answer

why isn't it possible to steal an access token?

I'm learning OAuth and I have a question in head I can't find an anwser.. I understood request token to authorize or not an application to use the API. But once the user got an access token, what happens if someone steal his access token? Imagine…
Julien
  • 401
  • 1
  • 5
  • 12
29
votes
3 answers

How to update GitHub authentification token on Rstudio to match the new policy?

While pushing a commit to GitHub yesterday, I received an email from the GitHub team: Basic authentication using a password to Git is deprecated and will soon no longer work. Visit…
Rosalie Bruel
  • 1,423
  • 1
  • 10
  • 22
29
votes
2 answers

How to get access token from GoogleCredential?

I am trying to get an access token to use the Google Play Android Developer API, and I got this far using the Google API Java Client documentation example: HttpTransport HTTP_TRANSPORT = new NetHttpTransport(); JsonFactory JSON_FACTORY = new…
Kalina
  • 5,504
  • 16
  • 64
  • 101
27
votes
2 answers

SignInAsync vs AuthenticateAsync

I finally got my login-method with JWT Token Authentication working. Here I'm calling await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, ClaimsPrincipalFactory.CreatePrincipal(claims), authProps); I also…
Matthias Burger
  • 5,549
  • 7
  • 49
  • 94
27
votes
5 answers

eBay oauth token and refresh tokens

been struggling for couple of days with eBay token authentication. I am finding it hard to understand how to fetch new tokens, after signing up for a developer program account, I requested the key-set and got them, afterwards I grant access on…
simultsop
  • 740
  • 1
  • 12
  • 31
27
votes
2 answers

Check if user is logged in with Token Based Authentication in ASP.NET Core

I managed to implement this token based authentication system in my application, but I have a little question. How can I check if a user is signed it (eg if the there is a valid token in the request) within the method? So with the [Authorize] ? So I…
user2657943
  • 2,598
  • 5
  • 27
  • 49
26
votes
1 answer

What is signed authentication token?

Currently I'm learning about JWT and started with the token based authentication. I don't understand the sentence from the article: Token based authentication works by ensuring that each request to a server is accompanied by a signed token which…
Artem Malchenko
  • 2,320
  • 1
  • 18
  • 39
26
votes
7 answers

How should I use artifactory access token for access to npm repo

I would like to use an access token to publish and retrieve from an artifactory npm repo from a CI environment. I have created a Bearer token using the artifactory API but when I try and use that for access in the .npmrc with the…
Robin Southgate
  • 487
  • 1
  • 5
  • 11
26
votes
1 answer

Do cookies protect tokens against XSS attacks?

I'm building a JWT-based (JSON Web Token) authentication mechanism for an browser-based Javascript web app, working with a stateless server (no user-sessions!) and I want to know, once and for all, if using storing my JWT token in a cookie will…
Rhubarb
  • 34,705
  • 2
  • 49
  • 38
1 2
3
99 100