Stack Overflow
Stack Overflow

Questions tagged [access-token]

Access Token is the last token acquired during the OAuth authentication process.

4002 questions
26
votes
3 answers

What are the pros/cons of using JWE or JWS

I'm trying to implement an authentication token system, so I want to know the pros/cons of using JSON Web Encryption (JWE) or JSON Web Signature (JWS), and if it make sense to use both (a JWE inside a JWS).
mike83_dev
  • 481
  • 1
  • 6
  • 11
26
votes
2 answers

Access token for anonymous users - JWT

I have been making research to switch to a community supported authorization system rather than the one I've built. I made the mistake of rebuilding the wheel, instead of implementing a community driven system that utilizes the best practices.…
Ilyas Serter
  • 810
  • 1
  • 8
  • 12
26
votes
2 answers

Request new access token using refresh token in username-password grant in Spring Security OAuth2

We're using the username-password grant to obtain an access token from our auth server. We want to refresh the access token before it expires using the provided refresh token until the user logs out or closes the client app. However I just cannot…
Pete
  • 10,720
  • 25
  • 94
  • 139
25
votes
1 answer

What is supposed to be the redirect_uri when getting access token in facebook app?

$token_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $app_secret . "&code=" . $code; What is supposed to be the redirect_uri? I tried using…
user1004404
  • 259
  • 1
  • 3
  • 3
25
votes
1 answer

linkedin "this application is not allowed to create application tokens"

My main problem is getting the token. I can’t go further than this step. In the Linkedin API's docs there are two ways described to obtain the token. Witch is the correct one? 1) …
Cess Bucle
  • 277
  • 1
  • 3
  • 3
25
votes
1 answer

Pass jwt refresh token on header or body

When access token is expired, it should re-issued refresh token. At this point, I'm little hesitate which method is better. For access token, it passed HTTP header per every request. pass refresh token on HTTP header. pass refresh token on HTTP…
sungyong
  • 2,267
  • 8
  • 38
  • 66
25
votes
2 answers

How to save Oauth Access token securely in android

I have access token from the server after authentication lets say "uyhjjfjfgg567f8fhjkkf" now I want to save it in the device securely. I looked in Keystore and Keychain in android developer sites. I dont clearly understand how it works and how we…
George Thomas
  • 4,566
  • 5
  • 30
  • 65
25
votes
1 answer

Authenticating Sharepoint site from background service and uploading file

I'm trying to authenticate up against Sharepoint so that it's possible for me to upload files onto a specific Sharepoint site. I'm trying to use an X.509 certificate to retrieve the access token, but I keep getting (401): Unauthorized. Here's the…
Detilium
  • 2,868
  • 9
  • 30
  • 65
25
votes
3 answers

May an OAuth 2.0 access token be a JWT?

From what I can tell, the OAuth 2.0 specification is extremely vague in terms of what form an access token should take: The token may denote an identifier used to retrieve the authorization information or may self-contain the authorization…
bjmc
  • 2,970
  • 2
  • 32
  • 46
24
votes
3 answers

Access google plus client from multiple activities

I'm developing an application in which i have integrated google plus. So far Its working fine, I am able to retrieve the user profile. But now i want to do the following: 1)I have two activity signInActivity and shareActivity. 2)If user is already…
dd619
  • 5,910
  • 8
  • 35
  • 60
23
votes
1 answer

What's the whole point of a JWT refresh token?

I've been reading about this for a while, and nothing makes sense, and the explanations are conflicting, and the comments are proving that. So far what I understood is that JWTs are storing information encoded by the server, can have expiry times,…
Gergő Horváth
  • 3,195
  • 4
  • 28
  • 64
23
votes
5 answers

Handle 400 Bad Request From WebApi In Angular 6 (using HttpClient)

Below is an Asp.net Core WebAPI which returns bad request with Error details as to its param when let's say duplicate a user is trying to register. public async Task Register([FromBody] RegisterModel registerModel) { if…
Jason
  • 325
  • 2
  • 4
  • 12
23
votes
4 answers

Get user data using access token in laravel passport client app

I have successfully created server.app and client.app using Laravel Passport documentation. Everything works as expected. client.app Route: Route::get('callback', function (Request $request) { $http = new GuzzleHttp\Client; $response =…
Tauras
  • 3,846
  • 3
  • 21
  • 36
23
votes
4 answers

Is there still a way to fetch instagram feed without using access token now (06/2016)?

I have an issue that my Instagram API access token keeps expiring frequently and I red the document and understood that although the token wouldn't expire generally, Instagram may decide to expire a token any time for any security reason or whatever…
Ryan
  • 233
  • 1
  • 2
  • 4
23
votes
4 answers

NodeJS REST authentication using Passport and OAuth2 + social network

I'm working on REST api using NodeJS. For authentication I decided to use Passport. I want truly RESTful api. So it means I have to use tokens instead of sessions. I want to let users login using username and password, or using social networks like…
Stepan Sanda
  • 2,322
  • 7
  • 31
  • 55
1 2 3
99 100