Stack Overflow
Stack Overflow

Questions tagged [access-token]

Access Token is the last token acquired during the OAuth authentication process.

4002 questions
1
vote
0 answers

HTTP 401 Unauthorized when calling web method using a personal token as authorization

I am trying to call this web api using postman. In order to use it you must apply for a personal token via email before (see here at the beginning of the page indicated as "Personal token request", you must send an email requesting a personal…
Astro
  • 367
  • 1
  • 3
  • 17
1
vote
1 answer

Access token does not include scopes declared in Identity Server 4

Following roughly Scott's guide, I got it to work with authorization code flow. However, When I investigate the well-known, I see that junky_scope is listed as supported. My client and API scope/resource are declared as follows. The claims in the…
Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438
1
vote
1 answer

Is silent_redirect_uri obsolete when using grant type Code

I have a question about refresh access tokens. I am using IdentityServer 4.1.2 with the following configuration: new Client { ClientId = "myid", AllowedGrantTypes = GrantTypes.Code, RequireClientSecret = false, AccessTokenLifetime = 3600, …
Jacob Egholm
  • 13
  • 2
1
vote
1 answer

Best place to implement Refresh token functionality in .Net Core?

We want to generate a new access token using a refresh token in the identity server. We want to implement a similar scenario as of SPA application(Silent renew token in react, angular). For now, we have implemented it in the Index section but the…
Harshitha
  • 11
  • 1
1
vote
1 answer

Should oauth creds ever be stored in a database?

I am connecting with a 3rd party via oauth2, on behalf of an organisation. That means 1 user will login to the third party service via the oauth flow, and then every other user should be able to access the third party's data. What are the security…
be2213444
  • 607
  • 1
  • 4
  • 10
1
vote
2 answers

JWT auth flow using access token and refresh token

I'm working on a project (nothing production-level, only for leveling up my skills) and I'm using JWT to handle authentication. From what I've read, using a JWT only as an access token is quite unsafe, and hence we need refresh tokens. So, on login,…
mudkipest
  • 13
  • 2
1
vote
2 answers

how to change permissions for current view overriding the DEFAULT_PERMISSION_CLASSES in django rest-framework

how to change permissions for current view overriding the DEFAULT_PERMISSION_CLASSES in django rest-framework Here is how i set my defaultpermissions in my settings.py : REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': [ …
Ahmed Wagdi
  • 3,913
  • 10
  • 50
  • 116
1
vote
1 answer

Call API without manually generate token

I'm using WSO2 to create API (Bearer token). Then I want to configure it to auto-generate token (Basic Auth) and use response as access-token. How can I get that? Thank you so much!
hieulm
  • 19
  • 4
1
vote
1 answer

How to get Google oauth client access token?

I want to know the API to get the Google OAuth client access token. I want to use only client_id, client_secret, user_name, and user_password when I bring an access token. (Because the method using redirect uri is not applicable) for…
j_shoon24
  • 39
  • 5
1
vote
1 answer

Is it safe to store public keys/policies in a node.js constant in Lambda

I am writing a AWS lambda Authorizer in node.js. We are required to call Azure AD API to fetch the public keys/security policies to validate the incoming the Access Token. However, to optimize the performance, I decided to store the public…
user1051606
  • 13
  • 3
1
vote
2 answers

Getting access token to call an API from my ASP.NET Core 5 MVC web app

I'm trying to wrap my head around how to properly authenticate a user using Azure Active Directory and OpenID Connect in my ASP.NET Core 5 app, and get the necessary access token so I can make REST requests an to API. I have two App Registrations in…
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
1
vote
0 answers

How to Exchange Authorization code to get access-code and refresh-token from Android?

I'm using GooglesignInClient in my android app to authenticate users and simultaneously requesting to access Blogger with Scope and Authorization code. here is the code GoogleSignInOptions gso = new…
Venkat
  • 384
  • 1
  • 16
1
vote
0 answers

Express Js Backend API token validation with Azure AD MSAL React response

i have an application frontend developed using React Js and Backend created using Express Js. Api calls are done using Axios. The requirement is to authenticate and authorize a certain user with system privileges (role based). Simple steps of the…
Sandesh Rathnayake
  • 13
  • 1
  • 4
1
vote
2 answers

How to bypass facebook PHP login method if you already have a valid auth_token

I'm using this library for Facebook graph API access within my codeigniter project: http://www.haughin.com/code/facebook/ My web app uses the Facebook JS SDK to authenticate users client-side, then immediately after a login is completed the user's…
Casey Flynn
  • 13,654
  • 23
  • 103
  • 194
1
vote
2 answers

How to generate SAS Token to connect to Azure Storage Account - File Share?

In order to connect to Azure Shared Storage(in particularly File Share) to perform tasks like copying/removing/modifying files from remote to azure storage, we need either SAS(Shared Access Signature) or Active Directory Settings Enabled (and then…
mozilla-firefox
  • 864
  • 1
  • 15
  • 23
1 2 3
99 100