Stack Overflow
Stack Overflow

Questions tagged [api-authorization]

92 questions
9
votes
2 answers

ASP Core 3.0 API Token Custom Token Authentication (not jwt!)

We have a ASP CORE 3 API Project that we need to secure with an API Token. These API Tokens will be provisioned and loaded from the database, but as proof of concept we will hardcode for testing. Everything we have looked at for token authorization…
Scott Moniz
  • 650
  • 11
  • 20
6
votes
3 answers

Why RequiredScope attribute doesn't have any effect?

According to this Microsoft document you should be able to apply attribute like [RequiredScope("SomeScopeName")] to either controller level or action level to protect the API. But when I try it in my API, it doesn't seem to have any effect at all -…
Alexu
  • 1,015
  • 2
  • 12
  • 32
3
votes
3 answers

Spotify API Authorization Code Flow with Python

I am trying to do the authorization code flow using Spotify's API to ultimately add songs to a playlist. I am building this from scratch, and not using any libraries such as Spotipy. I am able to successfully hit the authorize endpoint, but I am…
pythonprogrammer12
  • 31
  • 1
  • 5
3
votes
1 answer

Passing token in header to Prophet 21 API

This is the first time I am working with Prophet 21 by Epicor. I am having a hard time figuring out how to pass the token in the HTTP request header after I authenticate with a user…
thestepafter
  • 598
  • 1
  • 4
  • 20
3
votes
1 answer

IdentityServer4 usage of IdentityServerTools to create a token from within identity server

I'm using IdentityServer4 and have a scenario where I need to initiate a call to a secured API during a password reset process. IdentityServer4 does provide IdentityServerTools for the purpose of calling a secured resource from an extensibility…
LugTread
  • 343
  • 3
  • 12
2
votes
0 answers

Connecting to Web API with Cookie Authentication and CSRF Token

*UPDATE AT THE END I need help with using an API to authenticate into https://connect.garmin.com/signin/. I am using VBA and Power Query to automate the collecting of workout data from my Garmin account. As far as I can tell, the website uses cookie…
cam
  • 73
  • 8
2
votes
0 answers

Get data related to logged user from web api using Angular

I cannot figure out safe way to get only data linked to authenticated users using ASP.net core web api and Angular (PWA). I tried 1. MSAL inside Angular and called an API function with login ID but Java based client codes do not seem to be safe or…
Aussie
  • 83
  • 1
  • 10
2
votes
1 answer

ASP.NET Core Web API + Azure AD Authentication

I need some help with implementing authorization infrastructure for my application. I have a Angular SPA application that works with a Web API. This Web API in turns uses another Web API to serve its request. So, I have totally 2 Web APIs and a…
dks
  • 151
  • 1
  • 13
2
votes
2 answers

How to handle authorization for a non-user based Laravel API?

I have a Laravel web application for a restaurant with its own user base. I have another web application for a bookstore with its own different user base. I would like to create a third application (mostly API, probably using Lumen) that can create…
Jk33
  • 855
  • 3
  • 12
  • 28
2
votes
1 answer

Securing ASP .Net Web API for usage with mobile application

I am currently using Token based authorization via OWIN to keep my APIs from being exposed to everybody. However, there is a flaw attached to this method. Once a user gets a token, he can access any API across my website and get the response for any…
Ravi Kiran
  • 565
  • 1
  • 8
  • 22
2
votes
2 answers

Re-using authorization token response in Logic App

I am new to logic apps and am trying to build an Auth request workflow to obtain a token for re-use in subsequent requests. The API I am connecting to requires that I first sign-in using a username and password in the body of the initial request.…
Nigel Clark
  • 21
  • 1
  • 2
2
votes
1 answer

How should I use "Personal access tokens" of MindMeister API?

About the authentication of MindMeister API, there are three types: API Keys OAuth 2.0 Apps Personal Access tokens I want to use the third one, it explains the next: Personal access tokens Personal access tokens enable direct access to your…
Vinicio Ajuchan
  • 342
  • 1
  • 9
1
vote
0 answers

How to create an authorization in Razor Pages using a third party API?

I have a question about creating the correct authorization architecture in the project, to understand my intentions, I will describe my task. I am building an application to manage customer requests. Application users can be divided into two roles:…
icepower
  • 11
  • 2
1
vote
1 answer

Authorization in Helidon MP

Helidon uses annotations like @RoleValidator.Roles({“my_admins”, “test”}) to do the authorization. I am wondering if there is a way to do authorization differently using configuration settings for paths, for example. Basically, the question is. Is…
Sergey Linetskiy
  • 33
  • 3
1
vote
0 answers

Scribe Java POST follow request to Twitter v2 API fail with Unautorized 401

I am trying to use Scribe library to send API calls to Twitter v2 API with OAuth1 authentication. I manage to send GET users/me request successfully, but its fail on POST follow request. public boolean followUser(String accountId, String userId)…
mikegrep
  • 121
  • 9
1
2 3 4 5 6 7