I have an existing web application which is used for HR, managing tasks, sending forms and so on.
My client wants me to integrate Microsoft's multi-factor authentication when signing resources, forms and other stuff.
For now, the signing process is just a token that is generated and sent by email, so the users have to click a link to sign it. My goal here is to give users the possibility to also choose to sign whatever they're signing with multi-factor authentication through their own Microsoft account.
The only thing I've done so far is managing to log in and authorize with the Microsoft Graph API and get Calendar events and other stuff from the user.
Of course, I've googled a lot - but I haven't found the right documentation for my use case. So I need someone to pin point me to the right documentation for my use case. Can anyone help me with that?
Based on my investigation on this issue, I have not seen a direct way of signing files and other resources as well as enabling MFA via the Graph API. I however saw a feature request related to enabling MFA via a Graph API call here. Please consider upvoting it
Related
I know the question is Kinda Silly but i want to know what exactly is oauth and how does it work with facebook,twitter etc.
And also if i want to implement it for my website like creating a login from my website button how can i do it
Definition
According to Wikipedia:
OAuth is an open standard to authorization.OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.
So OAuth is commonly used as a way for web surfers to log into third party web sites using their Google, Facebook or Twitter accounts.
Working Example
Lets say you have a Gmail Account. You decide to sign up for LinkedIn.Adding your friends manually can be sketchy and painful. You might get fed up half-way. So you might be tempted not to create an the LinkedIn account after all.
LinkedIn got a nice idea and wrote a program to let the computer fetch all the data from your Gmail Account.
Without an API for exchanging this list of contacts, you may have to comprimise your email account to LinkedIn so here is where OAuth takes charge. If your Gmail supports the OAuth protocol, then LinkedIn can ask you to authorize them to access your GMail list of contacts.
References :
1)http://en.wikipedia.org/wiki/OAuth
2)https://blog.apigee.com/detail/when_to_use_oauth
I am new to OpenID and have been requested to build a login system to work with the company's Google account. They want to restrict logins to users of their domain. They login into Gmail using their domain and they want this feature to allow access to their systems.
Let's say the domain is example.com. They would log into Gmail as user#example.com or go to their domain login page to access their accounts.
I have been doing some research and it seems that the Google Federated Login is what I should be working with. I downloaded the Google APIs Client Library for PHP and have been playing with the examples but I still cannot get it to restrict access to whom logs in. Currently anyone with a google account seems to be able to login. Also, the API wants to access certain information... I only want to authenticate the user to ensure they are a valid user of the domain and eventually allow SpreadSheet Access in Google Docs so that another script (in the same system) can create SpreadSheets while the user is updating the system.
So my questions are:
1) Which service do I need to enable in the Google API console? Enterprise License Manager API is the only service that is enabled.... I'm starting to think maybe I should disable it.. Do any services have to be enabled? I'm not really sure about this.
2) Is there anything special about the PHP Google APIs that would require me to use Google's API or is this functionality available with any OpenID library? If the latter, which libraries are good for what I am trying to accomplish? (PHP)
3) I have found a few examples for allowing login with a Google account but I haven't found a single one for restricting it to a single domain. I am sure this is possible but am starting to feel that it's very difficult to implement... Any information on this would be very beneficial.
Thanks for any information you can toss my way.
I am implemented In App Billing for android.I wanted to implement subscription validity checking through my backend server. As Google Play Documentation, for making call for Google Play API,need authentication using oauth 2.0.
I followed instructions for registering project and creating credentials. But from there I have no idea how to use those credentials, I tried authentication via CURL request, but it asking permission as shown in follwing image
This permissions works fine I can exchange code and get access token, but all this done by manually, how should I implement this on backend.
I even try to use google api php library provided by Google, but It adds confusion. Also they didn't provide any example, how to use library.
Can anybody elaborate how exactly use library or pure php?
Thanks in advance.
To perform LVL and/or IAB validation on a server, do not access Google servers directly from the server. Even if all information were available, you would face integrity problems, because your app and your server will see different information due to synchronization latencies.
Instead, use your app as a proxy and validate the Google Play information on your server as described here.
I'm writing an Android app that will require folks to identify themselves. We figured that the best course of action is to NOT have folks register with our server since practically everybody has an account somewhere else with a major service (Google, Twitter, Facebook, Yahoo! for example).
The REST API is being built around CakePHP. This in itself isn't a sticking point for what I need, but the issue is more on the Android app along with its communication to our API. Essentially what I'd like to see is a user with X number of devices having the ability to login to a service they already have access to.
This identity would then be known by our server as an identity for that user. My app would then need a way to tell our API that "I am John Doe from service example.com, and here's proof". The servers would also accept a new device for the same identity and tie it in to that user.
I am stuck on some issues here:
OpenID seems to be the way to go (though I'm not sure if Twitter supports OpenID). But how can I do OpenID from my device? I don't need somebody to point me to OpenID for Java. This is NOT 100% of the answer I am looking for. Where is the website going to redirect to?
What will the authentication piece be like between my webserver and Android app? I'm not logging in. I'm using an OpenID. Should I just take some/all of the OpenID information and pass it to the webserver for storage, and then pass it again to check against for every API call?
Twitter not only does OpenID, but they also have a dedicated page talking about what the flow is and what you need to store. Google has a similar page for their login. The OpenID login flows are (for the most part) OAuth2.
A site I manage uses the my_twitter.php class simply to receive tweets from one certain account. As of a few hours ago this has stopped working, it displays a wrong username / password message while the credentials are correct.
On various websites I am reading about API problems but I'm not sure if the my_twitter class needs to be replaced with another one that uses OAuth, or will the problems be resolved and my_twitter start working again? That class is still listed as an official library by Twitter.
EDIT: turns out I do not need OAuth to just receive the latest tweet. http://dev.twitter.com/doc/get/users/show This link explains things well
This is from an email I received from Twitter this morning, titled 'Update: Twitter Apps and You':
Update 1: New authorization rules for
applications
Starting August 31, all applications
will be required to use “OAuth” to
access your Twitter account.
What's OAuth?
OAuth is a technology that enables
applications to access Twitter on your
behalf with your approval without
asking you directly for your password.
Desktop and mobile applications may
still ask for your password once, but
after that request, they are required
to use OAuth in order to access your
timeline or allow you to tweet.What
does this mean for me?
Applications are no longer allowed to
store your password.If you change
your password, the applications will
continue to work.Some applications
you have been using may require you to
reauthorize them or may stop
functioning at the time of this
change.All applications you have
authorized will be listed at
http://twitter.com/settings/connections.
You can revoke access to any
application at any time from the list.application at any time from the list.
So it does look like you need to find another library, that uses OAuth.
Quote from twitter received email:
Some applications you have been using
may require you to reauthorize them or
may stop functioning at the time of
this change.