I am working on integrating Docusign Authorization Code Grant Authentication. I was getting docusign login site html code as my return so then I realized this needs to run in the browser. I ran the URL and got to the docusign login page and after logging in I can get the code in the redirect url. But my concern is how I can do this with C# code.
I had tried this with sdk as well but still i got the HTML of Docusign login page in response.
I am using the below url to generate the code.
Auth Code Grant requires that you use a web browser to authenticate and then redirect the call to your web server with a code. You can then exchange this code for an access token and that can be done from any app.
If you need a non-web app to make API calls you need to use JWT. JWT allows you to obtain the access token without any web UI. You do need to obtain consent at least once (via web UI) but that doesn't have to be done in the context of your app (assuming again you're building a non-web app).
Related
In my application, I want to fetch data from Zoho Subscription Api which implement OAuth 2.0 documentation mechanism. As per the documentation first I need to generate a grant token using which I need to generate the original access token. For this, I have to hit the URL which will open the Zoho Authorization window in the browser and after I allow the authorization it will provide me the code which I can use for the next step.I want to get that code without opening the browser window as Postman does. How to do that in .net and with Restsharp.
Sample URL is
https://accounts.zoho.com/oauth/v2/auth?
scope=ZohoSubscriptions.invoices.CREATE,ZohoSubscriptions.invoices.READ,ZohoSubscriptions.invoices.UPDATE,ZohoSubscriptions.invoices.DELETE&
client_id=1000.0SRSZSY37WMZ69405H3TMYI2239V&
state=testing&
response_type=code&
redirect_uri=http://www.zoho.com/subscriptions&
access_type=offline
Zoho API link - https://www.zoho.com/subscriptions/api/v1/oauth/#overview
Thanks
Utpal Maity
I'm developing a web application with C # and netcore, which includes an API module.
Then there is a windows WPF application (programmed by me) that can connect to this API.
So when I log in into my WPF application I check the credentials over the API's call and grant access to the user. In this WPF Application is a Button that will forward you to the Web version.
Is it now possible to hand over the generated bearer token from WPF App to my login in the web to grant the user access without using again his credentials?
I expect that the user just need to use his credentials in WPF App and is logged in in the browser too.
Thank you in advance and have a nice day.
I guess you store the token on the Web version and if you open it in the browser it will already be logged in and redirected to a specific page. In case the token cannot be retrieved or it is expired, then you will stay on the login page.
I would suggest you to pass the token to the login page as parameter in the URL from your WPF app. So at this point after you check if you already have a token stored, you can also check if you have any parameter passed, store that one and redirect to the page you want.
I have a AngularJS Web Application that requests data from API written in .NET Web API.
Now, I have ADFS 3.0 OAuth configured with my client ID and redirect URL(https://www.someredirecturl.index.html) utilizing Authorization Code Grant Flow.
I also have a .NET Web API that returns some values.
For e.g https://www.example.com/showData
Whenever, i call the URL, the ADFS Login screen shows up.
Then, the browser is redirected to my Redirect_URL with the authorization code. For e.g https://www.someredirecturl.index.html?code=xxxxxxxxx
Then, i capture the code and send it to the ADFS server( POST REQUEST ) to get the token.
Now, i have the token.
After this step, i should be able to call my API https://www.example.com/showData with Authorization Code: Bearer + token.
But, how does it work without writing anything at the server side.
Do i have to read the headers with key Authorization, extract the token?
What is the best way to do this?
At any point, will i see data on the browser directly, or it will always be called by some program sending headers.
What if www.example.com is a website. and www.example.com/api is a resource endpoint. How to merge the two of them. can user login to www.example.com when he would enter his credentials on ADFS. How to redirect from Redirect_URL with authorization code?
Yes - as per this.
Basically:
Check that the JWT is well formed
Check the signature
Validate the standard claims
Check the Client permissions (scopes)
jwt.io has a number of libraries that do this for you.
I have a Web Api (just a result of the VS wizard with Azure AD authorization option turned on). I want to test this api directly, not using Azure API Management Portal or anything else. Particularly I want to use Advanced REST Client (often called ARC: https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo), but any web client will suite me, for example curl.
Could somebody go through all the necessary steps to perform a proper authorization or recommend a good resource on this topic?
I expect all the work to be done manually, not using any tools except my browser and curl or arc
To make the request to the web API which protected by Azure AD, we need to get the access token through OAuth 2.0. After we create the web API project by Visual Studio, we still need to register an app on Azure portal which used to call the Web API.
For example, the Azure AD created an app active-directory-webapi for me when I create the web API project active-directory-webapi using the Visual Studio wizard with Azure AD authentication.
Then I open the Azure AD portal though this link and register an web application named as active-directory-webapi-client. Since it is a web application, we need to generate an secret for it. And to use call the web API, we need to add the web api application to grant the permission for it. Here is an figure for basic information for app I register it manually:
Then we can use OAuth 2.0 require the token for this app:
Get: https://login.microsoftonline.com/{tenantId}/oauth2/authorize?response_type=code&client_id={clientId in figure }&redirect_uri={redirect Url in figure}
Then we need to input the username/password and get the OAuth code in the Url. And we can get the token through the OAuth code by request below:
POST: https://login.microsoftonline.com/{tenantId}/oauth2/token
client_id={client_id in figure}&client_secret{secret in figure}&code={OAuth code in the previews request}&grant_type=authorization_code&redirect_uri={ redirect Url in figure }&resource={ it as the Audience in the web.config of web API project}
At last, we can call the web API use the token from request above:
Get: https://localhost:44305/api/values
authorization: bearer {accessToken}
More detail about OAuth 2.0 authorization flow you can refer here.
I am trying to upload video on personal amazon cloud using REST API. The problem is that i ask for access token using client id at very first step. it opens login page although permission is already given.
Go to this url
https://developer.amazon.com/appsandservices/apis/experience/cloud-drive/content/restful-api-getting-started
I am following this method Authorization Code Grant
after i login it redirect to desired redirection page. I am making tool for windows in c#.
All i want is to directly get to the redirection link