I am trying to use Google shopping API. In order to use the API, my application should be authenticated using OAuth2.0. Looks like this method involves user interaction (where user allows the application to access the resource)
Is it possible to do OAuth authorization in non web applications with no user interaction?
This may be a good case for using a Service Account. This would mean that your application isn't running as a user but as itself. That is, as a made up account corresponding to your APIs Console project.
Various official client libraries support the Service Account flow as described in the link above, but C# is not listed among them, so you may have to write it yourself. (Though this issue claims it's supported in the google-api-dotnet-client library, I couldn't find the source for this feature after a minute or two of looking).
Related
I wanted to take a backup of dynamics crm instance using Online Management API . Basically i wanted to take a back up of Full CRM instance everyday without user interaction . Sample Code given by MS requires a login windows which we don't need and I didn't find a way to exclude login window.
Sample Code
Running it as a Daemon, Windows Service, you could use the App Permissions and just get an App only token via the Authentication Flow documented here with a link to some code samples on that. Now, if you run it as a user account with delegated permissions, you could try the "client_secret_post" authentication method for the token acquisition mentioned here and in more detail with the OpenID Connect Spec and the OAuth 2.0 Spec. There is a Wiki on that in the Azure-activedirectory-library-for-dotnet GitHub repo here.
Here are the code samples you'd want to use for a daemon app Daemon applications (accessing Web APIs with the application's identity)
you have a choice of .NET or .NET Core samples, and even one Java one and an ASP.NET Web App.
Does Azure support a programmatic way of registering an application via the users Microsoft account (Using Azure Active Directory)?
Example 1
I am unable to find anything through the Microsoft docs. Everything related to this indicate a manual application registration has to be done, then manually entered. However, I want my application to support multiple tenants without having to manually input all the information into environment variables.
I would like my application to register itself after a user has signed into their Microsoft account and allow access to my application (similar to Github integration). With that registration, it can then pull down the users tenant information and generate a key for itself.
Edit: I have found some other answers on StackOverflow that mentions using GraphAPI after obtaining a bearer token from Microsoft
Is this still the best way of doing this?
I'm building a .net backend for my Azure Mobile Service.
I would like to execute code whenever someone authenticates with one of the default providers (i.e. Microsoft, Google, Facebook etc.).
Some examples of what I would like to do during authentication:
Associate their MS/Google/FB Account ID with my own user accounts
Add claims to the ServiceUser
To sum it up: is there any way to hook into the server side execution of MobileService.LoginAsync(provider) in a .net backend?
Yes, you should look at the custom authentication feature of Mobile Services, which should be flexible enough for your use case: https://azure.microsoft.com/en-us/documentation/articles/mobile-services-dotnet-backend-get-started-custom-authentication/
You might also be interested in the new AAD B2C offering, which has a lot of features that might fit your scenario: https://azure.microsoft.com/en-us/documentation/services/active-directory-b2c/
I am writing an iPhone application in which user sign in, and than read his messages and can also post messages. I am planning to use oAuth in 2legged scenerio, because in 3legged the flow is not smooth as opening the browser even in application does not seem to be comfortable. Is it best to use 2-legged version in this scenario.
Note: The server side API is written in .net (C#).
From a definition of 2- vs. 3-legged OAuth:
3-legged OAuth describes the scenario for which OAuth was originally
developed: a resource owner wants to give a client access to a server
without sharing his credentials (i.e. username/password). A typical
example is a user (resource owner) who wants to give a third-party
application (client) access to his Twitter account (server).
2-legged OAuth, on the other hand, describes a typical client-server
scenario, without any user involvement. An example for such a scenario
could be a local Twitter client application accessing your Twitter
account.
What you have described is perfectly valid and only difference between them is that 2-legged Oauth system is derived from Original to enhance some sort of user experience which in 3-legged application can be confusing.
In fact most of REST API calls made on the Internet using OAuth are made using 2-legged OAuth.
here is a link which descried these things in details
2-legged or 3-legged
I will certainly go for 2-legged option
As an organisation, we use Google Apps. We have the paid version (mapped to our domain) etc...
We are developing a web based application to manage orders, and other business functionality.
I want to be able to use federated login with our google apps accounts-
For example, if a user is logged in to their email (gMail) - they should automatically be logged in to our ASP.net application
If they're not logged in - the log in form should auth. against our google apps account.
How can this be done?
Is it possible to be able to "get" the user who is currently logged in using this method etc...?
Sure, use dotNetOpenAuth. It's recommended by OpenId library and it should be easy in use. As far as google provides OpenId interface there should be no problem with using it in your application.
Stackoverflow is successfully using it and I'm logged here always when I'm logged on my google account.
Just doing a quick search through Google's API documentation, it sounds like you need to use Google's implementation of OAuth protocol.
If you have not yet started developing, you could even considering developing for Appengine - using python or Java (though I would prefer Python myself).
Advantage is that it has a much closer integration with Google Apps services and it will be much easier to build further functionality that works with Google apps (docs/mail etc). Besides this, there arent too many hassles for hosting the app.