Beginner programmer here, please pardon ignorance & explanations will be really nice 🙂 I’ve tried to read the tutorials for a certain OAuth 2.0 service, but I don’t understand this redirect URI… in my particular context, let’s say I’m trying to build an iPhone app that uses OAuth 2.0 for some service. I have an … Read more
I’m trying to use fetch in React Native to grab information from the Product Hunt API. I’ve obtained the proper Access Token and have saved it to State, but don’t seem to be able to pass it along within the Authorization header for a GET request. Here’s what I have so far: var Products = … Read more
I have a program that integrates with the YouTube Live Streaming API. It runs on timers, so its been relatively easy for me to program in to fetch a new Access Token every 50 minutes with a Refresh Token. My question is, why? When I authenticated with YouTube, it gave me a Refresh Token. I … Read more
We are using Retrofit in our Android app, to communicate with an OAuth2 secured server. Everything works great, we use the RequestInterceptor to include the access token with each call. However there will be times, when the access token will expire, and the token needs to be refreshed. When the token expires, the next call … Read more
I am just getting started working with Google API and OAuth2. When the client authorizes my app I am given a “refresh token” and a short lived “access token”. Now every time the access token expires, I can POST my refresh token to Google and they will give me a new access token. My question … Read more
I’m building a mobile app and am using JWT for authentication. It seems like the best way to do this is to pair the JWT access token with a refresh token so that I can expire the access token as frequently as I want. What does a refresh token look like? Is it a random … Read more
I don’t know if I just have some kind of blind spot or what, but I’ve read the OAuth 2 spec many times over and perused the mailing list archives, and I have yet to find a good explanation of why the Implicit Grant flow for obtaining access tokens has been developed. Compared to the … Read more
Could anyone explain what’s good about OAuth2 and why we should implement it? I ask because I’m a bit confused about it — here’s my current thoughts: OAuth1 (more precisely HMAC) requests seem logical, easy to understand, easy to develop and really, really secure. OAuth2, instead, brings authorization requests, access tokens and refresh tokens, and … Read more
With the “Implicit” flow the client (likely a browser) will get a access token, after the Resource Owner (i.e. the user) gave access. With the “Authorization Code” flow however, the client (usually a web server) does only get an authorization code after the Resource Owner (i.e. the user) gave access. With that authorization code the … Read more
On the website https://code.google.com/apis/console I have registered my application, set up generated Client ID: and Client Secret to my app and tried to log in with Google. Unfortunately, I got the error message: Error: redirect_uri_mismatch The redirect URI in the request: http://127.0.0.1:3000/auth/google_oauth2/callback did not match a registered redirect URI scope=https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email response_type=code redirect_uri=http://127.0.0.1:3000/auth/google_oauth2/callback access_type=offline approval_prompt=force … Read more
