Overview I’m looking to create a (REST) API for my application. The initial/primary purpose will be for consumption by mobile apps (iPhone, Android, Symbian, etc). I’ve been looking into different mechanisms for authentication and authorization for web-based APIs (by studying other implementations). I’ve got my head wrapped around most of the fundamental concepts but am … Read more
I wonder if I should use the CAS protocol or OAuth + some authentication provider for single sign-on. Example Scenario: A User tries to access a protected resource, but is not authenticated. The application redirects the user to the SSO server. If beeing authenticated the user gets a token from the SSO server. The SSO … Read more
Closed. This question is off-topic. It is not currently accepting answers. Your question should be specific to WordPress. Generic PHP/JS/SQL/HTML/CSS questions might be better asked at Stack Overflow or another appropriate Stack Exchange network site. Third party plugins and themes are off topic, they are better asked about at their developers’ support routes. Closed 6 … Read more
I have a fresh WordPress installation and a working OAuth2 server in Node.js (made using oauth2orize). The only plugins I’ve been able to find let me use only the well-known OAuth2 endpoints such as Google, Facebook, Twitter and so forth. Is there a way for me to use this custom OAuth2 server for authentication on … Read more
What exactly is OAuth (Open Authorization)? I have gleaned some information from OAuth Twitter Tutorial: What is OAuth And What It Means To You What is OAuth But I want to learn and know more. I’m looking for info on the lifecycle. Why do most of the social networks rely on this open protocol? Will … Read more
I am just getting started working with Google API and OAuth2. When the client authorizes my app I am given a “refresh token” and a short lived “access token”. Now every time the access token expires, I can POST my refresh token to Google and they will give me a new access token. My question … Read more
I am creating my first WordPress plugin. It is a Twitter plugin that uses Twitter API 1.1 and OAuth 2.0 to generate a bearer token and then use that to fetch Tweets from Twitter. The plugin is almost ready to be launched. Right now, the user of the plugin will need to go here: https://developer.twitter.com/en/apps/create … Read more
Background: I’m designing the authentication scheme for a REST web service. This doesn’t “really” need to be secure (it’s more of a personal project) but I want to make it as secure as possible as an exercise/learning experience. I don’t want to use SSL since I don’t want the hassle and, mostly, the expense of … Read more
According to RFC6750-The OAuth 2.0 Authorization Framework: Bearer Token Usage, the bearer token is: A security token with the property that any party in possession of the token (a “bearer”) can use the token in any way that any other party in possession of it can. To me this definition is vague and I can’t … Read more
I have been reading about OAuth and it keeps talking about endpoints. What is exactly an endpoint? 10 Answers 10
