#oauth
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Post activity is at the highest at 4:00 pm EDT; notes peak at 10:00 pm EDT.
Text
I miss being able to just use an API with `curl`.
Remember that? Remember how nice that was?
You just typed/pasted the URL, typed/piped any other content, and then it just prompted you to type your password. Done. That's it.
Now you need to log in with a browser, find some obscure settings page with API keys and generate a key. Paternalism demands that since some people insecurely store their password for automatic reuse, no one can ever API with a password.
Fine-grained permissions for the key? Hope you got it right the first time. You don't mind having a blocking decision point sprung on you, do ya? Of course not, you're a champ. Here's some docs to comb through.
That is, if the service actually offers API keys. If it requires OAuth, then haha, did you really think you can just make a key and use it? you fool, you unwashed barbarian simpleton.
No, first you'll need to file this form to register an App, and that will give you two keys, okay, and then you're going to take those keys, and - no, stop, stop trying to use the keys, imbecile - now you're going to write a tiny little program, nothing much, just spin up a web server and open a browser and make several API calls to handle the OAuth flow.
Okay, got all that? Excellent, now just run that program with the two keys you have, switch back to the browser, approve the authorization, and now you have two more keys, ain't that just great? You can tell it's more secure because the number of keys and manual steps is bigger.
And now, finally, you can use all four keys to make that API call you wanted. For now. That second pair of keys might expire later.
20 notes
·
View notes
Text
Happy International Bluescreen Day
Ce matin vendredi 19 juillet 2024 les entreprises, compagnies aériennes, banques et des médias sont hors fonctions suite à une mise à jour de CrowdStrike, un antivirus utilisé par Microsoft est à l'origine de la panne.
En 2023
Fin septembre c'est OAuth qui sera appliqué pour les @mail
76 notes
·
View notes
Text
X восстановился после масштабного отключения
После сообщения о пожаре, произошедшем раннее на этой неделе в штате Орегон не загружалась лента на X.
https://tefida.com/x-is-back-after-an-apparent-widespread-outage/
0 notes
Text
Google developers OAuth 2.0 playground And OpenID Connect
Google Auth Platform usability and security updates
Millions of developers authenticate users and access hundreds of APIs using Google's identity platform. One of the largest implementations of the Google developers OAuth 2.0 playground protocol and OpenID Connect standard in the world provides developers with a reliable, secure, and easy method to interact. Google is pleased to announce significant platform usability and security improvements.
Google engineers' OAuth 2.0 playground
Simple OAuth setting in Google Cloud Console
Developers that use Google Sign-in for authentication or user consent to use Google APIs must register their applications and websites to generate client credentials. Developers utilising Google Cloud Console previously found OAuth setup pages under APIs & Services. Separate navigation for Google Auth Platform is added to these sites.
This version speeds up app configuration updates, simplifies project registration, and improves developer advice. Upcoming improvements include an improved onboarding wizard, simpler OAuth scope management, and faster, more transparent app verification.
Developers using other consoles for OAuth have the same Firebase or Apps Script experience.
OAuth client secret presentation change
Some OAuth clients require a “secret” for authorisation and authentication. Since the client secret operates like a website or application password, protecting these strings is crucial to user account and data security.
Developers could previously download client secrets from Google Cloud Console, Firebase Console, and other Google developer tools. OAuth secrets will be hidden in Google Cloud Console client administrative pages in June. Developer consoles will show the last few characters to help identify them.
OAuth client secrets must be downloaded and handled securely by developers. For this, most developers utilise Google Cloud Platform's Secret Manager. The client secret won't appear when the creation screen closes.
Never reveal OAuth client secrets that provide access to user data or other production systems online or in version control systems. If secrets leak, change them immediately and cycle them often.
Automatic deactivation of unused OAuth clients
Starting in June, OAuth clients inactive for six months will be automatically terminated to prevent credential theft and misuse. When token exchanges end, the six-month period begins.
When inactive clients are erased, developers will be notified and can recover them for 30 days.
A great experience for you and your customers
These upgrades and more planned for later this year make your experience smoother and safer, giving you more time to build great applications and websites for your consumers.
Accessing Google APIs with OAuth 2.0
Simple acts
Every Google API-accessing app utilising OAuth 2.0 follows a pattern. You take five stages typically:
The Google API Console gives OAuth 2.0 credentials.
Get an access token from Google Authorisation Server.
Review user-granted access scopes.
Give an API the access token.
Update the access token if needed.
Google APIs authorise and authenticate using OAuth 2.0. Google supports OAuth 2.0 applications for web servers, client-side, installation, and limited-input devices.
Get OAuth 2.0 client credentials from Google API Console to begin. After that, your client app requests an access token from the Google Authorisation Server, extracts it, and sends it to the Google API you want to use. Check out the OAuth 2.0 Playground for an interactive Google OAuth 2.0 demonstration using your own client credentials.
#technology#technews#govindhtech#news#technologynews#Google developers OAuth 2.0 playground#Google developers OAuth#OAuth 2.0#OAuth clients#OAuth 2.0 playground#OAuth
0 notes
Text
The MERN stack (MongoDB, Express.js, React.js, Node.js) is a powerful combination of technologies for building modern, full-stack web applications using JavaScript. A CRUD (Create, Read, Update, Delete) app is a basic yet essential application structure for handling data in web development. In this guide, we will walk through the process of building a simple CRUD app using the MERN stack, where users can create, read, update, and delete records in a database.
By the end of this tutorial, you'll understand how to set up the backend and frontend of a MERN stack application, create API endpoints, connect the app to a MongoDB database, and build an interactive user interface with React
#MERNStack#MongoDB#ExpressJS#React#NodeJS#FullStack#FullStackDevelopment#CRUDApp#WebDevelopment#AppDevelopment#FrontendDevelopment#ReactJS#JavaScript#JSX#ReactHooks#ReactRouter#BackendDevelopment#API#RESTAPI#ServerSide#NoSQL#Database#Mongoose#JWT#Authentication#Authorization#OAuth#PassportJS#Git#GitHub
0 notes
Text
Django - OAuth Test Sample
An OAuth sample code base on Django. Django Commands pip3 install django djangorestframework django-oauth-toolkit django-admin startproject oauth_test cd oauth_test python3 manage.py startapp test_app python3 manage.py makemigrations python3 manage.py migrate python3 manage.py createsuperuser python3 manage.py runserver We can test by using Postman application. Setup OAuth in project’s…
View On WordPress
0 notes
Text
#standards#developer#tcp/ip#http#oauth#sql#html#css#ecmascript#iso#data#format#openapi#development#software#web#bytebytego
1 note
·
View note
Text
Passwordless and Passkeys
Ugh! Passwordless Photo by Anna Shvets Passwordless can seem to give some indigestion! 😂 Why? Because the name may suggest that it’s insecure, somehow. It has to be. Right? Nah! Well, not really. It depends on how I, the administrator, set it up and on the end users’ re-education on security. It also would mean an organization re-education as well. Multi-Factor authentication, YubiKey,…
View On WordPress
#Auth#Authentication#Conditional Access#EM+S#Endpoint#Enterprise Security#iOS#iPadOS#MFA#Mobile#Multi-Factor#OAuth#security
0 notes
Text
OAuth Apps Used to Automate BEC and Cryptomining Attacks
Attackers target user accounts without robust authentication measures, creating new OAuth apps with high privileges to ensure continued access and hide their malicious activities.
View On WordPress
0 notes
Text
It really is very frustrating to try to use Tumblr through the API, because:
First you have to Register An App, even though I am a user, I am trying to just automate some workflows, I am not an App Developer making a third-party integration for others.
Then you must use OAuth. Having an API where the only authentication mechanism is OAuth should be a crime. OAuth is an okay solution for letting third-party code get credentials on behalf of users with user consent. But I am not third-party code!!! I am me, the user; my code is an extension of me, it is me, alkfsdafklsdalfsalf!
Randomly things will just fail to post. You will be told the profoundly helpful status 400, code 8001, which if we go by observation alone are the only possible numbers, and mean any possible error. "Posting failed. Please try again." Incidentally, if you are ever responsible for a "Please try again" error message for something that is not a transient error but will persistently reliably fail, we need to break out the medieval corporal punishments. Flogging. Stocks. Those little cages on street posts. And responsibility goes up the chain of command - the higher the position, the longer the punishment.
This. This will be the thing that finally drives me off Tumblr. No amount of adoring Tumblr fans will keep me if I can't reliably publish posts from the comfort of my text editor.
31 notes
·
View notes
Text
OAuth Supporting Biometrics to Get Criminals Discouraged or Delighted?
“Failure to verify OAuth tokens enables account takeover on websites” https://www.csoonline.com/article/657356/failure-to-verify-oauth-tokens-enables-account-takeover-on-websites.html
A friend who read this report has suggested that I should say something on biometrics that OAuth supports for the identity authentication of its users.
Well, my comment will be found in this 2minute video — “Biometrics in Cyber Space” https://youtu.be/wuhB5vxKYlg
If they want to get criminals and adversaries delighted, biometrics would be an excellent tool to achieve the objective.
Should they want to get criminals and adversaries discouraged, they should keep away from biometrics to achieve the objective.
Interested in this subject? — Here is a collection of biometrics-related discussions — “Probabilistic Biometrics Unravelled : How it brings down identity security” https://www.linkedin.com/pulse/biometrics-unravelled-password-dependent-hitoshi-kokumai/
PS We are not against biometrics as a whole. Biometrics is useful for forensics where used with reliable privacy data protection. It could also be helpful for individual identification to screen out bad guys in physical space where citizens are correctly informed of the serious risk that biometrics brings to their privacy.
0 notes
Photo
Another great infographic from ByteByteGo that crams a lot of detail into a single page.
This one illustrates the difference between session tokens and JSON web tokens (JWT) and then goes on to show how JWTs are the backbone of modern single sign on (SSO) and OAuth flows.
(via https://substack-post-media.s3.amazonaws.com/public/images/041727d8-aaba-4c1d-8b74-b2c26e2e05e2_1446x1890.png (1446×1890))
1 note
·
View note
Text
Securing Your Digital Identity: Get Your Google API and OAuth Credentials Now
As of today, it is so easy to get the Google API and Client credentials with a few clicks via Google Developer Console. Before that, it is essential to know what API and Client credentials are. In this blog, we discuss the API and client credentials and when to use them. Are you searching for the Step by Step instructions to get the API key and OAuth Credentials? Then keep on reading….
Both API keys and OAuth are the different types of authentication handled by Cloud Endpoints.
These two differ most in the following ways:
The application or website performing the API call is identified by the API key.
An app or website’s user, or the person using it, is identified by an authentication token.
API keys provide project authorization
To decide which scheme is most appropriate, it’s important to understand what API keys and authentication can provide.
API keys provide
Project identification — Identify the application or the project that’s making a call to this API
Project authorization — Check whether the calling application has been granted access to call the API and has enabled the API in their project
API keys aren’t as secure as authentication tokens, but they identify the application or project that’s calling an API. They are generated on the project making the call, and you can restrict their use to an environment such as an IP address range, or an Android or iOS app.
By identifying the calling project, you can use API keys to associate usage information with that project. API keys allow the Extensible Service Proxy (ESP) to reject calls from projects that haven’t been granted access or enabled in the API.
Contrarily, authentication strategies often have two objectives:
Verify the identity of the calling user securely using user authentication.
Check the user's authorization to see if they have the right to submit this request.
A safe method of identifying the user who is calling is provided by authentication mechanisms.
In order to confirm that it has permission to call an API, endpoints also examine the authentication token.
The decision to authorize a request is made by the API server based on that authentication.
The calling project is identified by the API key, but the calling user is not.
An API key, for example, can identify the application that is making an API call if you have developed an application that is doing so.
Protection of API keys
In general, API keys is not seen to be safe because clients frequently have access to them. This will make it simple for someone to steal an API key. Unless the project owner revokes or regenerates the key, it can be used indefinitely once it has been stolen because it has no expiration date. There are better methods for authorization, even though the limitations you can place on an API key minimize this.
API Keys: When to Use?
An API may require API keys for part or all of its methods.
This makes sense to do if:
You should prevent traffic from anonymous sources.
In the event that the application developer wants to collaborate with the API producer to troubleshoot a problem or demonstrate the usage of their application, API keys identify an application's traffic for the API producer.
You wish to limit the number of API calls that are made.
You want to analyze API traffic to find usage trends.
APIs and services allow you to view application consumption.
You want to use the API key to filter logs.
API keys: When not to use?
Individual user identification – API keys are used to identify projects, not people
On secured authorization
Finding the authors of the project
Step-by-step instructions on how to get Google API and OAuth credentials using the Google developer console.
Step 1
Browse Google developer console
Step 2
Select your project or create a new project by clicking on the New project button
Step 3
Provide your project name, organization, and location, and click on create.
And That’s it. You have created a New Project.
Step 4
Navigate to the Enabled API and services at the Left sidebar and click on Credentials
Step 5
Move on to create Credentials
Here to get your API key click on the API key. Instantly you will get your API key for your Project.
To get your OAuth Credentials
Navigate to the OAuth Client ID on the Create Credentials drop-down menu.
Step 6
Here you need to create an application. A client ID is used to identify a single app to Google’s OAuth servers. If your app runs on multiple platforms, each will need its own client ID.
Step 7
Select the appropriate application type from the drop-down
The name of the client will be auto-generated. This is only to recognize the client console and does not show to the end users.
Step 8
Enter your URL for the Authorized JavaScript origins by clicking on Add URL
Provide your Authorized redirect URLs
Finally click on Create
Step 9
You will get an OAuth Client Id and Client Secret instantly.
Epilogue
Getting Google API and OAuth credentials is an important step in developing applications that interact with Google services. It allows developers to access data from Google APIs and services in a secure and reliable way. With the correct setup, developers can create powerful applications that can be used by millions of users. In summary, getting Google API and OAuth credentials is essential for any developer wishing to build web applications that interact with Google services.
#google drive#google cloud#google#blog post#Google api#oauth#oauth tutorial#oauthsecurity#google security#web developers#software development#developers
0 notes
Text
Custom Oauth provider - add authorization in consuming app
Problem Statement : Not sure about the best way to describe this but I have an app (.net framework 4.8) with a custom OAuthProvider. Calling this APP A. The provider generates an access token based on username and password, when using the app, if they have the correct roles an access token is created for use in APP B. APP B is a .net core 7 app. There is a link to APP B from APP A which passes…
View On WordPress
0 notes