oauth-2.0

OAuth 2.0 -- What's new?

Could someone enumerate the main differences between OAuth 2.0 and previous versions? Or point me to good documentation. (Not the full OAuth 2.0 Protocol draft; I don't have time to read it.) ...

Facebook redirect on "Don't Allow" uses unexpected query string: ?error[type]=OAuthAccessDeniedException

I'm implementing a facebook app and use oauth 2.0 to log the user in to facebook, and to request some permissions. If the user chooses Allow, I get the expected response on the redirect_uri (with code parameter which I can exchange to an access_token). This is all working correctly. However, when the user chooses Don't Allow on the Fac...

Can't get user info from Facebook w/ oauth 2.0 for iphone

As soon as the user is logged in, I retrieve the user info using this code: [_facebook requestWithGraphPath:@"me" andDelegate:self]; It worked for the first few times, but it eventually returned an error. I thought it was a session thing since I have "offline_access" on my permissions. I logged out from Facebook and compiled again from...

Facebook OAuth redirect_uri problem 'Given URL is not permitted by the application configuration.'

When asking for authorisation by redirecting to the following url: https://graph.facebook.com/oauth/authorize?client_id=...&scope=email,offline_access&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Findex.php%3Fcallback%3Dfacebook Facebook returns 'Invalid redirect_uri Given URL is not permitted by the application configuration....

Should I use the DotNetOpenAuth OAuthAuthenticationModule or not?

In dnoa's web rp application template for visual studio, there is an HttpModule named OAuthAuthenticationModule. However, I can't tell how it's used, since it doesn't look like the vs template (the MVC one anyway) does any OAuth authentication out of the box. The samples in version 3.5.0.10213 of DotNetOpenAuth don't seem to use any cu...

ruby's oauth2 grant_type

Hi, i started using oauth2 gem by intridea (http://github.com/intridea/oauth2) and don't know how to fix this problem. I have developed both client and server and on request for access_token i see no grant_type parameter. My code from client callback controller class CallbackController < Devise::OauthCallbacksController def accounts ...

Facebook access token issue in JS implementation

I am new to FB apps and trying to get the accessToken for my website using JS. I have followed the steps given on the API docs, but I keep getting an "error": { "type": "OAuthException", "message": "Error validating application." } I know that theres some issue with my implementation. Can someone please help me out. If...

Facebook App : Invalid OAuth 2.0 Access Token

Hi, I am almost done building a facebook application. Its working alright but for one problem. If a user adds the application to his profile for the first time ( by granting appropriate permissions ) it works fine. But when user removes the application from his Application Settings and then tries to add the application again, it just won...

Looking for OAuth2 library for Mono

I'm looking for an OAuth2 library that works under Mono 2.6. Currently I'm using DotNetOpenAuth which is working fine for OpenID, but wondering if the DotNetOpenAuth OAuth2 release does (or will) work on Mono. ...

How can I get a signed access token from facebook using OAuth 2.0?

I want to identify the an android native app user on my web service. I don't want to include a secret in my java, as that would be trivial to find. Using the javascript sdk on the website, the token is signed and I can verify it with the shared secret on the server, but the android sdk just gets a token. I had hoped that I could pass th...

OAuth 2.0 Service Provider .NET libraries

I'm currently investigating OAuth 2.0 Service Provider solutions for .NET (I appreciate that 2.0 isn't a complete spec). What libraries are people currently aware of, other than DotNetOpenAuth ? ...

Gem for oAuth2 Consumer AND Provider functionality in Rails 2.3.5

Hi there, I'm struggling finding a usable gem which provides the following for a Rails 2.3.5 application: we want to protect out API with oAuth 2; therefore a Controller for creating access/request Tokens and the models (Client, Token,...) are required we want to consume oAuth2 Services like Facebook and Twitter It would also be nic...

How important is it to keep OAuth's access token secret?

Once I receive my access token for a site (say facebook) using OAuth, how important is it to keep this secret? Could anything malicious happen if someone got a hold of one? I was wondering if it would be a bad idea to save the token in a cookie or session. ...