Skip to main content

OAuth 2.0 framework


What is OAuth 2.0?


OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.
This informational guide is geared towards application developers, and provides an overview of OAuth 2 roles, authorization grant types, use cases, and flows.
This specification and its extensions are being developed within the IETF OAuth Working Group.

How does Social Login work?

Social Login is a simple process, with the following steps.
  1. The user enters your application and selects the desired social network provider.
  2. A login request is send to the social network provider.
  3. Once the social network provider confirms the user’s identity, a current user will get access to your application. A new user will be registered as a new user and then logged into the application.
How to use this?

  • Setup a Facebook app
  • Get your Facebook App ID and App Secret
  • Copy these keys into your AuthO settings
  • Enable the Facebook social connection in AuthO

Step 1:

Login to facebook as Facebook Developer. Then "add a new app" 

Step 2:

Give Display name for the app and enter the email address.


Step 3:

Then click setup under Facebook,

Step 4:

Under the Facebook Login menu on the left, click on Settings to open the Application OAuth Settings page.

Step 5:

Enter this URL in Valid OAuth redirect URL's box 

https://YOUR_AUTH0_DOMAIN/login/callback

Step 6:

Then click the App Review tab in left side option panel. Next you can make your app public by using first option on the main panel.

Step 7:

Click the Settings and go basic setting then you can have your App ID & App Secret

Step 8:

Click show to reveal the App Secret, then they ask the Facebook password again. 
Select all the attributes & permissions you want to enable in your app.Then click the Application tab and select the applications you wish to enable. After that  Save it.

Step 9:

Now you can test your conection.You can have a this kind of icon on AuthO dashboard.


Click try icon,


Again click the Continue as *** Button then you can have a window "It works!!!" 


Access Facebook API

Once you successfully authenticate a user, Facebook includes an Access Token in the user profile it returns to Auth0.

You can then use this token to call their API.

In order to get a Facebook Access Token, you have to retrieve the full user's profile, using the Auth0 Management API, and extract the Access Token from the response. 

For detailed steps refer to Call an Identity Provider API.

Once you have the token you can call the API, following Facebook's documentation.
For more information on these tokens, refer to Identity Provider Access Tokens.

Comments

Post a Comment

Popular posts from this blog

 SMSC Gateway Overview An SMS gateway is a platform or service that allows you to send and receive text messages (SMS) using telecommunication networks. It acts as an intermediary between computer systems or applications and mobile network operators, enabling the exchange of SMS messages. Here are some key points about SMS gateways: Functionality: SMS gateways provide the necessary infrastructure and protocols to enable communication between computer systems and mobile networks. They typically offer APIs (Application Programming Interfaces) that developers can use to integrate SMS functionality into their own applications, websites, or systems. Sending SMS: With an SMS gateway, you can send SMS messages programmatically from your own application or system. You need to interact with the gateway's API, providing the recipient's phone number, message content, and other relevant parameters. The gateway then delivers the SMS to the intended recipient through the mobile network. Rece...
Post a Comment
Read more

Cross-Site-Request-forgery-protection-in-web-applications-via-Synchroniser-Token-Patterns

What is Cross-site request forgery?   Cross-site request forgery , also known as  one-click attack  or  session riding  and abbreviated as  CSRF  or  XSRF , is a type of malicious  exploit  of a  website  where unauthorized commands are transmitted from a  user  that the web application trusts. Let’s take a look at a concrete example to get a better understanding. Assume that your bank’s website provides a form that allows transferring money from the currently logged in user to another bank account. For example, the HTTP request might look like: POST /transfer HTTP/1.1 Host: bank.example.com Cookie: JSESSIONID=randomid; Domain=bank.example.com; Secure; HttpOnly Content-Type: application/x-www-form-urlencoded amount=100.00 & routingNumber=1234&account=9876 Now pretend you authenticate to your bank’s website and then, without logging out, visit an evil website. The evil website contains an HTML page...
1 comment
Read more