Tag Archives: OAuth

Implementing Sign in with Twitter for NodeJS


via Implementing Sign in with Twitter for Node.js | Codementor.

More and more recently, I’ve been seeing small applications implementing sign in with Twitter, Google, GitHub, LinkedIn, etc. I think this is a great move for a number of reasons. First, so I don’t have to sign up for yet another account at yet another site, and secondly because app developers no longer have to implement their own user sign up scheme with all the trimmings: forgotten passwords, activation emails, and so on. I’m sure a lot of developers out there have those pieces of code as part of their toolbox, but for those who don’t, OAuth sign ins are so much easier to build. I’ve written a guide today that describes how to implement sign in with Twitter. And because I’m really into Node.js at the moment, it’s going to be written with JavaScript.

For those of you who just want to cut to the chase, I’ve made the server-side code available here.

There’s a few things we’ll need to get started.

Couchbase : Create a large dataset using Twitter and Java


via Tug’s Blog: Couchbase : Create a large dataset using Twitter and Java.

An easy way to create large dataset when playing/demonstrating Couchbase -or any other NoSQL engine- is to inject Twitter feed into your database.

For this small application I am using:

In this example I am using Java to inject Tweets into Couchbase, you can obviously use another langage if you want to.

The sources of this project are available on my Github repository  Twitter Injector for Couchbase you can also download the Binary version here, and execute the application from the command line, see Run The Application paragraph. Do not forget to create your Twitter oAuth keys (see next paragraph)

How to Integrate Google Sign In into Your iOS Apps


via How to Integrate Google Sign In into iOS Apps Using OAuth 2.0.

In my last tutorial we worked with the YouTube API, and through the demo application we managed to make requests to that specific Google API. Actually, we created anAPI key prior to any request, as that key was vital for every request that was about to return data back to our application. This time, we’ll continue working with the Google APIs, and my goal is to show you how to makeauthorized requests after a user has signed in with the Google in the application.

For this purpose we are going to use a special SDK, namedGoogle Sign-In SDK. This one provides all the necessary classes and functionalities we need in order to:

  1. Add the default Google Sign In button in our app.
  2. Go through the whole user authentication process using the OAuth 2.0 protocol and get the necessary tokens.

How To Easily Use The Twitter REST API With AngularJS


via How To Easily Use The Twitter REST Api With AngularJSDevdactic.

The Twitter REST Api is quite well documented, still there are many problems how to to call the routes, how to authenticate and in general how to use it. I wanted to simplify the Twitter integration, so I created a AngularJS library acting as a wrapper: ngTwitter.

Some time ago I had a post on the official Ionic blog on Displaying the Twitter Feed within Your Ionic App where everything had to be done by yourself. Now with ngTwitter you only need to call it once with your Consumer Key, your Consumer Secret and a valid OAuth token.

If ngTwitter is configured, you can use the wrapper methods to get the Twitter REST response and don’t have to worry about any more authentication or request signing!

In this tutorial I will show you how to use ngTwitter to access the Twitter REST Api, especially we will grab the home timeline and make a post.

As I am a big Ionic fan, I will use a simple Ionic Framework project as base for this tutorial. To grab the OAuth token I will use ngCordova which is a wrapper for cordova plugins. You can use ngTwitter in any AngularJS app, just maker sure you configure it with the keys and token and everything should work!

Securing GWT Apps using Spring Oauth & Spring Social


General purpose : Provides a spring security configuration for any Oauth2 providers in our projects. For that I found many good starting points on the web and I merged them into a simple GWTP project forked from an existing repository (https://github.com/imrabti/gwtp-spring-security) which helped me to achieve this goal with minor changes. This a solution for […]

https://ngjweb.wordpress.com/2015/03/23/securing-gwt-apps-using-spring-oauth-spring-social/

Using JSON Web Tokens as API Keys


via Using JSON Web Tokens as API Keys.

Most APIs today use an API Key to authenticate legitimate clients. API Keys are very simple to use from the consumer perspective:

  1. You get an API key from the service (in essence a shared secret).
  2. Add the key to an Authorization header.
  3. Call the API.

It can’t get simpler than that, but this approach has some limitations.

The last couple of months, we’ve been working on our API v2. We wanted to share what we’ve learnt implementing a more powerful security model using JSON Web Tokens.

Using a JSON Web Token offers many advantages:

  • Granular Security: API Keys provide an all-or-nothing access. JSON Web Tokens can provide much finer grained control.
  • Homogenous Auth Architecture: Today we use cookies, API keys, home grown SSO solutions, OAuth etc. Standardizing on JSON Web Tokens gives you an homogenous token format across the board.
  • Decentralized Issuance: API keys depend on a central storage and a service to issue them. JSON Web Tokens can be “self-issued” or be completely externalized, opening interesting scenarios as we will see below.
  • OAuth2 Compliance: OAuth2 uses an opaque token that relies on a central storage. You can return a stateless JWT instead, with the allowed scopes and expiration.
  • Debuggability: API keys are opaque random strings. JSON Web Tokens can be inspected.
  • Expiration Control: API keys usually don’t expire unless you revoke them. JSON Web Tokens can (and often do) have an expiration.
  • Devices: You can’t put an API key that has full access on a device, because what is on a phone or tablet can easily be stolen. But you can put a JWT with the right set of permissions.

OAuth in Javascript Apps with Angular and Lumen, using Satellizer and Laravel Socialite


via OAuth in Javascript Apps with Angular and Lumen, using Satellizer and Laravel Socialite – Barry vd. Heuvel.

In the last few weeks, Socialite was a popular topic to blog/tweet about. Coincidentally, I also needed Socialite for a project. But in my case, I wanted to use it in an Angular app, distributed using Cordova (Phonegap) as hybrid app on Android/iOS. There were some examples, but I couldn’t find much about it at the time. A few people asked to share my experience about it, so here it is!