I find the documentation provided by microsoft confusing(Link).
How can I for example get an authentication token and where can I download the javascript libraries? I couldn't find any information on this.
Basically I want to know how to get the calendar of an user in my javascript webapp.
I did try sending an request to
"https://outlook.office365.com/api/v1.0/me/calendarview?startDateTime="+begin+"&endDateTime="+end"
This shows me an authentication popup but after submitting the correct username/mail and password, it doesn't do anything. There is no response back.
To get an access token, you need to use the OAuth2 Authorization Code Grant flow. https://dev.outlook.com/RestGettingStarted walks through the process. Basically you need to register your app to get a client ID and secret, then use those to go through the process.
Related
In my project I need to link an existing email account whithout the user signed in.
I have the user's email, so I'm trying this code:
firebase.auth().getUserByEmail(useremail);
on the client side.
But it gives me the firebase.auth(...).getUserByEmail is not a function error.
Does anyone know how to get the user by email address on the client side so I can link the accounts, the existing one and the providers?
Thanks in advance.
Using sdk 17.4.5
For web clients, firebase.auth() returns an Auth object. As you can see from the API documentation, there is no getUserByEmail method. on it. You're probably looking at the API documentation for Auth from the Firebase Admin SDK, which does not work on web clients. It only works on backends running nodejs.
If you want to use getUserByEmail, you'll need to run it on a backend, and invoke that from your web client.
You should know that linking user accounts does actually require the use of this method. You link accounts after the user has signed in to both of them.
So I am creating a website to learn some PHP/Javascript/HTML/CSS and so on and I ran into a problem to which I can't come up with a solution. So basically I have regular login form using PHP which uses POST to send the data and authenticate. I also want to integrate external Twitch.tv OAuth2 authentication.
By using normal PHP login I store my information inside PostgreSQL database using php. I want to do something similar using OAuth2. For example store Twitch.tv name as a username inside the database and token as a password.
The problem is that the external authentication I am using is based on their Javascript API and it stores the information inside the DOM storage which I found is unable to be access by using PHP. The redirect_uri with a token is also a fragment which can't be retrieved by PHP.
Should I just scrap the JS part and try doing it entirely in PHP?
Side question: I checked other website which also uses Twitch authentication and it uses these callback links "https://api.nightbot.tv/auth/twitch/callback?code=****". What exactly are these callbacks?
You should use redirects as you implied with JS frameworks. It works the same with Facebook.
The redirects are used with a token. Usually you generate on your side a random token that you store in the session.
Once the user logs in using the JS API, the API will redirect to a callback page (PHP in your case).
In that page, you verify the token once (that you had passed and got back, must be the same), and also you get another token from the API to use with the API.
At this point you can get the user information by querying the API using the API token.
You get the user info from the API and then you can query your down DB at this point to log the user in etc.
I hope this helps..
I'm currently building a frontend client for my own Apigility API.
The API uses OAuth 2.0 Authentication which is working fine.
I want to create an AngularJS Landingpage to let the users authenticate by entering their credentials. Because the Client is created with JavaScript,
I shouldn't save the client_secret in the Client, correct?
I have read a lot of posts, but still haven't the right solution.
Is it correct to use the implicit grant type for this scenario?
This procedure is working, I'm being redirected to the authentication server,
after the client authorization and entering credentials, I get back to the client (authenticated).
But I don't want to get redirected to another authentication page.
Is it also possible to authenticate directly and secure on the angularJS frontend?
Thanks,
Simon
You should take a look at this post i made:
https://stackoverflow.com/a/42443878/2963703
It details how to do this using the Spotify API. Your page won't get redirected, instead a popup window will open in which the user authorizes themselves. Once they're authorized the window will close itself and in your main page you will have the access token you need.
Goal: A single page application that uses Facebook authentication to login, but does nothing with Facebook after that.
Tech: Facebook Javascript SDK, AngularJS, angular-ui, .Net Web Api
I'm creating a Single Page Application (SPA) in Javascript using AngularJS. I'm using the Facebook SDK which is working to authenticate the user; it returns me a facebook user id, an access token, token expiry time, a signed request, and some other stuff, all on the client side. I then pass this information to my service, mostly because I feel I should. After this I don't really care about Facebook. But I want to make calls to the server to load the user's data.
I could just make all requests using the facebook user id, but there would be no security because any client could just call that endpoint and pass any user id until they found a valid one.
I could use the access token on each request as well, but I still think this is a security failure; when the user first logs in and I pass it to the server, well that endpoint could also be called by any client... "LoginServer('myfakeaccesstoken', $knownUserId)
I get the feeling that I should validate the token on the server side back with facebook, and then I can safely rely on teh token on future API calls, but I'm wondering if there are any other approaches?
The Facebook documentation seems to focus too much on me wanting to make follow up calls to their graph API when I really don't care after my user is authenticated.
I would like to access a user's Outlook emails with my javascript app.
Google makes this very easy using Oauth and it's restful Gmail API.
I have tried researching similar options for Outlook, but I can't seem to find a good way to authenticate a user with Oauth 2.0, then access their message inbox.
Are there any Microsoft technology experts that can point me to some resources to get started here?
I am restricted to using only client-side code as this is for a phonegap mobile application. I would like to continue using oauth-io but I realize that may not be an option.
I was having a hard time tracking down the process for getting the emails as well. Anyway, first things first, you'd need to register your app for OAuth here. This page describes some more details on the registration and also how to access the needed API.
Although you can do the calls via Javascript, there are some security issues because you'd eventually need to send your client secret. It might be safer to do some parts in the server side.
First step is getting the user to login and retrieving the access token.
https://login.live.com/oauth20_authorize.srf?client_id=[CLIENT_ID]&scope=wl.imap wl.offline_access&response_type=code&redirect_uri=[REDIRECT_URI]
On the server side, exchange the access code for an access token:
https://login.live.com/oauth20_token.srf?client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]&code=[ACCES_CODE]&grant_type=authorization_code&redirect_uri=[REDIRECT_URI]
Get user's email and other account info (Python sample codes):
https://apis.live.net/v5.0/me?access_token=[AUTH_TOKEN]
Retrieve emails via IMAP using the email address from emails>preferences in previous reply (see more details here). It would look something like this in Python:
import imaplib
mail = imaplib.IMAP4_SSL('imap-mail.outlook.com')
username = [username]
access_token = [access_token]
auth_string = 'user=%s\1auth=Bearer %s\1\1' % (username, access_token)
mail.authenticate('XOAUTH2', lambda x: auth_string)
mail.list()
You can look at existing IMAP libraries to retrieve the actual emails from there. Here's one for python.