I am using `passport` in `laravel` for authenticating my users in APIs. I am able to authenticate different types of users from different tables and generating different token for them but the routes are not protected. For example. A user can access the routes like this Route::group(['middleware' => 'auth:api'], function () { Route::group(['prefix' => 'v1'], function () { Route::get('get-seller-list','API\v1\SellersController@index'); }); }); and A doctor can access the routes like Route::group(['middleware' => 'auth:sellers'], function () { Route::group(['prefix' => 'v1'], function () { Route::get('get-seller-detail','API\v1\TestController@getDetails'); }); }); but this `middleware` check doesn't seem to be working as I can access all the routes …

Member Avatar
Member Avatar
+0 forum 2

I try to implement this oauth2 config in my web application https://github.com/ksoumi/SpringSecurityOAuth2. The only difference is that he used an authentication manager with hardcoded username and password. I already have a login with spring security. I have merged only the oauth2 config in my spring-security.xml. I get HTTP status 404 when I try to access the token URL: http://localhost:8080/LEAVE_PROCESS/oauth/token?grant_type=password&client_id=testclient&client_secret=testsecret&username=test&password=test Why can't I access this url? My login is still working fine with my spring security. <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security"> <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> <anonymous enabled="false" …

Member Avatar
Member Avatar
+0 forum 1

I've been reading up on best practices for securely storing clientids and clientsecrets: http://www.asp.net/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure I have created a secret.config file and stored my secrets in there and have put a reference to the file in <appSettings file="..\..\secrets.config"> I am using app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() { ClientId = "", ClientSecret = "" }); What I need to do is somehow call the clientid and clientsecret but I can't find anywhere how to access it from the external file that I created. Would anybody know how to do this? Or know of a better way of doing this?

Member Avatar
+0 forum 0

Hello, I got an assignement: to validate a google oauth2 access token using email address.... What is the simplest way of doing it? Can anyone give me some hint? I am desperate here... trying to figure it out.. but I cannot find anything understandable... So far, I discovered how to get an API key.. (I found a sample code for a google map) and it required this API key... I am really confused... can anyone give me some hint? thanks

Member Avatar
+0 forum 0

Dear Friends, I am using Simple-REST Library for my REST Web service purpose . I need to integrate "OAuth2" with my REST API skeleton. I attached the REST - API Client & Server for your reference . Please check it and help me with a good solution for implementation. Thanks, Anes

Member Avatar
Member Avatar
+0 forum 5

The End.