I am trying to Authenticate O365 Mail Rest API using Python 3 urllib, I am not able to find any samples using basic authentication. When using browser it does ask for authentication through interactive windows. How to achieve the same using urllib.
The authentication based on oAuth requires a user interaction in order to authenticate:
The authorization code is sent back to the application after the user
has been redirected to the authorization end point and authenticated.
So no basic authentication, you have to go though the oAuth process.
A similar problem on the Google platform is handled in various ways, one of them being user-based authentication but there is also provisionning for token based ones (no user interaction)
Related
I used to query my financial data through Power Query in Power BI. Recently I've switched to doing it through a python script running on Google Cloud functions, triggered by Cloud Scheduler. (is this the best way?) It saves a csv file to GCStorage.
The party that provides the data I'm after is switching to oAuth 2.0 using either implicit or authorization code flow. I believe this means that somewhere in this flow a browser is opened where username and password must be entered. Also I need to give a redirect uri to this party, I'm not sure how to implement this in my current setup.
Anyone have an idea? More info about the API can be found here. https://accounting.twinfield.com/webservices/documentation/#/ApiReference/Authentication/OpenIdConnect
Usually the Authorization Code flow would be the way to go in your kind of application.
You will send a authentication request to their API(redirecting the user). They will authenticate the User and redirect the user back to your application, using the redirect URI you provided.
You can get an access token or ID token from their token endpoint using the code, your client id and your client secret.
I'm currently developing a REST API with DRF for a web application. So I decided to use OAuth2 authentication system. After a little research, I understood that OAuth mostly used for authenticating third-party apps and what I want is simply authenticate the user to my website, not with Facebook or Google accounts. So token authentication seems to be the most secure way to do it and with OAuth is being too confusing and not suitable to me which authentication method should I follow? Is django's built-in TokenAuthentication secure to make a web-app? Should I use OpenId connect?
OAuth2 is a protocol to allow your website to access some API on behalf of the user whose data your trying to access (delegated authorization).
If you just want to know who your user is on your site (authentication), OpenID Connect is a protocol built on top of OAuth2 that gives you that information. It will give you a JWT id_token that has claims about the authenticated user.
I am trying to download a file from a SharePoint Online data library via REST API which uses a multi-factor ADFS authentication, so far I found these posts (Post1, Post2) which talk about sending a SAML request to STS to receive a security token from https://login.microsoftonline.com/extSTS.srf, I have found multiple examples online which uses the same method to authenticate their requests. However, when I send the SAML request to the above Microsoft URL, I receive the error below.
AADSTS50126: Error validating credentials due to invalid username or password.
I have appropriate access to the SharePoint data library as I was able to get a valid response to an API request (to check available lists and not for authentication) when using a browser with authenticated session. Any idea on what I might be doing wrong or even if authentication is possible for MFA secured SharePoint library.
There is no official word in any Microsoft Documentation to confirm this. But MFA account + AAD token is not compatible.
You have to use a service account (username/password) without MFA enabled for it. This will work when you invoke the SPO web api using the service account for getting tokens.
When you have a browser session in open state, the token will be available in cookies & you will be able to access the library without issue. The same applies to POSTMAN or SOAP-UI testing.
Because MFA needs user interaction, this is not possible. Refer this github issue: Trouble spo login with an account with multi-factor authentication
We do "Application User" concept in Dynamics CRM for the same approach. Read more
I'm building a python service that syncs data with Salesforce in both directions. To use the service, each user will have to authorise his own Salesforce account.
I've looked at Heroku Connect, but it doesn't seem to support a scenario where many different accounts can automatically be connected. Then looking at the API examples I noticed that almost always there is a user account as well as a password used in the request.
Being used to Gmail's APIs, I'm thinking if it is really necessary to ask for and save the user's password, or if there is another way to authenticate the requests. Requests will typically be initiated by the backend at random moments.
There's so much available from Salesforce that I am not sure where to start. Any suggestions would be appreciated.
You need to use the OAuth Web Flow to enable your app to make requests on behalf of a user. There is a Python utility to help with that: https://github.com/heroku/salesforce-oauth-request
I have an iOS app that uses an API powered by Django REST framework to store, update, fetch data from a database. I need to provide the two more following functionalities which stores the user data at the server:
Login with Email
Login with Facebook
There appears to be two different authentication systems that I can use:
Django User Authentication System
Django Rest Framework Authentication
How should I handle this in my API?
When you are using Django REST framework with iOS, unless you are using a browser, the standard Django authentication system is out of the question. This is exposed through the DRF authentication system as SessionAuthentication and it relies on your application being able to transfer cookies and the CSRF token with the request, which typically isn't possible.
In most situations where you are using the Django authentication system already, and you can trust your app storing passwords, you would use something like BasicAuthentiction. Most people can't though, or they don't trust their application ecosystem, so they use a token-based authentication system like TokenAuthentication or OAuth2Authorization (in combination with an OAuth provider). You can read more about each authentication type in this answer on Stack Overflow.
But in your situation, you are basically restricted to just using something like OAuth 2. This is because you need to associate a user with a token, and most authentication systems require you to provide a username and password. For social accounts, this usually isn't the case, and they would not normally be able to log in. OAuth 2 works in combination with the standard Django login, so you are not restricted to just a username and password. I've written more about how this works in this detailed Stack Overflow answer.