OAuth2.0 | Starter Code for Auth & Auth course | Authentication library

How to send service emails

• from my backend with smtp.google.com or Gmail API while making sure
• the secret stored on the backend server can only be used to send emails from a specific sender?

Goal

• send user account activation emails from my backend
• use smtp.google.com or Gmail API (i.e. no own SMTP server)
• authenticate with OAuth2.0 (i.e. don't enable "less secure apps")

Current state

• implemented the email sending part
• for testing, I created a noreply@**.** Google Suite account
• for testing, I generated an accessToken via OAuth2 Playground
• using the accessToken I can send emails via smtp.googl.com

Problem

• Google suggests to use a service account for this
• But to send emails from no-reply@x.y I have to enable Domain-wide Delegation
• Domain-wide delegation allows to impersonate every domain account
• the secret stored on the backend should only allow to send mails from no-reply@**.**

Since some time it seems the NtlmAuthenticator of RestSharp is deprecated. The somewhere mentioned method of setting setting.UseDefaultCredentials = true; isn't available either.

So how can I use NTLM or Kerberos with RestSharp?
AND NO! I cannot say the other program, that I want to use LDAP or OAuth2.0 or whatever you think is appropriate. I have a program that says: "I have an API and you can authorize by LDAP/Kerberos and then you get data!" and I am not the programmer of that API.

Has anyone an idea of how to get my data with the newer versions of RestSharp or do I have to go back to old versions?

I am trying to configure my K8s app with TLS. I have 2 containers in that pod, one is OAuth2.0 proxy container and the other container has my backend code.

I am using OAuth2.0 for doing that. So basically, in the OAuth2.0 proxy pod, I provide tls-cert-file and tls-key-file. As I am using OAuth2.0 for authorisation, I figured I can use the same pod to enable HTTPS. However, after OAuth provider redirects to my application, I get 502 bad gateway.

This is the error I obtain in the OAuth container:

My situation is this. I have a legacy Angular application which calls a Node API server. This Node server currently exposes a /login endpoint to which I pass a user/pwd from my Angular SPA. The Node server queries a local Active Directory instance (not ADFS) and if the user authenticates, it uses roles and privileges stored on the application database (not AD) to build a jwt containing this user's claims. The Angular application (there are actually 2) can then use the token contents to suppress menu options/views based on a user's permissions. On calling the API the right to use that endpoint is also evaluated against the passed in token.

We are now looking at moving our source of authentication to an oAuth2.0 provider such that customers can use their own ADFS or other identity provider. They will however need to retain control of authorization rules within my application itself, as administrators do not typically have access to Active Directory to maintain user rights therein.

I can't seem to find an OIDC pattern/workflow that addresses this use case. I was wondering if I could invoke the /authorize endpoint from my clients, but then pass the returned code into my existing Node server to invoke the /token endpoint. If that call was successful within Node then I thought I could keep building my custom JWT as I am now using a mix of information from my oAuth2 token/userinfo and the application database. I'm happy for my existing mechanisms to take care of token refreshes and revoking.

I think I'm making things harder by wanting to know my specific application claims within my client applications so that I can hide menu options. If it were just a case of protecting the API when called I'm guessing I could just do a lookup of permissions by sub every time a protected API was called.

I'm spooked that I can't find any posts of anyone doing anything similar. Am I missing the point of OIDC(to which I am very new!).

Thanks in advance...

I have an app that has been running for years with no changes to the code. The app has OAuth2.0 login with a variety of providers including Google Workspace and Office 365. Since the launch of Chrome V97 (i.e. in last few days), the O365 login has stopped working, as for some reason, the auth cookie does not get set in the OAuth callback GET handler. The code that sets the cookie is the same code that is run for Google Workspace, yet this works. It also works on Firefox. Something about Google Chrome V97 is preventing cookies from being set, but only if it round trips to O365 first.

To isolate the issue, I have created a fake callback which manually sets a cookie, thereby removing all of the auth complication. If I call this by visiting the URL in a browser, then the cookie sets as expected. Yet if I perform the O365 OAuth dance first, which in turn invokes this URL, then the cookie does not get set. Try exactly the same thing with Google Workspace and it works.

I have been debugging this for hours and hours and clean out of ideas.

Can anyone shed any light on what could be causing this odd behaviour?

The desktop application I am developing (C#/.NET, WPF) uses a feature which requires connection to IMAP- and SMTP servers of the user. I am using a package called MailKit for this. Some of our users are using Microsoft365 and will require modern authentication in the future, as opposed to the basic authentication they are using right now. This is supported by MailKit and I am able to authenticate using OAuth2.0.

However, this requires a client secret, which expires after a certain amount of time (e.g. two years) after creation in Azure. This client secret is compiled with the application, after which the application is distributed. Does this mean the users need to update their installation at least every two years, so I can supply a new client secret? This is undesirable to our users. The best solution for me would be if I could refresh expired client secrets without the user having to perform any action.

I have a problem to send a envelope PDF. I'm following the documentation and populating the fields but when I use the send envelope show this error:
An unexpected error occurred. Error while requesting server, received a non successful HTTP code 401 with response Body: '{"errorCode":"AUTHORIZATION_INVALID_TOKEN","message":"The access token provided is expired, revoked or malformed."}' Please contact system administrator. Before to start a test I made the authorization access but don't works. Someone know if that is a change because of OAuth2.0 in the Private Key? Or I'm connecting wrong?

I created an Api in azure and recently tried to change to authentication method to access it via OAuth2.

I requested a token using https://login.microsoftonline.com/[TENANT]/oauth2/v2.0/token/ and tried to use it to access my api via postman.

Then I tried to use the received token to make a request to my api: I used Postman's Authorization pane to specify OAuth2.0 as the authentication method and set the Grant Type configuration to "implicit" and sent a request.

Configured like this, the request goes through using the "http" version of my api but as soon as I try to use the "https" version, I get a 401 error "Unauthorized".

Have I configured my api wrong ? Or am I using the wrong url to authenticate ?

Thanks a lot for your time.

I have built a django app, which it includes google Oauth2.0 login. I want to get google calendar events of every users when they login with Oauth2.0 and I wrote the following code. I saved the access token into UserAuth table and fetched it, then used it to get google calendar.