Hi Fundingbox team,
We've noticed that by some accounts the oAuth API
http://api.fundingbox.com/users/me returns different JSONs.
I tested it by RESTClient, using the generated access_token and these
are the results:
By the email *momentis at outlook.it:*
{
"user": {
"_id": "599d4317af59fc7d798b4567",
"signup": "2017-08-23T08:55:51.368Z",
"username": "filmomenti",
"password": "8ce89e2915ad12ade1d4846e78ab9a3ee422946f",
"last_visit": "2017-09-20T12:38:49.000Z",
"loc": {
"id": "",
"name": "Italy"
},
"status": {
"online": false,
"lastLogin": {
"date": "2017-09-20T10:47:54.032Z",
"ipAddr": "172.31.20.160",
"userAgent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
}
},
"verified": true,
"subscriptions": [],
"following": [],
"services": {
"resume": {
"loginTokens": [
{
"hashedToken": "gDdskFj2zp0DpjSITOGvqbp7kA9XA/h+KInXyMzuLI0=",
"when": "2017-09-11T13:45:09.711Z"
},
{
"hashedToken": "221lQzT5CnU7cVxikaXfRryglU02QYntGqgcARtxKrg=",
"when": "2017-09-11T15:18:39.807Z"
},
{
"hashedToken": "rk18Q2hY0pX/3j80UJoHngjm46X3L9zdz7PyG99PwX4=",
"when": "2017-09-20T07:57:27.791Z"
},
{
"hashedToken": "4djb6EpEXVolr69s3cu/d9oKVkctEoF1lvRU3PN/Nu8=",
"when": "2017-09-20T10:47:12.290Z"
},
{
"hashedToken": "Is1WHRfVSUKRe+RNUdV4MKi4TLuuJLAq1Vgycto2GGI=",
"when": "2017-09-20T10:47:13.430Z"
},
{
"hashedToken": "mDT8E9NiN3ug+BGmrWYpwAOA1PEdYOKZ+iy/BN8ghTo=",
"when": "2017-09-20T10:47:13.922Z"
}
]
},
"password": {
"bcrypt":
"$2a$10$fASjq3LzluQGdVouLkyzLeYExAQSmZXLR5fU3/RdHFH6M/npEdlfa"
}
},
"profile": {
"uname": "filmomenti",
*"email": "momentis at outlook.it",*
"uavatar":
"//www.gravatar.com/avatar/2948d5c7fd80a197b616c81d373bf0a0?d=identicon",
"timezone": "Europe/Rome",
"email_hash": "2948d5c7fd80a197b616c81d373bf0a0",
"notifications": {
"digest": true,
"announcements": true,
"newsletter": true
},
"name": {
"first": "Fil",
"last": "Momenti"
}
},
"account": {
"uname": "filmomenti",
"email": "momentis at outlook.it",
"uavatar":
"//www.gravatar.com/avatar/2948d5c7fd80a197b616c81d373bf0a0?d=identicon",
"name": {
"first": "Fil",
"last": "Momenti"
}
}
}
}
By the email *filippo.giuffrida**@eng.it:*
{
"user": {
"_id": "kpmHXCZkyTxoz7YKY",
"createdAt": "2017-08-22T12:54:26.529Z",
"username": "filgiuffrida",
"status": {
"online": false,
"lastLogin": {
"date": "2017-09-19T12:29:08.206Z",
"ipAddr": "172.31.6.21",
"userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)
Gecko/20100101 Firefox/55.0"
}
},
"last_visit": "2017-09-19T12:48:02.000Z",
"subscriptions": [],
"following": [],
"services": {
"email": {
"verificationTokens": []
},
"resume": {
"loginTokens": [
{
"hashedToken": "dwai5Hp/cwbpRQoVaenhUt/KkAWt6bGmE5SHHhnVm/Q=",
"when": "2017-08-22T12:54:30.194Z"
},
{
"hashedToken": "rOSz7Q4BghujJ8OOiCSmWBNXSaCrfoh2CCnN3Hu9U48=",
"when": "2017-08-22T12:54:48.478Z"
},
{
"hashedToken": "/KSMCK/3MeraRl+aArRA8tj/+bGGRuSYYlUNZFRt3xg=",
"when": "2017-08-22T12:58:02.112Z"
},
{
"hashedToken": "yXkWDy/DbaiCdg8jb6ClHGzZbRIGI0fMoVY0XTDCy9M=",
"when": "2017-08-22T12:58:22.944Z"
},
{
"hashedToken": "LyQqrv5V9Lvn6hxjgjhFNc+WmVihpMo1do6Vn42U9KY=",
"when": "2017-08-22T13:44:10.109Z"
},
{
"hashedToken": "i1Fmkd26YNRFwQouQu4Do4RhMEwnYXnD0iOBT1+P5Fg=",
"when": "2017-08-22T13:56:25.073Z"
},
{
"hashedToken": "sT+22mW0CuMEJcJkMu/Th3SRtlbZsG6qK8hbgiPtmns=",
"when": "2017-08-23T08:49:34.418Z"
},
{
"hashedToken": "FA2cDlHaFrItSHSa+MOLgQ2pHdU4dwFF50oyE9/CiHo=",
"when": "2017-08-30T13:06:24.760Z"
},
{
"hashedToken": "ptoR8W8EYcqLc+uYE6vyd+IQPwCV4kWpBQGPR7cCMSc=",
"when": "2017-09-19T12:29:08.023Z"
}
]
},
"password": {
"bcrypt":
"$2a$10$0M3MtiBCbRkNDHh9E.RTzeOWAT1wsb9Yx3AYeUcRzta9NcSzvd9FW"
}
},
"profile": {
"uname": "filgiuffrida",
*"email_hash": "17acec7a2780b914ef19ec2d1bf77d34",*
"uavatar":
"//www.gravatar.com/avatar/17acec7a2780b914ef19ec2d1bf77d34?d=identicon",
"timezone": "Europe/Rome",
"company_type": "corporation",
"searching_funding": false,
"searching_projects": false,
"notifications": {
"digest": false,
"announcements": false,
"newsletter": false
},
"name": {
"first": "Filippo",
"last": "Giuffrida"
}
},
"account": {
"uname": "filgiuffrida",
"email_hash": "17acec7a2780b914ef19ec2d1bf77d34",
"uavatar":
"//www.gravatar.com/avatar/17acec7a2780b914ef19ec2d1bf77d34?d=identicon",
"notifications": {
"digest": true,
"announcements": true,
"newsletter": true
},
"name": {
"first": "Filippo",
"last": "Giuffrida"
}
}
}
}
As you can see in the first case the JsonObject "Profile" has the
attribute "email", instead in the second case the JsonObject "Profile"
doesn't have the attribute "email", but "email_hash"
Also Giovanni had the same problems by his account
giovanni.aiello at gmail.com <mailto:giovanni.aiello at gmail.com>
Please could you check and let me know?
Consider that without the email address the user cannot do login on
Liferay. :-(
Best Regards
/Filippo/
Il 19/09/2017 14:45, Filippo Giuffrida ha scritto:
>
> Hi Fundingbox team,
>
> I have a problem with my account filippo.giuffrida at eng.it on
> http://accounts.fundingbox.com.
>
> It doesn't return any email address via oAuth API when used as SSO.
>
> The SSO works fine by an other email momentis at outlook.it
>
> I've also tried to reset the password.
>
> Please, could you take a look and let me know ?
>
> Thank you
>
> Regards
>
> /Filippo/
>
>
> Il 31/08/2017 13:47, Jose Alonso ha scritto:
>> Hi Filippo,
>>
>> I think yes, you're right, we should add a "Remember me on this
>> computer (only for private computer)" checkbox. Unless Jorge has
>> other point of view :)
>>
>> Thanks for the observation!
>>
>> Regards,
>>
>> Jose
>>
>> On Wed, Aug 30, 2017 at 12:40 PM, Filippo Giuffrida
>> <filippo.giuffrida at eng.it <mailto:filippo.giuffrida at eng.it>> wrote:
>>
>> Hi Jose,
>>
>> I agree with you about your requirements on tab closing. IMHO it
>> may also be acceptable, considering same browser istance = same user.
>>
>> IMHO the security issue is that an user closes the browser (not
>> only one tab, but totally the browser) and the fundingbox session
>> remains active. Do you agree ?
>>
>> Usually some web applications work in this way only if the user
>> gives the OK by a specific field as "Remember me on this computer
>> (only for private computer)".
>>
>> Regards
>> /Filippo/
>>
>>
>> Il 30/08/2017 11:38, Jose Alonso ha scritto:
>>> Hi Filippo,
>>>
>>> In our case, we have different applications that would be opened
>>> at the same time (in different tabs for example) and all of them
>>> can share the same login. Closing a tab (an application) we
>>> don't want to logout the user because the logout will occur in
>>> all applications that the user has opened. So, for us, I don't
>>> see it as security issue, but I understand in your case will be.
>>>
>>> About closing a tab and logout the user, I see it differently as
>>> you. I think logout should be done on the client (of course we
>>> have to provide the methods for that :), but it just my opinion,
>>> maybe Jorge has a different opinion :)
>>>
>>> Regards,
>>>
>>> Jose
>>>
>>>
>>>
>>> On Tue, Aug 29, 2017 at 3:09 PM, Filippo Giuffrida
>>> <filippo.giuffrida at eng.it <mailto:filippo.giuffrida at eng.it>> wrote:
>>>
>>> Hi Jose,
>>>
>>> ok, if you want, we can wait for the Jorge's opinion, though
>>> for us it would be simpler if the accounts.fundingbox.com
>>> <http://accounts.fundingbox.com> session is cleaned when the
>>> user closes the browser. This is a general security issue of
>>> accounts.fundingbox.com <http://accounts.fundingbox.com>,
>>> isn't it?
>>>
>>> I'm thinking that, in any case, if an user closes the
>>> browser without clicking on logout, the Liferay session
>>> should be cleaned but the accounts.fundingbox.com
>>> <http://accounts.fundingbox.com> session would remain
>>> active. Do you agree?
>>>
>>> Regards
>>>
>>> /Filippo/
>>>
>>> Il 29/08/2017 14:50, Jose Alonso ha scritto:
>>>> Hi Filippo,
>>>>
>>>> Not actually.
>>>>
>>>> I think we can add a second parameter (for instance
>>>> ?doLogout=true&redirect_url=http://figlobal.eng.it
>>>> <http://figlobal.eng.it/>) but I would like to know about
>>>> Jorge's opinion :)
>>>>
>>>> Regards,
>>>>
>>>> Jose
>>>>
>>>> On Tue, Aug 29, 2017 at 2:39 PM, Filippo Giuffrida
>>>> <filippo.giuffrida at eng.it
>>>> <mailto:filippo.giuffrida at eng.it>> wrote:
>>>>
>>>> Hi Jose,
>>>>
>>>> the URL http://accounts.fundingbox.com/?doLogout=true
>>>> <http://accounts.fundingbox.com/?doLogout=true>
>>>> redirects to http://accounts.fundingbox.com/login
>>>> <http://accounts.fundingbox.com/login>, I think that an
>>>> user that logouts on FIA should be redirected on the
>>>> FIA login page, not on FundingBox Login.
>>>>
>>>> Is there a way to set the redirect page ?
>>>>
>>>> Please, let me know.
>>>>
>>>> Best Regards
>>>>
>>>> /Filippo/
>>>>
>>>>
>>>> Il 29/08/2017 13:24, Jose Alonso ha scritto:
>>>>> Hi Filippo,
>>>>>
>>>>> Yes, you're right. The sessions remains active. I
>>>>> think the best way to handle this is that client could
>>>>> call a logout method and sessions will be closed.
>>>>>
>>>>> Actually you can invoke the
>>>>> http://accounts.fundingbox.com/?doLogout=true
>>>>> <http://accounts.fundingbox.com/?doLogout=true> URL to
>>>>> logout the user via accounts. Could you call this URL
>>>>> when user logouts FIA (if logged with funding box
>>>>> account of course)?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Jose
>>>>>
>>>>> On Tue, Aug 29, 2017 at 11:47 AM, Filippo Giuffrida
>>>>> <filippo.giuffrida at eng.it
>>>>> <mailto:filippo.giuffrida at eng.it>> wrote:
>>>>>
>>>>> Hi Jose,
>>>>>
>>>>> ok, this new client_id works fine for
>>>>> figlobal.eng.it <http://figlobal.eng.it>. If you
>>>>> want, you can test it by the following link
>>>>>
>>>>>
>>>>>
>>>>> I've noticed that the session of
>>>>> accounts.fundingbox.com
>>>>> <http://accounts.fundingbox.com> remains active
>>>>> when the user close the tab/browser.
>>>>>
>>>>> This means that:
>>>>>
>>>>> 1. User A clicks to sign in on FIA by FundingBox
>>>>> account
>>>>> 2. User A inserts the own credentials on
>>>>> accounts.fundingbox.com
>>>>> <http://accounts.fundingbox.com>
>>>>> 3. User A logins and uses FIA
>>>>> 4. User A clicks on FIA logout. The Liferay
>>>>> session is cleaned, but (not having the Single
>>>>> Log out) the fundingbox session remains active.
>>>>> 5. User A closes the browser. *Here the
>>>>> **fundingbox session should be cleaned, but
>>>>> instead it remains active.*
>>>>> 6. User B clicks to sign in on FIA by FundingBox
>>>>> account
>>>>> 7. *User B is logged by the **FundingBox account
>>>>> of the user A*.
>>>>>
>>>>> It's an issue.
>>>>>
>>>>> Please, could you take a look ?
>>>>>
>>>>> It would be enough to clean the
>>>>> accounts.fundingbox.comm session when the user
>>>>> close the tab/browser.
>>>>>
>>>>> Thank you in advance
>>>>>
>>>>> Best Regards
>>>>>
>>>>> /Filippo/
>>>>>
>>>>>
>>>>> Il 29/08/2017 10:39, Jose Alonso ha scritto:
>>>>>> Hi Filippo,
>>>>>>
>>>>>> I added a new client_id=59a52664e6c736834bd0cd2a
>>>>>> that redirects to
>>>>>> http://figlobal.eng.it/authorize.html
>>>>>> <http://figlobal.eng.it/authorize.html>
>>>>>>
>>>>>> Could you please try that?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Jose
>>>>>>
>>>>>> On Mon, Aug 28, 2017 at 4:17 PM, Filippo
>>>>>> Giuffrida <filippo.giuffrida at eng.it
>>>>>> <mailto:filippo.giuffrida at eng.it>> wrote:
>>>>>>
>>>>>> Hi FundingBox team,
>>>>>>
>>>>>> I ended up developing the SSO with FundingBox
>>>>>> oAuth on my local environment by the
>>>>>> client_id=597867a6e6c736834bd0cd1a that
>>>>>> redirects to localhost:3000/authorize.html.
>>>>>>
>>>>>> Please could you provide an additional
>>>>>> client_id that redirects to
>>>>>> *http://figlobal.eng.it**/authorize.html* ?
>>>>>>
>>>>>> Thank you in advance
>>>>>>
>>>>>> Best Regards
>>>>>>
>>>>>> /Filippo/
>>>>>>
>>>>>> Il 24/08/2017 13:34, Jose Alonso ha scritto:
>>>>>>> Hi Filippo,
>>>>>>>
>>>>>>> Could you try now? Since this morning seems
>>>>>>> the api didn't respond in some situations.
>>>>>>>
>>>>>>> Sorry for the inconvenience!
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Jose
>>>>>>>
>>>>>>> On Thu, Aug 24, 2017 at 11:07 AM, Filippo
>>>>>>> Giuffrida <filippo.giuffrida at eng.it
>>>>>>> <mailto:filippo.giuffrida at eng.it>> wrote:
>>>>>>>
>>>>>>> Dear FundingBox Team,
>>>>>>>
>>>>>>> since this morning the server of
>>>>>>> http://api.fundingbox.com/users/me
>>>>>>> <http://api.fundingbox.com/users/me>
>>>>>>> doesn't seem to work.
>>>>>>>
>>>>>>> The Ajax call returns a pending status
>>>>>>> that ends with a 502 error
>>>>>>>
>>>>>>>
>>>>>>> Yesterday evening it was working fine.
>>>>>>>
>>>>>>> Please, could you take a look and give
>>>>>>> me a feedback ?
>>>>>>>
>>>>>>> Thank you in advance
>>>>>>>
>>>>>>> Best Regards
>>>>>>>
>>>>>>> /Filippo/
>>>>>>>
>>>>>>>
>>>>>>> Il 24/08/2017 01:43, Jorge Fernandez ha
>>>>>>> scritto:
>>>>>>>> Hi Filippo, thanks for reporting this.
>>>>>>>> It's quite strange, I didn't had time
>>>>>>>> to check it properly, but looks like
>>>>>>>> the two systems are using different
>>>>>>>> cost parameters in their hashing
>>>>>>>> functions, but not always, and this is
>>>>>>>> the strange thing, because at least my
>>>>>>>> account is working exactly the same in
>>>>>>>> both systems.
>>>>>>>>
>>>>>>>> Anyway, thanks for telling us ;) ,
>>>>>>>> we'll investigate it and fix it asap.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Jorge
>>>>>>>>
>>>>>>>> On Wed, Aug 23, 2017 at 10:51 AM,
>>>>>>>> Filippo Giuffrida
>>>>>>>> <filippo.giuffrida at eng.it
>>>>>>>> <mailto:filippo.giuffrida at eng.it>> wrote:
>>>>>>>>
>>>>>>>> Dear FundingBox Team,
>>>>>>>>
>>>>>>>> I followed the Jorge's suggestions,
>>>>>>>> getting these results:
>>>>>>>>
>>>>>>>> * I cannot reset my password for
>>>>>>>> the account
>>>>>>>> filippo.giuffrida at eng.it
>>>>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>>>>
>>>>>>>> * I clicked on the link shown in
>>>>>>>> the following image
>>>>>>>>
>>>>>>>>
>>>>>>>> * I tried to use the same email
>>>>>>>> address
>>>>>>>> (filippo.giuffrida at eng.it
>>>>>>>> <mailto:filippo.giuffrida at eng.it>)
>>>>>>>> and the system (rightly) gave
>>>>>>>> my an error
>>>>>>>>
>>>>>>>> * I changed the email address in
>>>>>>>> filgiuffrida at outlook.it
>>>>>>>> <mailto:filgiuffrida at outlook.it>,
>>>>>>>> the account was created
>>>>>>>> successfully and the login
>>>>>>>> works fine, redirecting to
>>>>>>>> http://localhost:3000/authorize.html#access_token=599d3fc4af59fc84788b4567&token_type=Bearer&expires=1504773700&expires_in=1296000
>>>>>>>> <http://localhost:3000/authorize.html#access_token=599d3fc4af59fc84788b4567&token_type=Bearer&expires=1504773700&expires_in=1296000>
>>>>>>>> * I tried to create an other
>>>>>>>> account by the page
>>>>>>>> https://fundingbox.com/signin
>>>>>>>>
>>>>>>>>
>>>>>>>> and the account
>>>>>>>> l346261 at mvrht.net
>>>>>>>> <mailto:l346261 at mvrht.net> gave
>>>>>>>> me the same problems of
>>>>>>>> filippo.giuffrida at eng.it
>>>>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>>>> (I cannot use it on
>>>>>>>> http://accounts.fundingbox.com/login
>>>>>>>> <http://accounts.fundingbox.com/login>)
>>>>>>>>
>>>>>>>> I got the following conclusions:
>>>>>>>>
>>>>>>>> 1. If you create the account by
>>>>>>>> https://fundingbox.com/signin,
>>>>>>>>
>>>>>>>> * it works fine on
>>>>>>>> https://fundingbox.com/signin
>>>>>>>>
>>>>>>>> * it doesn't work on
>>>>>>>> http://accounts.fundingbox.com/login
>>>>>>>> <http://accounts.fundingbox.com/login>
>>>>>>>>
>>>>>>>> 2. If you create the account by
>>>>>>>> http://accounts.fundingbox.com/login
>>>>>>>> <http://accounts.fundingbox.com/login>,
>>>>>>>>
>>>>>>>>
>>>>>>>> * it works fine on
>>>>>>>> http://accounts.fundingbox.com/login
>>>>>>>> <http://accounts.fundingbox.com/login>
>>>>>>>>
>>>>>>>> * it works fine on
>>>>>>>> https://fundingbox.com/signin
>>>>>>>>
>>>>>>>> In this way I'm able to proceed
>>>>>>>> with my development, but we should
>>>>>>>> keep in mind that this account
>>>>>>>> managementisn't working fine
>>>>>>>> andwith these bugs it cannot be
>>>>>>>> used in a production context.We
>>>>>>>> need to solve these problems, do
>>>>>>>> you agree ?
>>>>>>>>
>>>>>>>> Best Regards
>>>>>>>>
>>>>>>>> /Filippo/
>>>>>>>>
>>>>>>>> Il 22/08/2017 23:21, Jorge
>>>>>>>> Fernandez ha scritto:
>>>>>>>>> Hi Filippo, please try again,
>>>>>>>>> reseting your password here:
>>>>>>>>> http://accounts.fundingbox.com/login
>>>>>>>>> <http://accounts.fundingbox.com/login>
>>>>>>>>>
>>>>>>>>> I'll be out till Sept. 1, but I'll
>>>>>>>>> try to check the email from time
>>>>>>>>> to time, so you can contact me or
>>>>>>>>> try to contact my colleague Jose:
>>>>>>>>> jose.alonso at fundingbox.com
>>>>>>>>> <mailto:jose.alonso at fundingbox.com>
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Jorge
>>>>>>>>>
>>>>>>>>> On Tue, Aug 22, 2017 at 3:16 PM,
>>>>>>>>> Filippo Giuffrida
>>>>>>>>> <filippo.giuffrida at eng.it
>>>>>>>>> <mailto:filippo.giuffrida at eng.it>>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hi Jorge,
>>>>>>>>>
>>>>>>>>> I'm trying to use the example
>>>>>>>>> provided by you.
>>>>>>>>>
>>>>>>>>> I've created an account on
>>>>>>>>> https://fundingbox.com/ with
>>>>>>>>> email filippo.giuffrida at eng.it
>>>>>>>>> <mailto:filippo.giuffrida at eng.it>,
>>>>>>>>> I've verified the email and I
>>>>>>>>> access fine on
>>>>>>>>> https://fundingbox.com/
>>>>>>>>>
>>>>>>>>> I've tried to access by a
>>>>>>>>> blank browser to
>>>>>>>>> http://accounts.fundingbox.com/authorize?client_id=597867a6e6c736834bd0cd1a&response_type=token
>>>>>>>>> <http://accounts.fundingbox.com/authorize?client_id=597867a6e6c736834bd0cd1a&response_type=token>
>>>>>>>>> , it redirects to
>>>>>>>>> http://accounts.fundingbox.com/login
>>>>>>>>> <http://accounts.fundingbox.com/login>
>>>>>>>>> where the following form appears
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I've tried to access by the
>>>>>>>>> account
>>>>>>>>> filippo.giuffrida at eng.it
>>>>>>>>> <mailto:filippo.giuffrida at eng.it>,
>>>>>>>>> but it doesn't work, I got the
>>>>>>>>> message "*Your username or
>>>>>>>>> password are incorrect, please
>>>>>>>>> try again."*
>>>>>>>>>
>>>>>>>>> I've also tried to create an
>>>>>>>>> account by the link "Create an
>>>>>>>>> account" but it links to #
>>>>>>>>>
>>>>>>>>> Please, could you take a look ?
>>>>>>>>>
>>>>>>>>> Thank you in advance
>>>>>>>>>
>>>>>>>>> Best Regards
>>>>>>>>>
>>>>>>>>> /Filippo/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Il 26/07/2017 18:15, Jorge
>>>>>>>>> Fernandez ha scritto:
>>>>>>>>>> Hi Filippo,
>>>>>>>>>>
>>>>>>>>>> I've prepared a brief
>>>>>>>>>> document and a very basic
>>>>>>>>>> example using the "implicit
>>>>>>>>>> grant" flow.
>>>>>>>>>>
>>>>>>>>>> Example:
>>>>>>>>>> https://drive.google.com/file/d/0B29v6b3mGXyUUllZczNYRmsyZ1k/view?usp=sharing
>>>>>>>>>> <https://drive.google.com/file/d/0B29v6b3mGXyUUllZczNYRmsyZ1k/view?usp=sharing>
>>>>>>>>>> Document:
>>>>>>>>>> https://docs.google.com/document/d/14Bjn6ibrOgmq1P0sx5hDh_U98f5ypLOqUniy7Vpunvg/edit?usp=sharing
>>>>>>>>>> <https://docs.google.com/document/d/14Bjn6ibrOgmq1P0sx5hDh_U98f5ypLOqUniy7Vpunvg/edit?usp=sharing>
>>>>>>>>>>
>>>>>>>>>> This is probably the easier
>>>>>>>>>> one to implement, but if you
>>>>>>>>>> prefer to use a different
>>>>>>>>>> grant type just tell me and
>>>>>>>>>> we can prepare a different
>>>>>>>>>> example.
>>>>>>>>>>
>>>>>>>>>> The example is very basic,
>>>>>>>>>> using only javascript.
>>>>>>>>>> If you use php in your laptop
>>>>>>>>>> you can run it with this
>>>>>>>>>> command: php -S localhost:3000
>>>>>>>>>> If not, you'll need to upload
>>>>>>>>>> the files to a web server or
>>>>>>>>>> run it with node, etc...
>>>>>>>>>>
>>>>>>>>>> Here are the credentials
>>>>>>>>>> you'll need to use our
>>>>>>>>>> Accounts service:
>>>>>>>>>>
>>>>>>>>>> *authorization_url*:
>>>>>>>>>> http://accounts.fundingbox.com/authorize
>>>>>>>>>> <http://accounts.fundingbox.com/authorize>
>>>>>>>>>> *client_id*:
>>>>>>>>>> 597867a6e6c736834bd0cd1a
>>>>>>>>>> *client_secret (not needed if
>>>>>>>>>> using the implicit grant
>>>>>>>>>> type)*:
>>>>>>>>>> mac974348wncw084309du7tcnw084tcw846tndw86tbw
>>>>>>>>>>
>>>>>>>>>> The URI to redirect to after
>>>>>>>>>> the user grants/denies
>>>>>>>>>> permission is :
>>>>>>>>>> *http://localhost:3000/authorize
>>>>>>>>>> <http://localhost:3000/authorize>*
>>>>>>>>>> If you need to change it
>>>>>>>>>> you'll have to ask me to do it.
>>>>>>>>>>
>>>>>>>>>> After the user granted
>>>>>>>>>> permission you'll receive and
>>>>>>>>>> access_token and you should
>>>>>>>>>> use it to call our API to get
>>>>>>>>>> the user details like the
>>>>>>>>>> email, username, etc...
>>>>>>>>>> This can be done calling this
>>>>>>>>>> REST method: *(GET)
>>>>>>>>>> http://api.fundingbox.com/users/me
>>>>>>>>>> <http://api.fundingbox.com/users/me>*
>>>>>>>>>> (including a header
>>>>>>>>>> "Authorization": access_token)
>>>>>>>>>>
>>>>>>>>>> If you need any help or
>>>>>>>>>> examples to implement this
>>>>>>>>>> just tell me :)
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Jorge
>>>>>>>>>>
>>>>>>>>>> On Wed, Jul 26, 2017 at 10:59
>>>>>>>>>> AM, Jorge Fernandez
>>>>>>>>>> <jorge at fundingbox.com
>>>>>>>>>> <mailto:jorge at fundingbox.com>>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Filippo, sorry for my
>>>>>>>>>> late response, I'm been
>>>>>>>>>> out since friday.
>>>>>>>>>>
>>>>>>>>>> We have and OAuth2
>>>>>>>>>> authentication service
>>>>>>>>>> with the following grant
>>>>>>>>>> types:
>>>>>>>>>>
>>>>>>>>>> Authorization code grant
>>>>>>>>>> Implicit grant
>>>>>>>>>> Resource owner
>>>>>>>>>> credentials grant
>>>>>>>>>> Client credentials grant
>>>>>>>>>> Refresh token grant
>>>>>>>>>>
>>>>>>>>>> I guess the simplest
>>>>>>>>>> implementation would be
>>>>>>>>>> use the "implicit grant"
>>>>>>>>>> option, since it's quite
>>>>>>>>>> simple to implement from
>>>>>>>>>> scratch.
>>>>>>>>>> We are now preparing some
>>>>>>>>>> documentation and
>>>>>>>>>> examples, and I hope to
>>>>>>>>>> sent them to you during
>>>>>>>>>> the day.
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Jorge
>>>>>>>>>>
>>>>>>>>>> On Tue, Jul 25, 2017 at
>>>>>>>>>> 7:03 PM, Filippo
>>>>>>>>>> Giuffrida
>>>>>>>>>> <filippo.giuffrida at eng.it
>>>>>>>>>> <mailto:filippo.giuffrida at eng.it>>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Dear Jorge,
>>>>>>>>>>
>>>>>>>>>> did you receive the
>>>>>>>>>> following email, that
>>>>>>>>>> I sent to
>>>>>>>>>> fiware-fia-fundingbox-integration at lists.fiware.org
>>>>>>>>>> <mailto:fiware-fia-fundingbox-integration at lists.fiware.org>
>>>>>>>>>> ?
>>>>>>>>>>
>>>>>>>>>> Please, could you let
>>>>>>>>>> us know ?
>>>>>>>>>>
>>>>>>>>>> Thank you in advance
>>>>>>>>>>
>>>>>>>>>> Best Regards
>>>>>>>>>>
>>>>>>>>>> /Filippo/
>>>>>>>>>>
>>>>>>>>>> -------- Messaggio
>>>>>>>>>> Inoltrato --------
>>>>>>>>>> Oggetto: SSO
>>>>>>>>>> integration
>>>>>>>>>> Data: Mon, 24 Jul
>>>>>>>>>> 2017 16:11:09 +0200
>>>>>>>>>> Mittente: Filippo
>>>>>>>>>> Giuffrida
>>>>>>>>>> <filippo.giuffrida at eng.it>
>>>>>>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>>>>>>
>>>>>>>>>> A:
>>>>>>>>>> fiware-fia-fundingbox-integration at lists.fiware.org
>>>>>>>>>> <mailto:fiware-fia-fundingbox-integration at lists.fiware.org>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Dear Jorge,
>>>>>>>>>>
>>>>>>>>>> as Giovanni wrote in
>>>>>>>>>> a previous mail, one
>>>>>>>>>> of the first steps of
>>>>>>>>>> the our integration
>>>>>>>>>> should be:
>>>>>>>>>>
>>>>>>>>>> * Integration with
>>>>>>>>>> FundingBox via
>>>>>>>>>> OAuth 2.0 or CAS
>>>>>>>>>> (to be finally
>>>>>>>>>> agreed, after
>>>>>>>>>> information sent
>>>>>>>>>> by Jorge)
>>>>>>>>>>
>>>>>>>>>> Currently our tool
>>>>>>>>>> doesn't provide a
>>>>>>>>>> native module to use
>>>>>>>>>> OAuth 2.0 as SSO
>>>>>>>>>> system, so we should
>>>>>>>>>> develop it from scratch.
>>>>>>>>>>
>>>>>>>>>> An alternative route
>>>>>>>>>> that allows us to
>>>>>>>>>> reduce the time for
>>>>>>>>>> putting the SSO into
>>>>>>>>>> operation is the use
>>>>>>>>>> of CAS.
>>>>>>>>>> <https://en.wikipedia.org/wiki/Central_Authentication_Service>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Does FundingBox
>>>>>>>>>> implement the CAS
>>>>>>>>>> protocol ?
>>>>>>>>>>
>>>>>>>>>> Please, could you let
>>>>>>>>>> us know ?
>>>>>>>>>>
>>>>>>>>>> Thank you in advance
>>>>>>>>>>
>>>>>>>>>> Best Regards
>>>>>>>>>>
>>>>>>>>>> /Filippo/
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Filippo Giuffrida*
>>>>>>>>>> Researcher, Member of
>>>>>>>>>> the Public
>>>>>>>>>> Administration
>>>>>>>>>> Innovation Unit
>>>>>>>>>> Research and
>>>>>>>>>> Development Lab.
>>>>>>>>>> filippo.giuffrida at eng.it
>>>>>>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>>>>>>
>>>>>>>>>> *Engineering
>>>>>>>>>> Ingegneria
>>>>>>>>>> Informatica spa*
>>>>>>>>>> Viale Regione
>>>>>>>>>> Siciliana N.O. n.7275
>>>>>>>>>> 90146, Palermo (Italy)
>>>>>>>>>> Direct phone +39 -
>>>>>>>>>> 091 7511842
>>>>>>>>>> <tel:+39%20091%20751%201842>
>>>>>>>>>> Operator +39 - 091
>>>>>>>>>> 7511711
>>>>>>>>>> <tel:+39%20091%20751%201711>
>>>>>>>>>> www.eng.it
>>>>>>>>>> <http://www.eng.it>
>>>>>>>>>> --
>>>>>>>>>> *Filippo Giuffrida*
>>>>>>>>>> Researcher, Member of
>>>>>>>>>> the Public
>>>>>>>>>> Administration
>>>>>>>>>> Innovation Unit
>>>>>>>>>> Research and
>>>>>>>>>> Development Lab.
>>>>>>>>>> filippo.giuffrida at eng.it
>>>>>>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>>>>>>
>>>>>>>>>> *Engineering
>>>>>>>>>> Ingegneria
>>>>>>>>>> Informatica spa*
>>>>>>>>>> Viale Regione
>>>>>>>>>> Siciliana N.O. n.7275
>>>>>>>>>> 90146, Palermo (Italy)
>>>>>>>>>> Direct phone +39 -
>>>>>>>>>> 091 7511842
>>>>>>>>>> <tel:+39%20091%20751%201842>
>>>>>>>>>> Operator +39 - 091
>>>>>>>>>> 7511711
>>>>>>>>>> <tel:+39%20091%20751%201711>
>>>>>>>>>> www.eng.it
>>>>>>>>>> <http://www.eng.it>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> *Filippo Giuffrida*
>>>>>>>>> Researcher, Member of the
>>>>>>>>> Public Administration
>>>>>>>>> Innovation Unit
>>>>>>>>> Research and Development Lab.
>>>>>>>>> filippo.giuffrida at eng.it
>>>>>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>>>>>
>>>>>>>>> *Engineering Ingegneria
>>>>>>>>> Informatica spa*
>>>>>>>>> Viale Regione Siciliana N.O.
>>>>>>>>> n.7275
>>>>>>>>> 90146, Palermo (Italy)
>>>>>>>>> Direct phone +39 - 091 7511842
>>>>>>>>> <tel:+39%20091%20751%201842>
>>>>>>>>> Operator +39 - 091 7511711
>>>>>>>>> <tel:+39%20091%20751%201711>
>>>>>>>>> www.eng.it <http://www.eng.it>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Filippo Giuffrida*
>>>>>>>> Researcher, Member of the Public
>>>>>>>> Administration Innovation Unit
>>>>>>>> Research and Development Lab.
>>>>>>>> filippo.giuffrida at eng.it
>>>>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>>>>
>>>>>>>> *Engineering Ingegneria Informatica
>>>>>>>> spa*
>>>>>>>> Viale Regione Siciliana N.O. n.7275
>>>>>>>> 90146, Palermo (Italy)
>>>>>>>> Direct phone +39 - 091 7511842
>>>>>>>> <tel:+39%20091%20751%201842>
>>>>>>>> Operator +39 - 091 7511711
>>>>>>>> <tel:+39%20091%20751%201711>
>>>>>>>> www.eng.it <http://www.eng.it>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Filippo Giuffrida*
>>>>>>> Researcher, Member of the Public
>>>>>>> Administration Innovation Unit
>>>>>>> Research and Development Lab.
>>>>>>> filippo.giuffrida at eng.it
>>>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>>>
>>>>>>> *Engineering Ingegneria Informatica spa*
>>>>>>> Viale Regione Siciliana N.O. n.7275
>>>>>>> 90146, Palermo (Italy)
>>>>>>> Direct phone +39 - 091 7511842
>>>>>>> <tel:+39%20091%20751%201842>
>>>>>>> Operator +39 - 091 7511711
>>>>>>> <tel:+39%20091%20751%201711>
>>>>>>> www.eng.it <http://www.eng.it>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Filippo Giuffrida*
>>>>>> Researcher, Member of the Public
>>>>>> Administration Innovation Unit
>>>>>> Research and Development Lab.
>>>>>> filippo.giuffrida at eng.it
>>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>>
>>>>>> *Engineering Ingegneria Informatica spa*
>>>>>> Viale Regione Siciliana N.O. n.7275
>>>>>> 90146, Palermo (Italy)
>>>>>> Direct phone +39 - 091 7511842
>>>>>> <tel:+39%20091%20751%201842>
>>>>>> Operator +39 - 091 7511711
>>>>>> <tel:+39%20091%20751%201711>
>>>>>> www.eng.it <http://www.eng.it>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> *Filippo Giuffrida*
>>>>> Researcher, Member of the Public Administration
>>>>> Innovation Unit
>>>>> Research and Development Lab.
>>>>> filippo.giuffrida at eng.it
>>>>> <mailto:filippo.giuffrida at eng.it>
>>>>>
>>>>> *Engineering Ingegneria Informatica spa*
>>>>> Viale Regione Siciliana N.O. n.7275
>>>>> 90146, Palermo (Italy)
>>>>> Direct phone +39 - 091 7511842
>>>>> <tel:+39%20091%20751%201842>
>>>>> Operator +39 - 091 7511711
>>>>> <tel:+39%20091%20751%201711>
>>>>> www.eng.it <http://www.eng.it>
>>>>>
>>>>>
>>>>
>>>> --
>>>> *Filippo Giuffrida*
>>>> Researcher, Member of the Public Administration
>>>> Innovation Unit
>>>> Research and Development Lab.
>>>> filippo.giuffrida at eng.it <mailto:filippo.giuffrida at eng.it>
>>>>
>>>> *Engineering Ingegneria Informatica spa*
>>>> Viale Regione Siciliana N.O. n.7275
>>>> 90146, Palermo (Italy)
>>>> Direct phone +39 - 091 7511842 <tel:+39%20091%20751%201842>
>>>> Operator +39 - 091 7511711 <tel:+39%20091%20751%201711>
>>>> www.eng.it <http://www.eng.it>
>>>>
>>>>
>>>
>>> --
>>> *Filippo Giuffrida*
>>> Researcher, Member of the Public Administration Innovation Unit
>>> Research and Development Lab.
>>> filippo.giuffrida at eng.it <mailto:filippo.giuffrida at eng.it>
>>>
>>> *Engineering Ingegneria Informatica spa*
>>> Viale Regione Siciliana N.O. n.7275
>>> 90146, Palermo (Italy)
>>> Direct phone +39 - 091 7511842 <tel:+39%20091%20751%201842>
>>> Operator +39 - 091 7511711 <tel:+39%20091%20751%201711>
>>> www.eng.it <http://www.eng.it>
>>>
>>>
>>
>> --
>> *Filippo Giuffrida*
>> Researcher, Member of the Public Administration Innovation Unit
>> Research and Development Lab.
>> filippo.giuffrida at eng.it <mailto:filippo.giuffrida at eng.it>
>>
>> *Engineering Ingegneria Informatica spa*
>> Viale Regione Siciliana N.O. n.7275
>> 90146, Palermo (Italy)
>> Direct phone +39 - 091 7511842 <tel:+39%20091%20751%201842>
>> Operator +39 - 091 7511711 <tel:+39%20091%20751%201711>
>> www.eng.it <http://www.eng.it>
>>
>>
>
> --
> *Filippo Giuffrida*
> Researcher, Member of the Public Administration Innovation Unit
> Research and Development Lab.
> filippo.giuffrida at eng.it <mailto:filippo.giuffrida at eng.it>
>
> *Engineering Ingegneria Informatica spa*
> Viale Regione Siciliana N.O. n.7275
> 90146, Palermo (Italy)
> Direct phone +39 - 091 7511842
> Operator +39 - 091 7511711
> www.eng.it <http://www.eng.it>
--
*Filippo Giuffrida*
Researcher, Member of the Public Administration Innovation Unit
Research and Development Lab.
filippo.giuffrida at eng.it <mailto:filippo.giuffrida at eng.it>
*Engineering Ingegneria Informatica spa*
Viale Regione Siciliana N.O. n.7275
90146, Palermo (Italy)
Direct phone +39 - 091 7511842
Operator +39 - 091 7511711
www.eng.it <http://www.eng.it>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170920/6043f0af/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lidimkbadpcaiepk.png
Type: image/png
Size: 32521 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170920/6043f0af/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mhdpaloaofgkanlj.png
Type: image/png
Size: 24007 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170920/6043f0af/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nmdbcokakomjljpo.png
Type: image/png
Size: 10519 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170920/6043f0af/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: naajnndnjomfjgic.png
Type: image/png
Size: 13374 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170920/6043f0af/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nbjhplbdnnmjmigb.png
Type: image/png
Size: 11917 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170920/6043f0af/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ikkpanfeccadmmoc.png
Type: image/png
Size: 17467 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170920/6043f0af/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fmpoddjnaajjjped.png
Type: image/png
Size: 18176 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170920/6043f0af/attachment-0013.png>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy