I am using apache couchdb, should fetch the event or notification when user or admin login to couchdb
/db/_changes this end point is available but it will fetch db changes not the user login details
Related
I have a question on micro-service architecture. example I have :
An authorization and authentication server which provide JWT (Keycloak for exemple)
2 micro service which communicate between them through REST.
1 micro service is a user service which create a new user in my database on each new user from the Keycloak (may be tomorrow we have Google or Github, it's important to take this in mind). When I'm creating a user I store his subject from claim in a specific field.
1 micro service which store the creatorId, the updateById for blog post for exemple.
Is it better to store in my creatorId and updatedById the subject (Like this I don't need to ask to my user service to identify who is a creator) or to store the userId from my user service and everytime call from my post-service which is the user that made the request (So I made Everytime a rest request to get the user which send the request by passing the JWT token to the user service).
IMO, sending Everytime a rest request will increase the load on the user service but a subject id for a different user can be the same for Google, Github and Keycloak.
I would do the following, so that you can move to a different Authorization Server (Google / Github) in future without too much impact:
User Service creates a row in its Users Table for each new user, with a database surrogate key as the main user id
This user id is saved to your creatorId / updateById fields
Meanwhile the OAuth Id / Sub claim is a column in the Users Table, but is not the main user identifier from business logic
The Posts Service can avoid calling the User Service on every single request if you cache claims in the Posts Service. Some resources of mine might give you some ideas that you can apply to your own solution:
User Management Blog Post
Claims Caching Blog Post
Claims Caching Code
Our Use case is Anyone can create a site in our platform bit as Wix lets say. Each Site has its own Community & Chat.
So I used my appId, secret key to create the user session token for the user of the site1 says site-1-user-1 for displaying the community of site1.
I used react-activity-feed components to display the timeline feed of user site-1-user-1 (timeline:site-1-user-1)
I also displayed status update from above the activity feeds using react component. So when I post in this status update form, the activity gets displayed as by site-1-user-1.
How do I post activity as a different user say site-1-user-2 using the same token? I want the timeline feed with status update form to be displayed as a discussion forum where any logged in user can post any topic and see other activities also.
I am able to do this using PHP and getStream SDK.
How is it possible by using the react component?
Stream restricts actions user is able to perform when using client-side tokens:
User is able to read any feed
User is able to make feeds with her user-id follow any feed
User is able to post to feeds with her user-id
Client side tokens can only be used to perform the actions as the user the token was created for.
If you need to be able to impersonate other users or post contents for users to feeds they have no access to you will have to user server-side stream api
I want to understand how to integrate auth of Google or Facebook with my database.
I have a login system with email and password, users table and messages table for that represent messages of users.
When someone registers, a new user with userID is created.
When a user login to the system with email and password he gets an auth token,
and for each action the user makes, like POST or GET requests for fetching or creating a new message, he sends the token he got and the system finds the userID by this token, and then finds his own messages.
Now I want to add Google and Facebook login, how should I do it now?
I can get from each of them a token. but the user isn't actually exists in my user table, so when I search the user by his token, I won't get anything, because he is not exists in the user table, and when I want to insert him to this table, I need to fill the password field there but I can't get it from google.
What should be the approach to do thing like this?
Thank you.
When they first login, you can request their email from Facebook or google, the user will give your application access to see their email address.
At this point you could create a new user with that email and add a flag to say they came from facebook/google.
The rest works as normal, they would get a token from your application and so on.
In case they come back and login again, you don't need to register them as they are already in your database.
In case you need extra info from them, (more then just the info you can request from facebook/google) you could redirect them to a special form, for their first login.
I have a button on my website.
When a user clicks that button I want to get the users id.
I know I can do req.session.passport.user and it will get the id of the user that is currently logged in.
But what if there are multiple users logged in. How does it know which user clicked the button?
Does req.session.passport.user hold all the current users that are logged in?
Does req.session.passport.user hold all the current users that are
logged in?
No, only about the user making the request. How PassportJS can get information about the user is from the cookies, request headers, body, etc, which compose the session.
So req (from Express, Restify, etc.), which is short for request, contains information only about the user making the request to the server. Note the singular user in req.session.passport.user. It doesn't have any information about the rest of the users that are browsing your website.
Has Instagram changed their API ??,I am not able to fetch Followers details even for public users .But Site like Crowdbabble ,Magi Matrics has access to the follower details for any user .How is this possible ,What am I supposed to do if I wanted to get the follower details for any User using Instagram API .I am Using "https://api.instagram.com/v1/users/{user-id}/relationship?access_token=ACCESS-TOKEN " this query to fetch the data ,replacing user id by by friends user id who is there in my sandbox list but still getting API Not Allowed Error.
The public APIs do not support getting user followers/following other than the authenticated user's
This change was in effect after June 1st 2016 API changes.