I am working on this project which has
franchise --> website --> jsr_franchise.com
customer --> website --> jsr_customer.com
I am using phone authentication Only.
both use same authentication to login
how do i distinguish wherther user logged in from customer franchise website?
When I use firebase function
exports.new_User_Added = functions.auth.user()
.onCreate(async (user) => {
database.ref(`/accountCreation/${user.uid}/phoneNumber/`).set(user.phoneNumber)
database.ref(`/accountCreation/${user.uid}/TIMESTAMP/`).set(admin.database.ServerValue.TIMESTAMP)
return Promise.resolve()
})
I am able to get phone number and time stamp. But how do I determine? Whether your user used Customer website or franchise website to authenticate.
With Firebase Authentication a user doesn't log in to a specific site, but they log in to the entire Firebase project. No information about what site triggered that log-in is passed to Cloud Functions.
The most common workaround I know of is to pass all the information that is needed to create the user into a callable Cloud Function or HTTP Cloud Function, create the account there, set a custom claim on their profile with the extra information you want to maintain, and only then sign the user in on the client.
Related
I use several providers, including credentials provider (email & password)
At some point, in the app, user can ask for 'restore password' email where he should get one-time link.
After he visits the link (/api/users/quick_link?token=XXX&email) I check if the token is valid and after that my goal is to login user and to redirect him to his profile page.
What have I tried:
Using 'nextauth/client' signIn function, which obviously does not work on back-end
Checking how they do 'email' provider - the starting part is more or less the same, but it quickly start using internal functions, which I do not plan (at least now) to touch.
What I have not tried:
Using REST API.
Because I am not sure how to use it from another api. Just await fetch?
Recap
Short version: after visiting /api/users/login_me_asap?myemail=xxx I want to login user and redirect him.
I'm super confused on how to create proper integrations from my web app to dropbox.
I want to list and create files from within the application.
I'm using NodeJS and the Dropbox JS SDK, so far so good.
But I'm not understanding on how to set up the authentication/authorization.
I've created a Dropbox application, generated an API key.
I pass the API Key in my call to the dropbox SDK:
var dbx = new Dropbox({
accessToken:
"ABC_MY_KEY_123"
});
dbx
.filesListFolder({ path: "" })
.then(function(response) {
console.log(response);
})
.catch(function(error) {
console.log(error);
});
I'm getting the following error back:
status: 400,
[0] error: 'Error in call to API function "files/list_folder": This API function operates on a single Dropbox account, but the OAuth 2 access token you provided is for an entire Dropbox Business team. Since your API app key has team member file access permissions, you can operate on a team member\'s Dropbox by providing the "Dropbox-API-Select-User" HTTP header or "select_user" URL parameter to specify the exact user https://www.dropbox.com/developers/documentation/http/teams
So, should my App have it's own user and then authenticate using that user?
Or is there an API which is Dropbox business wise ?
When first registering a Dropbox app, you choose between either the "Dropbox API" or the "Dropbox Business API". The former will give you an app for connecting to individual user accounts, and the latter will give you an app for connecting to entire Business teams.
The filesListFolder method you're trying to use is a user-specific method, i.e., it operates on a specific user account, and not a Business team entirely.
The error message is indicating that your access token is for a Business team, and so it doesn't know which user to operate on.
If you want any user to connect to your app, you should register a "Dropbox API" app instead.
Or, if you do want to connect to entire Dropbox Business teams only (and selected the "team member file access" permission), you can still use the user endpoints with an access token for a Dropbox Business API app. To do so, you need to specify the desired member ID in the selectUser parameter when making your Dropbox object.
I'm trying out the new model for unified app authentication using passport-azurea-ad from this reference https://learn.microsoft.com/en-us/azure/active-directory/active-directory-v2-devquickstarts-node-web
The integration is successful,but every time I do login,I get redirected to a page where I get to choose from my existing microsoft accounts or add a new one.
Why is the session or account not getting picked up automatically, if the user is already logged into his azure or microsoft account?
My requirement is user session should be picked up automatically(not for the first time where he gives consent) if he is logged into his azure account or micrososft account
this page needs to be avoided , if he is already signed in
The reason is a technical limitation. Let me see if I can explain briefly:
When a request comes to the v2 endpoint (login.microsoftonline.com), the v2 endpoint can not detect the presence of an existing consumer account session (login.live.com).
Therefore, the v2 endpoint must make a query (via an iframe hosted on the login.microsoftonline.com page) to login.live.com to detect if a consumer session exists or not.
If a consumer session exists, the v2 endpoint should show the user an 'account selection' screen, like the one you depict in the question.
If a consumer session does not exist, and the user only has one business session, it could auto-login the user with that business account. However, by this time the user has likely already been waiting for a second or so for the query to login.live.com to complete. It might be a strange user experience if the page auto-completed after a second.
The v2 endpoint could definitely show a loading spinner or something to hold the user until the decision can be made, but it was decided that having the user click a tile was an acceptable alternative.
I wish to add Social Login feature to a Shopify store that I am building. (I'm using the professional plan.)
I explored a few of the available social-login apps on the Shopify App Store. Upon studying closely as to how they actually work - I have come to the following understanding of the general scheme being followed by all of them.
The Shopify shop owner sets up a social app (e.g. Facebook app) with their store identity, but configures the Callback-URL/Redirect-URL to one supplied by the App author (i.e. pointing to their infrastructure).
Upon successful login by a shop customer on the social platform (via a link/button inserted on the shop login page), the request gets redirected to the App.
The App retrieves the user's email address from the their social profile (that they now have access to).
They then lookup their own database to see if this is an existing customer. If so they go directly to step 7 below.
If it's a new customer, they use Shopify API to create a new 'customer' on the target Shopify store. They set the customer up with a randomly generated password.
At the same time they also make an entry of this customer account (email + generated password) in their own database.
They then redirect the request back to the Shopify store's login page but this time with the customer's email address (retrieved from social platform) and their password (from the App's own database) included as part of the data that comes back to the users browser as part of loading the login page.
Then the App's javascript embedded on the shop login page uses the customer email address and password to programmatically submit the login form - thus establishing a valid customer session on the Shopify shop.
My questions are as follows:
Has someone else also looked closely in to this, and thus can validate if my above understanding is correct or not?
If it is correct - is this the only way to achieve social login on Shopify (without using Shopify Plus/Enterprise plan)?
I am trying to understand if this indeed is the only way, because I strongly feel that this method is not at all secure. And thus I'd rather not use this method; or if I just have to - then I'd rather write my own (private) app for this so that at least I am in control of the security of the app/database that holds sensitive users credentials.
Would appreciate any help/thoughts I can get with this, please.
If you are rolling your own you probably want to look at Multipass. It would be the thing to use if you can set up another web service that handles the trusted partner registration process.
I was playing with the loginWithExternalService methods under Accounts and I was sad to find that while you could create new users with one of these services or log in those who already had credentials, there was no way of allowing currently logged in users to augment their methods of authentication so that they could log in with any of the services they have authenticated through. Is there a way of dumping information like a user's FB profile or a user's Twitter url into their existing, currently logged in account? I tried customizing accounts-base but this.userId returns null within it so I cannot do updates to the currently logged in user there.
There should probably be a better API for this, but at the moment (Meteor 0.5.2) the following server code will create a user associated with an Facebook ID.
var newlyCreatedUserId = Accounts.updateOrCreateUserFromExternalService(
'facebook',
{id: FACEBOOK_ID},
{additionalFieldOnUserDocumented: 'foo'}).id
If you dig into the implementation of Accounts.updateOrCreateUserFromExternalService you can see how to add these fields to an existing user.