I have an application which uses Binance API. Now for the users to login, they need to go to Binance, get the API and secret keys and use them for authentication. I wonder if it's possible to prompt them with a login screen, where they can just enter their user name, password and a phone code in order to get in. Thanks.
You can integrate Binance Login through OAuth2.
As it's written in the docs page, the system is currently not opened, and you'll need to contact Binance to get your app credentials and possibly to discuss use cases, SLAs, pricing, and other params before the integration.
Docs: https://developers.binance.com/docs/login/web-integration
Related
Docusign rest api examples works using the manual login to docusign. The user has to enter the username and password to continue using the api's, I am looking for the method use api based on api credentials from backend config for better user experience. Can someone help on this whether we can achieve this
You can use JWT instead of Auth Code Grant. JWT Tokens do not require user to login and it is useful for back-end processes and other programs that do not have UI for user to login.
I am trying a post-call to generate an access token using the client username and password. I would like to know how we can achieve this through Node Js Code.
Generally speaking, access_token are rattached to the OAuth2 authentication framework, which doesn't require the application owner (you) to have access to one of your user email/password. This is a more secure approach that is broadly adopted.
The way OAuth2 works on the Google Calendar API is a 3-parties (or 3-legged) authorization. Let's take the example of a user that browses your website and want to sign-in using its Google Account. The steps to authenticate him are the following:
The user clicks on "Sign-in with Google"
The application owner (you) performs a request to Google saying that a user wants to connect (that's the OAuth consent screen)
Google replies by giving you a URL (authorizationUrl) where to redirect the user
On that URL, the user is prompted with several information about your application and can grant access.
When the user has granted access, Google will redirect the user to your application success page (callbackUrl) with a unique code.
Using that code, the application can retrieve an access_token, which temporarly lets your application performs requests on behalf of a user.
These steps are a rapid overview of the OAuth-flow, also known as the OAuth dance. To make POST requests to the Google Calendar API, you will have to perform that OAuth dance for every single of your users.
Implementing that flow can be tricky. Fortunately, Google gives very helpful documentation on that. If you don't want to bother, you can also use API-tools (like Pizzly) that takes care of that for you.
I have already generate test tokens to sign in to my Slack account from the following link; https://api.slack.com/docs/oauth-test-tokens
When I use API Methods, I add the token to URL.
Now I want to integrate users accounts. Are they going to generate test tokens from this url and I will get that generated tokens? I don't think so. Not so practical.
How can I authenticate them? By getting their username and password and basic Node.js https call with BASIC Authentication as it is in; https://dzone.com/articles/nodejs-call-https-basic
When I read the documentation for authentication it suggests; https://api.slack.com/docs/oauth
Should I get all information; client_id, scope, redirect_uri, state, team from the user? How will they know their client_id?
How can I sign in to users account in the Slack integration? I'm little confused..
If you want to authenticate Slack users with your external app you should use Sign-In with Slack. It will prompt the user to sign in to their Slack team with username and password and return their Slack identify to your app. You will also receive an individual Slack token which you can store for future use if you want to keep users "signed-on".
See here for a great explanation on how this feature works.
If you just want a bot or slash command to work with your Slack team, you don't need to authenticate each user. The token you receive after using the "Add to Slack" workflow will be sufficient. Also, The "test token" you can generate on the Slack API page will work. However, this "shortcut" is only supposed to be used for testing.
I'm in the process of building a Google Chrome extension, and have some questions about how to implement security into the application.
I need to access a couple of Google API's so am going to be using OAuth 2.0 for that. So basically from the extension I know which user is logged into the browser.
My extension then needs to get and post data to my (nodejs) API service. I want to ensure that the user requesting data is the same user that is logged into the browser. Is there any way of using the previous Google authentication process to also authenticate communications between the extension and my API? I dont really want the user to have to log in again, to access my API.
I'm sure I'm missing something simple, and I've not been able to find anything that fits this scenario
Follow the OpenID Connect auth flow and you will get an access_token and an id_token. The acess_token you will use to use to make authenticated requests to Google APIs as usual. The id_token will be used as authentication with requests to your server.
When the requests hit your server you will need to validate the token and you can then use the contents of the id_token to identify the user.
User wouldn't have to login on auth process provided if user is already logged in and you are using a web application flow (not chrome.identity APIs) but user would see the consent screen atleast the first time. However you can skip the account selector screen if you already know the email address by providing &login_hint= parameter.
I'm working on a project to connect Google Apps (Contacts, Gmail, etc.) to our own private software.
I'd like to use Hapi.js in order to achieve this, but since I have no expertise in the matter (OAuth, Google, etc) I found it to be quite challenging.
I wonder if it's posible to use Hapijs and Bell to handle the "ask permission" flow, and once authorized save the credentials to long-term uses.
Also, is it possible to use Bell to handle token refresh and consume api? (like requesting http://www.google.com/m8/feeds/contacts/default/full)
In the documentation for Bell, there's an example for twitter, basically you need to change the provider to Google: https://www.npmjs.com/package/bell
When you request access, you can add the parameter access_type with a value of offline. The server will response also with a refresh token that you can use in further requests to the API's without asking for the user credentials again.
You won't be able to store the actual user's credentials since it wouldn't be secure.
You can use the Google OAuth playground to learn more about the authentication process, here is the link https://developers.google.com/oauthplayground/
Here you can find more information and examples of using node.js and the Google API's