I'm trying to create a micro-service on Node to send requests on the Google Compute API via POST (for example here). This micro-service will be hosted on a App Engine application.
If I understand the documentation, I need to generate a JWT token before (with the google-auth-library) and send that token with the request.
I set up the env variable GOOGLE_APPLICATION_CREDENTIALS with the JSON file path of the Service Account used by the App Engine application on my debugger (to get the same authorization on my dev env).
But I can't reproduce the sample hosted on Github gave by the Google Documentation. I get error UnhandledPromiseRejectionWarning: ReferenceError: require is not defined because I'm using Node14 with "type": "module" on the package.json.
I searched but I found no solution on this. Do you have some hint ? Maybe I need to use a different code to generate JWT token or to authentificate these POST requests ?
Thank you
Related
Here is the problem.
I have an .net core web-api application with azure-ad authentication.
When I've added necessary AzureAD section to my appsettings.json file and redirect url-s to appregistration my backend worked fine.
But later I added build of react project to wwwroot folder and now, when I try to call backend method with authorize attribute I get CORS error from Loginmicrosoftonline
[CORS error from Loginmicrosoftonline]
First of all, web api project should be a daemon application so it doesn't have a sign in page as normal, nor a redirect url for AAD. And we can integrate AAD to protect our api but the api shouldn't ask users to sign in first.
In your scenario, it looks like you want to let users sign in in your react frontend app, then generating access token to calling the protected web api. I think you need to refer to this sample to integrate MSAL library in your react app(this sample containing an api written in nodejs, you can ignore api part since you had asp.net core api), and this sample for protecting your web api. You may also take a look at this answer.
And go back to your CORS issue, it appeared because you didn't use MSAL.js in your react app but directly going to the login URL. Microsoft identity platform required developers to use the library. I used to using ajax request to send a get request to the login url, and I got Cors issue as well.
I am researching the feasibility of porting an existing Vue 2 app to be an Azure Static Web App (SWA). A requirement is the ability to run the Vue app locally and authenticate against our Auth0 tenant to retrieve a access/bearer token to send along with our HTTP requests.
It appears that a SWA can utilize custom authentication (Auth0), and I was able to complete that successfully by following this article. However, I'm not seeing any information around capturing the access token. There is an /.auth/me/ endpoint which has user information, but that does not contain the access token:
I also looked into the Azure Static Web App Emulator which allows for defining an identity profile when running locally, but I'm not seeing a way to specify an access token here either.
Is it possible at the moment with a SWA to obtain an access token using a custom auth provider when running locally and when published live?
Managed Authentication in Azure is really only useful for fairly simple use cases. I think you're going to want to implement your security directly inside your Vue application.
https://auth0.com/docs/quickstart/spa/vuejs/01-login
You mentioned needing an access token but didn't say where it comes from or what you're doing with it. Are you trying to call an Auth0-secured API?
https://auth0.com/docs/quickstart/spa/vuejs/02-calling-an-api
The context:
I'm trying to develop a desktop app with ElectronJS which needs access to Google APIs. As such, I want my users to be able to connect to their Google account via OAuth2.
As I use Electron, I have no safe way to store a "client-secret" and must use the "mobile app" method.
The problem:
Google keeps rejecting my redirect_uri:
The doc I followed:
The official npm "google-auth-library" package mentions the following regarding OAuth authentication for Electron apps ("OAuth2 with Installed Apps (Electron)" section) :
If you're authenticating with OAuth2 from an installed application (like Electron), you may not want to embed your client_secret inside of the application sources. To work around this restriction, you can choose the iOS application type when creating your OAuth2 credentials in the Google Developers console
As doing so gave me the previously mentionned Error 400, I looked into Google Identity documentation and saw this regarding localhost redirection:
Note that support for the loopback IP address redirect option on mobile apps is DEPRECATED.
My question:
At this point, I suspect that this is the reason Google is responding Error 400 to my requests (but I admit it could be my fault. I just don't understand what I do wrong as I feel like I follow the documentation strictly.)
If so, what are the possible ways to solve the issue ? Knowing that I have strictly 0 budget for this project and so I cannot afford to redirect to a domain I would buy or afford a server acting as proxy between my app and Google APIs.
(The code, if useful)
I use the "complete OAuth2 example" from google-auth-library except I changed the OAuth2Client constructor call to this, following the doc's recommandations:
const oAuth2Client = new OAuth2Client({
clientId: "<the clientID of my project from Google API Console>",
redirectUri: "http://127.0.0.1:3000"
})
In despair, I've tried a whole lot of different URL formats, but nothing works.
Thanks in advance for your help.
OAUTH BEHAVIOUR
An OpenID Connect desktop app uses PKCE without a client secret. According to RFC8252 it then receives the login response on either a loopback URL or via a private URI scheme notification.
The loopback option is fine for a desktop app but should not be used for a mobile app. Conversely, claimed HTTPS redirect URLs work for mobile apps but not desktop apps.
TROUBLESHOOTING YOUR PROBLEM
It is not clear whether your problem is caused by using a loopback URL or something else. To troubleshoot, you can use a couple of demo Electron apps of mine:
Loopback example
Private URI Scheme example
In both cases, edit the desktop.config.json file in the root folder. Replace my AWS Cognito values with your Google values. Then run npm start. See if that gets you any further, and post any follow up questions.
I have an app on MERN stack in which react app runs on port 3000 while nodejs app runs on 3001 in development environment .
I want to integrate Keycloak in app.I started Keycloak instance and created Realm named MERN in which i created two clients one is react which is public client and other is node which is bearer-only client .
I created one user also
I integrated the keycloak on react with react keycloak client configuration and got access token and passed it to Authorization Bearer on backend.
I configured the NodeJs app with node keycloak client ..
keycloak provides method keycloak.protect() to protect Apis which is not working it always gives Access Denied.
There is another method in keycloak getAccount which takes bearer token parameter and returns account in promise object.
I extracted the token from Authorization header and passed it to getAccount which returned account.
For key cloak configuration i download it from installation tab in client and haven't done any tweak just copy pasted code from keycloak nodeJS docs.
So i am not feeling any need to write code or configuration here.
For testing you can generate app from express-cli and create-react-app.
For reactJs i used library called keycloak-js and for nodeJs i used keycloak-connect.
Question is why keycloak.protect() is not working??
If anyone knows answere please tell me.
How do I access an API hosted behind the google endpoint (ESP) from a Node JS client?. The Node JS client is running in a google compute Engine. I am trying to use Google ID token as mentioned in the below URL, but couldn't find a sample code for the same.
https://cloud.google.com/endpoints/docs/openapi/service-account-authentication#using_a_google_id_token
Google has an official nodejs authentication library here:
https://github.com/google/google-auth-library-nodejs
If you're looking for code samples for how to authenticate to a remote service using a Google Web Token, there are several complete examples for different environments in that repository's README file, including an example for running in GCP:
https://github.com/google/google-auth-library-nodejs#json-web-tokens