I'm using Node/Angular for creating my new web app. now that I'm near to deploy it, I have to make sure it is properly secured and only my angular app can expose to the api.
So is there any tutorial or something to follow to setup CORS, signature, header token, IP Whitelist.
EDIT: I'm not talking about authentication. I mean hiding my endpoints and accepting only from my angular and flutter app
Related
I am researching the feasibility of porting an existing Vue 2 app to be an Azure Static Web App (SWA). A requirement is the ability to run the Vue app locally and authenticate against our Auth0 tenant to retrieve a access/bearer token to send along with our HTTP requests.
It appears that a SWA can utilize custom authentication (Auth0), and I was able to complete that successfully by following this article. However, I'm not seeing any information around capturing the access token. There is an /.auth/me/ endpoint which has user information, but that does not contain the access token:
I also looked into the Azure Static Web App Emulator which allows for defining an identity profile when running locally, but I'm not seeing a way to specify an access token here either.
Is it possible at the moment with a SWA to obtain an access token using a custom auth provider when running locally and when published live?
Managed Authentication in Azure is really only useful for fairly simple use cases. I think you're going to want to implement your security directly inside your Vue application.
https://auth0.com/docs/quickstart/spa/vuejs/01-login
You mentioned needing an access token but didn't say where it comes from or what you're doing with it. Are you trying to call an Auth0-secured API?
https://auth0.com/docs/quickstart/spa/vuejs/02-calling-an-api
My question is similar to this one, but my app is build on NodeJS.
I'm working on one POC.
I have a simple nodejs app on Heroku, it has one simple UI in HTML. Currently url of app is accessible by all the users. I want that URL should be accessible by only authenticated users, others can't access that URL.
My ultimate aim is to implement SSO for for authentication.
i am trying to integrate keyCloak in my application, i have created a Realm name "my-app" and added 2 clients
frontend (accessType -public)
backend (accessType - bearer-only)
I want to use the access token (returned from frontend client) to authenticate backend APIs.
i want to achieve same thing explained in this tutorial by making use of Roles, Client Scopes and mappers but not working for me
https://medium.com/devops-dudes/secure-front-end-react-js-and-back-end-node-js-express-rest-api-with-keycloak-daf159f0a94e
i made a mistake in configuration,
on frontend side i made url for auth server "http://127.0.0.1:8080/auth" and on Server side it was "http://localhost:8080/auth", else everything was correct
I have an app on MERN stack in which react app runs on port 3000 while nodejs app runs on 3001 in development environment .
I want to integrate Keycloak in app.I started Keycloak instance and created Realm named MERN in which i created two clients one is react which is public client and other is node which is bearer-only client .
I created one user also
I integrated the keycloak on react with react keycloak client configuration and got access token and passed it to Authorization Bearer on backend.
I configured the NodeJs app with node keycloak client ..
keycloak provides method keycloak.protect() to protect Apis which is not working it always gives Access Denied.
There is another method in keycloak getAccount which takes bearer token parameter and returns account in promise object.
I extracted the token from Authorization header and passed it to getAccount which returned account.
For key cloak configuration i download it from installation tab in client and haven't done any tweak just copy pasted code from keycloak nodeJS docs.
So i am not feeling any need to write code or configuration here.
For testing you can generate app from express-cli and create-react-app.
For reactJs i used library called keycloak-js and for nodeJs i used keycloak-connect.
Question is why keycloak.protect() is not working??
If anyone knows answere please tell me.
I am trying to authenticate to a server from my React-Native app using Azure AD.
Now, I don't understand what is a redirect URI and I don't understand where should I put my server's URL in Azure and what URL should I call from my React-Native app.
Documentation for it is quite confusing.
I don't understand what is a redirect URI
For React-Native app, the redirect_url is optional. Refer to this document for more details.
An url that ADLoginView will be redirect when login success, this property is optional.
I don't understand where should I put my server's URL in Azure and
what URL should I call from my React-Native app.
You needn't put your server's url in Azure.But you need to add authentication to your server. Then you can call your server api as normal, but with the Authorization header. This sample will help you to understand better though it is using aspnetcore.
You need to create register two applications in Azure portal. Client app and server app. You will get the access token via your native app and then use it to access your server app.