I'm working on a project that's trying to include microsoft sign in, in order to use information about the person that signed in.
I'm doing this as a node js app that's run from my local machine, and there is no webpage / web server involved.
Mainly wondering if it's possible to sign in with a microsoft account without having to use a browser, or getting a URL link to sign in with, and then a way for me to get the access token without needing a redirect link back to a page.
It sounds like device code flow might meet your requirements.
Documentation for device code flow: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code
MSAL Node sample showing device code flow: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-node-samples/standalone-samples
There is also username/password flow, but that is not recommended, and MSAL Node does not support it yet. https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc
Related
I'm tasked with making a server using Node.js which will read emails from a Google account and parse the content from those emails into data we can store in a database. I'm using Google's googleapis package (v103.0.0) in NPM to authenticate/authorize with whichever account we'd like to use.
The issue comes when we try to switch accounts and have the user re-auth. During development on a local machine, the Auth process works as expected:
The client requests an Auth URL.
The server generates a new Auth URL and sends it back to the client.
The client redirects to that URL and the Google Consent Screen is shown.
The client is asked to choose between logged-in Google accounts.
The client authorizes the application and is redirected back to the server with a code.
The server uses the code to generate/save a token, which allows it to use the Gmail API.
However, after deploying to Heroku, the Google Consent Screen no longer allows the user to select an account. Instead, at step 3, it shows this message. In just about every other question related to this error, there's always additional information below the error code/message, but nothing's there for me. I made sure: (1) the domain I'm using in Heroku is verified on the Google Cloud Console, and (2) the redirect_uri within the Node.js application is passing the correct domain to the Auth URL, even while in production.
I can't provide the URL for privacy reasons, but let me know if there's any source code or Cloud Console info I should include.
It didn't take long after posting this question, but I realized I was using an incorrect OAuth 2.0 Client ID type. I was attempting to use "Desktop" when I should've been using "Web application" instead. Take a look at this image to see the difference.
When you select "Web application", you're given some new options: Authorized JavaScript origins, and Authorized redirect URIs. This is where you need to fill out the allowed URIs. Here's a sample of what that should look like.
The goal is to build a Facebook USSD platform. Completely server side. Allowing the user to log in and then create a facebook post, see their feed, etc.
I know there are companies in the world that is doing this and its working fine (u2opia mobile being one of them). However how on earth to log a user into Facebook and get an access token for them without OAuth? I cannot seem to find any help online to log a user in completely on server side with NodeJS. Do these companies have a special arrangement with Facebook in order to log in users without OAuth and Internet?
Is it at all possible in 2018 to log in a User into Facebook completely server side? I am just finding a lot of old posts from 2012 and 2014.
Yes, it is possible to log a user in completely server side. You can build an implementation manually with browser redirects. Facebook has a tutorial on this. Their page states:
if you need to implement browser-based login for an app without using our SDKs, such as in a webview for a native desktop app (for example Windows 8), or a login flow using entirely server-side code, you can build a Login flow for yourself by using browser redirects.
Here is the tutorial: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/
I'm faced with the current dilemma. My application flow is as follows:
Admin logs in
Has to select a list of clients
The selected Client data is then loaded in
Admin should now be able to Link Facebook, for example, to that
client's account with their credentials on a click of a button. Same
would apply for other social media accounts that the user has. The
reason that's important is the app then goes and fetches data from
their social media, such as Facebook Insights.
Is there a way I could achieve is ? I was thinking maybe Auth0 but I had a look on their documentation and it seems I could do it but only if Admin was the one linking his own social media account to his account. Can't really see a way where he could link other accounts to the Client's account currently selected.
I'm working with a React-Redux, Express and MongoDB app.
Even a push in the direct direction would be greatly appreciated.
This is certainly achievable using Auth0 - take a look at the Link Accounts API (User) - you want to use the second option using an API v2 token
See sample here that illustrates how this might work using Node.js.
You could possibly rework this to your technology stack pretty easily. Since you are using a Management Token you'd want that to remain server side (Express) and the react/redux app could make ajax calls via the Express Server side component - which in turn calls out to the Auth0 endpoint to perform the user search / linking actions.
How to obtain oauth access tokens from google if i have only registered app and no server to redirect (as a "redirect_uri" parameter)?
I'm guessing that when you say you have no server, that your app is a native app. eg a desktop app or an embedded app. If so, you can generate tokens using the OAUth playground. See How do I authorise an app (web or installed) without user intervention? (canonical ?) for details.
You can use https://www.example.com/oauth2callback as your redirect uri.
Yes you can get an access token without a server. We've made it fairly easy. See the docs
On android it is fairly easy
https://developers.google.com/identity/sign-in/android/additional-scopes
https://developers.google.com/identity/sign-in/ios/
https://developers.google.com/identity/sign-in/ios/additional-scopes
Web
https://developers.google.com/identity/sign-in/web/incremental-auth
You can just change the scopes you need.
I've been reading for the last hour but it's still not clear for me how to automatically authenticate the current windows user in my node js application.
On my office PC, I'm already authenticated with my AD user when I access our company portal in Chrome (as it was added as a trusted sites). So the main question for me is what do I have to do to automatically detect/authenticate the user in my nodejs app if I add my site to the trusted sites? I'm pretty sure the browser must do half of the job as it probably sends some kind of data (hash) in the request, based on which the application must authenticate the user. I suspect this is the "www-authenticate: negotiate" header as I noticed this sends a hash in the request when I access the portal.
So far, the only tracks I'm still investigating are:
https://gist.github.com/charlesdaniel/1686663
But it's still not very clear for me how this automatic authentication works and what are the leads I should follow next. The entire process is still unclear to me
I appreciate any advices on this or at least a mid-level explanation on what happens behind the scenes when I access a page in Chrome and it automatically authenticates me. Thanks