I am attempting to connect docusign on my app using nodejs and passport.
Requirements:
the docusign authentification is required only for few actions
a user can have multiple docusign connections
I would like to store the docusign token on my db, not only in session
Context:
I have already an other strategy with passport to authenticate my users (using bearer token in the headers of each request).
Is the library passport-docusign really suitable for these requirements or
it makes more sense to create something custom?
Someone which has the experience of this kind of use case would have any advice on it? 🙏
The passport-docusign strategy for passport is pretty vanilla.
If passport works for your use case, then the passport-docusign strategy should be of help with implementing the authorize code grant flow.
If you find changes/updates that could be made to the passport-docusign strategy, please add an issue or pull request to the repo.
Thank you.
Related
I am authenticating in my node.js (express) using Passport.js' Google Strategy: http://www.passportjs.org/docs/google/. The whole process works fine and I can authenticate, login, logout, handle tokens and all that jazz.
Now I have extended the scopes to include access to the authenticated user's calendar, and profile by creating a separate client and performing what I need to do in the API, however that seemed a little bizarre since it seems to be that I should be able to retrieve the already established OAuth2 client for subsequent requests. Has anyone face a similar issue?
Side note: I also got the authentication working using Service Accounts, probably that's a better route to take?
I ended up sticking to the JWT approach which was anyway the better alternative for my scenario.
I'm kinda new to backend development and wanted to start by creating a small API with authentication and authorization that could function as an API for a blog for different frontend implementations.
I set up an API with ExpressJS and MongoDB and created a working API so I can post blog-posts, retreive all or single blog posts, etc.
Now I wanted to add Authentication and instead of using JWT or something, I thought, it could be cool to have my users sign in via their Google-Account to post/delete blog posts, etc. Does that even make sense? I hope it does because in my head it should not differ too much from using JWT for example.
I added passport.js and it's google-oauth2 strategy.
I'm already able to create users by signing in via google, but my problem lies in the way to authenticate correctly for login and subsequent API requests.
Would I use the access- and refresh-token that I receive back from google for that? At least thats what I first thought of.
But how would that work? And next up: What if I wanted to add another way to authenticate? For example JWT or maybe Facebook-OAuth? Wouldn't that cause some issues when trying to protect my API routes because I would have different ways of authenticating (and what kind of middleware would I use then for my routes?)
I hope I made my problem clear :)
I have an API eg. http://www.myportal.com/login and when we call this URL it asks for username and password and after successful login, it returns an access token.
Same thing I have to implement in Loopback4 by calling the above URL.
Please give some idea, will appreciate your help.
Based on your question, what you need to do is do authentication using passport-local strategy and then create a jwt token with authenticated user obtained.
But to do this, you will need to create a separate component with decorators and providers in loopback4. Loopback 4 team is working on ways to provide such features out of the box in the framework. But its not there yet.
We created a loopback extension for the same which supports 4 different passport strategies. You can use that from here. Hope it helps.
According to my use case,
I want expose a REST api(auth micro-service) that allows users to signup, sign in and do basic auth operations. So basically when a client calls /auth/login endpoint with username, password server code should authenticate user against Cognito and send response back to client with JWT(access token). Rest api written in Node.js.
I have gone through various docs but I am only seeing examples of using the frontend/mobile SDKs to accomplish this. Is there a better way to accomplish this? or can use existing javascript SDK in Node.js to achieve this?
Thanks!
I'm building an anonymous app like yik yak and wanted to ask what is the proper passport strategy to use to authenticate. I'm currently using the device's UUID. I looked at the local strategy and that requires a username, password and it's session based (i'm implementing token based so my api isn't left open).
That said, would I implement a passport-http basic strategy and disregard the password altogether and use just the UUID as authentication?
Please help! I'm not entirely sure how to approach this issue. I do know, however, that I don't want the user to login, ever.
Thanks!