I'm building a MERN stack web app and is trying to use passport.js for authentication.
The frontend in my app communicates with backend through the RESTful api and they are planed to be deployed in two different containers. I've looked up some most widely used passport google strategies as well as blog posts for implementation, and it seems like all of them are assuming the implementation of a server side render web app.
In my frontend, I'm using the React component react-google-login to get the user profile from Google. But I'm unsure about what passport strategy is preferable, or applicable, for this use case of mine.
Any suggestion? Thanks!
Related
I have a site with React frontend (SPA) and NodeJS backend (for APIs) with NGINX.
I want to implement OAuth0 authentication for this site.
How can I use the authentication flow for the frontend & the backend APIs?
Like this:
Login in frontend (/login), the user gets an accessToken from OAuth0,
When needed data from backend, call the backend API with this accessToken
The backend checks this in OAuth0, from where the frontend received this accessToken.
The site:
https://recognitiongame.eu
Thanks,
Imre
My SPA and API code example provides some code and blog posts on getting started with this type of solution - and the configuration of both SPA and API can be repointed to Auth0. React has very little to do with it and it is more about design patterns.
SPA security can be a difficult journey though, due to browser restrictions and security concerns, and the solution you choose may depend on the sensitivity of your data. For a more state-of-the-art option, see this Curity code example.
I am trying to build a portfolio website using react where I can showcase my projects and skills . I also want a seperate blog section in my website which lists my blog posts. I am aquatinted with node js and rest API so I can create a crud rest API for blog posts locally and use it to get all the blog posts .
How to deploy the blogs rest API online and make it secure such way that only I can access existing and submit new blog posts from my portfolio website after deployment ?
This may be too generalized of a question to give you exactly what you're looking for, but we can hit on some broad strokes to give you some idea.
Hosting. If you're using Heroku or similar, then they have their own instructions and guides on how to do deploy to their system. If you're self-hosting or are required to setup the host yourself, then you basically just need something that will load balance and auto-restart the node application so that it's always running. Commonly, you can use Docker or PM2 (or a combination of both) to do this. You can then put this behind a web server like Nginx or Apache to fine-tune your configuration.
Authentication. If the API is exposed to the public then you need a method of authentication. Commonly, you can use a system that leverages JWTs (login, sign a jwt with the user's ID, then have the client provide the jwt for each protected API request via authentication header or cookie, validate that the token hasn't expired and the user ID is correct, then respond back). You can use a middleware like Passport or write your own (imo Passport may be overkill for smaller projects).
I am looking for API and Example that can help me to build two-factor authentication of my website for the server as well as the front side.
I want to build something like this, http://ngtfaweb.azurewebsites.net/#/home
You could use Passport Js if you are using node js as backend or you could use services like Auth0 which are one step solution for multiple Oauth.
so im trying to create a simple fullstack app (movies board) to learn react but im having some questions/doubts. Im used to create backend mvc app's with express. So for react i need to create a RESTful API right? if yes how can i protect the api against "public use"?
you need to implement some kind of authorization to secure the API.
Try to use OAuth
I am trying to login clients using their email and password through Auth0 with a Node.js backend on the Azure app service and a Xamarin.Forms client. The problem is that I can't create a custom authentication on Node.js since the tutorial I was following used a .NET backend. I also followed this tutorial for Node.js backend both by the awesome Adrian Hall, but it seems to override the already exisiting Facebook login system, and I can't find enough material on that problem. Is there any other tutorial on doing that or am I getting something wrong?
You are doing something wrong. You can use Auth0 with no problems - Auth0 will be used for all the providers, and their client SDKs will allow you to choose Facebook, Google, Username/Password or anything else you need.
The mechanism for the process is as documented - I think you just need to re-read the blog post and understand the transaction - you use the Auth0 libraries to get the Auth0 token, then submit your Auth0 token to your custom login API (/.auth/login/custom) to mint an App Service token that is used by the Azure Mobile Apps client SDK.