I need to call API's created using google cloud endpoint framework from my node.js applications. How I will be able to complete auth process and call the above APIs? Is it possible from node.js application to access the API's?
According to the official documentation, Cloud Endpoints Framework is a web framework for the App Engine standard (only) Python 2.7 and Java 8 runtime environments. It doesn’t support Node.js (nor PHP, Go) runtime environments.
=========================================================================
EDIT:
The answer to your initial question (“Is it possible from node.js application to access the API's”) is yes.
Your client application does not need to be in Python or Java, it can be on any language such as Node.js.
Regarding authentication, for the backend app (GAE), the flow would be the following:
You can authenticate the access to the Endpoints by creating a Service Account on Google Cloud Platform.
In the API Decorator, add the Service Account and public cert link.
In the API Decorator, add the SA as audience also.
Finally, on your Node.js application (client side), request Authentication by requesting the JWT token:
1.Create a JWT with the same audience set before on the API Decorator and sign it with the service account's private key.
2.Send the signed JWT in a request to the API.
Below you have some examples of the call request. I didn’t find examples in Node.js, they are in Python, but you can translate them to Node.js since the flow is basically the same:
1.JWT Authentication request GCP official documentation.
2.Accessing an API requiring Authentication (Python Client)
3.Github Google-Client-JWT Sample.
Related
I am using apigee oauth2 service to run the Hyperledger Composer REST api in multliuser mode. https://hyperledger.github.io/composer/latest/integrating/enabling-multiuser.html
In the above link, I gone thru the github oauth authentication steps (https://hyperledger.github.io/composer/latest/integrating/enabling-rest-authentication.html), but wanted to use apigee.
How can I construct COMPOSER_PROVIDERS environment variable object literal specific to apigee? What kind of passportjs module need to use?
the supported authentication strategies for Composer REST server can be found at http://www.passportjs.org/packages/ (search OAUTH2). I did not see apigee there (albeit it uses Node.js passport and passport-oauth2 modules to implement its OAuth 2.0 authorization flow).
Furthermore, we do have an OAUTH2 tutorial - using Google OAUTH2.0 strategy that you can check out -> https://hyperledger.github.io/composer/latest/tutorials/google_oauth2_rest
I am trying to login clients using their email and password through Auth0 with a Node.js backend on the Azure app service and a Xamarin.Forms client. The problem is that I can't create a custom authentication on Node.js since the tutorial I was following used a .NET backend. I also followed this tutorial for Node.js backend both by the awesome Adrian Hall, but it seems to override the already exisiting Facebook login system, and I can't find enough material on that problem. Is there any other tutorial on doing that or am I getting something wrong?
You are doing something wrong. You can use Auth0 with no problems - Auth0 will be used for all the providers, and their client SDKs will allow you to choose Facebook, Google, Username/Password or anything else you need.
The mechanism for the process is as documented - I think you just need to re-read the blog post and understand the transaction - you use the Auth0 libraries to get the Auth0 token, then submit your Auth0 token to your custom login API (/.auth/login/custom) to mint an App Service token that is used by the Azure Mobile Apps client SDK.
The Firebase SDK v3 for node JS does not support authenticating with custom generated tokens the same way the web SDK does, the method is simply not there.
How should NodeJS applications running on client machines that wish to have limited visibility over nodes in the realtime database authenticate with this new approach ?
This scenario is supported since release 3.3 of the Firebase JavaScript SDK.
Client Authentication APIs are now available in Node.js. When you call intializeApp(), pass a serviceAccount to use the Authentication for Servers APIs in your app, or pass an apiKey to use the client Authentication APIs
Versions 3.0-3.2.1 of the Firebase SDK for Node.JS require that you have access to a service account/private key for the Firebase project. For that reason they are only targeted for use in a server-side environment.
My question is [Similar to this one1, but with third party providers instead of active directory.
I have an end-user UWP app, and I want to consume my Azure API App. I am NOT Azure mobile app and it's client side SDK.
Most of documentation is of sort "copy paste this magic code" and never explains how authentication actually happens.
I was inspecting mobile app SDK because Microsoft's documentation says that it's auth. process is the same.
From what I see, the mobile App SDK opens a web-view very similar to that produced by a WebAuthenticationBroker. Then every request to the server is accompanied by a header X-ZUMO-AUTH and a token. It appears that this token is issued by the azure app service, not the original provider. It is much longer than the tokens issued by Twitter or Google.
At the same time when I point web-browser at the end-point and go through the log-in process, I see that the browser is using a Cookie: ARRAffinity=c4b66198677464de573103f7aa267c33ea38617020514011cea4506e0a55d9d0; AppServiceAuthSession=EIVymV
Questions:
The problem is Mobile app documentation is it just provides
instructions on how to use the SDK. I am unclear on how I would
obtain the token issued by the app service.
Everyone knows how to obtain access tokens for Google
and Twitter. Can they be used to access Azure API apps?
You are correct that API apps use the same built-in authentication as mobile apps. The basic flow looks like this:
Login to the app using provider credentials. This can be done using either a client-directed flow using your provider's SDK or can be done using a server-directed flow involving browser popups (i.e. the web view you mentioned). In the latter case, there is an endpoint at /.auth/login/ which is provided by App Service and manages the login flow for your app.
App Service will respond to your client app with a session token (a JWT).
You call into your APIs using the session token from #2. It is passed via the x-zumo-auth HTTP request header (it's named this way for legacy reasons).
The AppServiceAuthSession cookie you are seeing is the session cookie for when you use a browser to do authentication. ARRAffinity is an internal routing cookie used by App Service and is not related to auth.
If you're looking for more internal technical details on how the built-in App Service Authentication / Authorization works, check out my blog, starting with this post: http://cgillum.tech/2016/02/01/architecture-of-azure-app-service-authentication-authorization/
I would like to develop a system that can help any developer to create an application based to my API.
My problem is authentication.
I have see (for example) as work google with your services; I would like create an system of oauth (private) such as google (concept) that an developer, after sign to my portal, get APP ID and APP SECRET.
When developer self create these credentials, can use for call API based to https.
My API are developed by nodejs and express system.
I say which way is more stable for create an system robust for this scenario.
Thanks for any support. Any idea is appreciate
You can try http://passportjs.org/, it can work as a middleware with express.