Getting Users API access in nodejs AppEngine environment with Identity Aware Proxy - node.js

I have a nodejs app deployed on AppEngine with IAP enabled, so right now access to its endpoints is protected against users outside of the project's IAM and I get the "x-goog-authenticated-user-id", "x-goog-authenticated-user-email" and another jwt assertion x-goog signed header, just like it should be (as detailed here https://cloud.google.com/iap/docs/identity-howto).
In certain AppEngine environments (so far Python, Java, Go) it seems you are able to use some already provided libraries to get more information about the user with Users API, however the nodejs page is disabled (here https://cloud.google.com/appengine/docs/standard/python/users/), there seems to be no indication of what should be done there. Any ideas?
If there is no straight forward way around it would I be able to have an app engine environment that also exposes for example the Python libraries for Users API so that I can wrap around them and use them in my nodejs app?

The Users API isn't supported for Node.js. Instead, you can get the identity from the x-goog-iap-jwt-assertion header.
We don't currently have a code sample for Node.js, though this looks like one reasonable approach. (Disclaimer: I'm not a Node user, and don't know enough about Node JWT libraries to endorse any of them in particular.)

Update for the current state:
There is currently a
Identity-Aware Proxy Documentation for Node JS.

Related

Is frontend better or backend for integration with smart contract (erc721)?

I have developed my ethereum smart contract and I want to integrate it with my web application. But I don't know that is integration with ReactJS a better option or integration with nodejs a better one. Please give suggestions . Also I don't know how to do integration with backend through web3 library so please guide me about that.
When you are creating web3 app , most of the time you are not going to need a backend for that (Although you need a server to host your website) .
Working with and managing smart contracts are very easy at the front-end and there is no need for backend, but if your working on a large scale project , you are definitely going to need a backend for handling complex logics .
Next js is best option for both of that , containing node and react , also no need for manually configuring web server.
Better is next.js. I explained it here: https://ethereum.stackexchange.com/questions/129547/next-js-versus-react-which-to-use-when-for-your-dapp/130040#130040
Not every browser has metamask extension. By using next.js, when our
code is taken and rendered on the server, on the next server we can
reach out to the Ethereum network and do some initial calls like data
fetching, or alist of items in your smart contract. we execute all of
those requests on the server. That means when next.js produces Html
documents to send down to the user browser, it does not matter whether
or not users are using metamask. It does not matter whether or not
they have access to an Ethereum network. Because we already take care
of the data fetching for them. So all the users out there who are not
using metamask are going to see some information on the screen.
You've mentioned that you don't want to switch technologies, and while I agree with NextJS being a good platform to develop dApps on, I suggest you just use your current NodeJS server for anything that isn't web3 related and you use the web3js library from the frontend (your React) which would be very similar to a NextJS app anyway.
This way you don't have to switch technologies.

It's possible to use the ibm-watson Assistant2 APIs from the browser?

I'm trying to use the Assistant2 APIs inside my Web Application (Angular CLI project) with the ibm-watson library and the suggested Webpack Configuration.
But at runtime I get different CORS policy errors calling the Assistant2 APIs.
So it's possible to use the Assistant2 APIs via browser?? Or calls must be all made server side to avoid the CORS policy errors?
Well, Watson Assistant provides REST API that can be called from anywhere where there is access to IBM Cloud (which bacicaly means access to internet) - so from browser as well.
Now, while you can call the Watson Assistant REST API directly from the client-side browser, sometimes it might be beneficial to have a server doing the actual call as when you call the REST API from the browser then the user has access to the request and the response from the system. This means the user has access to context part of the dialog response which in some cases might not be desired (depends on the stuff that the author is storing in the context).

Calling secured API from NodeJS Lambda

I have an API that is secured using OAuth (IdentityServer 4). I need to call this from an AWS Lambda function. I cant figure out how to do this in Node (noob to node). I can see an example of using oidc-client package but it seems to be designed for browser based clients. I just need the access token to call the api. Ive done this from a .Net console app, but Im lost in Node. Does anyone know of an example of doing this?
Thanks
#Jonesie have you tried example from AWS repository? Request you to take a look https://github.com/awslabs/serverless-application-model/tree/master/examples/apps/api-gateway-authorizer-nodejs

How to protect credential in Angular

I am using Angular 5 with Firebase, i understand the firebase credential in Angular has the chance to leak to client side when rendering the pages. But Firebase Products can use rules to secure it, i found it doesn't harm any to me.
But i have another question, what if I want to use SQL or any other services that require credential to perform authentication before executing an action, such as read/write from a SQL table.
When I using Node.js, the credential will declare in the server-side JS file, but apparently Angular is client-side framework. So i would like to know to solve this problem.
Thank you!
Code on your server/node app won't be available to the frontend.
Only data that's requested by the client via http requests is available to the Angular app.
So as long you don't return the critical data through your api you're good to go.

Client Only and Tokens?

to access/write to a feed from the browser / Javascript, this answer says that you have to
Generate a token on the server (using API key+secret),
Provide that token to the client (just render it somewhere)
Use the token from in JS when accessing the feed
My problem now is that I basically have no server side. My app uses Polymer, so everything is running on the client and I have no way of creating those tokens (my app is served through Firebase, and I guess all it does is serve the html files).
With the polymer/firebase setup, can I still use getstream.io somehow?
Thanks!
We don't have any interaction with Firebase directly, so you'd still need some piece of middleware to handle API calls and generating these tokens.
It's an interesting idea, though. I'll add a TODO item to look into Firebase interactivity via a plugin in the future.

Resources