I have an API eg. http://www.myportal.com/login and when we call this URL it asks for username and password and after successful login, it returns an access token.
Same thing I have to implement in Loopback4 by calling the above URL.
Please give some idea, will appreciate your help.
Based on your question, what you need to do is do authentication using passport-local strategy and then create a jwt token with authenticated user obtained.
But to do this, you will need to create a separate component with decorators and providers in loopback4. Loopback 4 team is working on ways to provide such features out of the box in the framework. But its not there yet.
We created a loopback extension for the same which supports 4 different passport strategies. You can use that from here. Hope it helps.
Related
I am attempting to connect docusign on my app using nodejs and passport.
Requirements:
the docusign authentification is required only for few actions
a user can have multiple docusign connections
I would like to store the docusign token on my db, not only in session
Context:
I have already an other strategy with passport to authenticate my users (using bearer token in the headers of each request).
Is the library passport-docusign really suitable for these requirements or
it makes more sense to create something custom?
Someone which has the experience of this kind of use case would have any advice on it? 🙏
The passport-docusign strategy for passport is pretty vanilla.
If passport works for your use case, then the passport-docusign strategy should be of help with implementing the authorize code grant flow.
If you find changes/updates that could be made to the passport-docusign strategy, please add an issue or pull request to the repo.
Thank you.
I'm kinda new to backend development and wanted to start by creating a small API with authentication and authorization that could function as an API for a blog for different frontend implementations.
I set up an API with ExpressJS and MongoDB and created a working API so I can post blog-posts, retreive all or single blog posts, etc.
Now I wanted to add Authentication and instead of using JWT or something, I thought, it could be cool to have my users sign in via their Google-Account to post/delete blog posts, etc. Does that even make sense? I hope it does because in my head it should not differ too much from using JWT for example.
I added passport.js and it's google-oauth2 strategy.
I'm already able to create users by signing in via google, but my problem lies in the way to authenticate correctly for login and subsequent API requests.
Would I use the access- and refresh-token that I receive back from google for that? At least thats what I first thought of.
But how would that work? And next up: What if I wanted to add another way to authenticate? For example JWT or maybe Facebook-OAuth? Wouldn't that cause some issues when trying to protect my API routes because I would have different ways of authenticating (and what kind of middleware would I use then for my routes?)
I hope I made my problem clear :)
Due to the lack examples of oauth2 in node.js, I can't decide where to implement the oauth2 service. Also, I wanna know what is the meaning of provider in oauth2 and when to create a new one and when to use a pre-made one like google.
I tried to implement a provider in the server-side but I didn't know how to test it.
If there are any useful resources I would be happy to take them.
You should use Open Id Connect (Authorization Code Flow + PKCE) in your Angular app. You should validate OAuth 2.0 access tokens in your API. Both of these components should interact with a 3rd party Authorization Server. There is a learning curve and my tutorial + code sample may help you - feel free to post back if you get stuck: https://authguidance.com/2017/09/24/basicspa-overview/
oauth2 provider means wich service to use to auth, eg server-side will mean the user creates an account on your Server, google would mean users sign in with their google accoutns to your site.
I am developing an app using node.js which will also have an mobile client. I am looking to make the authentication using OAuth 2.0. Is there any good module which allows me to have OAuth 2.0 authentication server?
I looked at a subsidiary module of Passport "OAuth2orize". I found it quite good enough, but the real problem was understanding how it will work for my own app (the example and docs specify about third party authorisation).
Basically what I want is that the client logs in with client id, user's username, user's password and there by I hand him a token after verifying the above 3 things. But the problem with Oauth2orize is that there there are redirect URI and all which is confusing me a lot.
Please help me know as to how can i achieve this using Oauth2rize or any other really good module. Or If its easy enough I can also roll my own, but will that be a good idea regarding security ??
What you are looking for is the Resource Owner Password Credentials flow. As you've seen, the examples for oauth2 do not include functionality that supports this flow. In fact the examples only cover the Authorization Code flow.
It should end up being fairly easy to implement. All you need to do is accept a request that contains the information you are looking for (and authorize it) and create a token in your token database and return it. As long as you use the same token database that the rest of oauth2orize is using, it should work just fine. See: Passing Trusted Client Information with oAuth2orize for the "Resource Owner Password Flow" where that is exactly what is suggested.
Correction:
The all-grants example of oauth2orize supports the Implicit flow as well as Authorization Code flow.
I am using node (8.14.0) and want to access the Twitter REST API v1.1.
I tried node-oauth so far and simple https, but none of them worked further then "login with twitter".
I don't just want to authenticate user's (aka sign in with twitter), I want to perform actions on the API with their access.
My problem is, I have not found a single example for node describing the actual process of retrieving the needed access/request tokens from the user and performing the API call with them.
All node-oauth examples "assume that you already have access token and access whatever". Well I do not have them, and I do not know how to get them, since I find no concrete example or documentation. Only a reference to a reference.
As I know the oauth libraries are to authenticate or authorize.
While the authentication you get back the accestoken and refreshtoken from the platform.
This tokens you have to save in your session or database.
After that you can use it in combination with other libraries.
I suggest to have a look at passport or everyauth for user authentication. They both support oauth.
in addition:
Google has a pretty good documentation about OAuth in general. I think this schema can be applied to other platforms too.
https://developers.google.com/accounts/docs/OAuth2?hl=en