I have a Node js backend. I use OAuth 2 for authentication. All the endpoints are secured by this authentication method except one endpoint. I cannot use OAuth in this insecure endpoint because the endpoint is triggered by another server on which I don't have any control. So I cannot tell the other server to send me a token for my backend to validate.
The request to my backend is made with SSL connection. So, in Nodejs is there any way to find out the SSL issuer name or something like that so that my backend can validate the requester? (All the requests to my insecure endpoint comes from the same server)
Related
In my existing project of nodejs, I am calling a 3rd party api with http protocol. Now as an update requirement I have to change the protocol to https. The 3rd party team insists on sending SSL certificates with the https request.
Is it my job to configure the SSL certificates from my end or from there side, because in this case they are the backend.
I'm trying to implement Express Gateway, what i need to do is to publish an API that routes to a TLS authenticated web service.
My question is, how do i configure the gateway so i can achieve this flow:
1- Client send request to http://my.api
2- Gateway takes HTTP Request and sends it to a TLS authtenticated webservice
3- Take the response and send it back to the client
My apologizes for the poor english.
I guess there's nothing special here, just make the gateway listen on the http interface and use the proxy policy to the https server targeting.
I have a web app configured in my Azure AD.
On a machine, i have installed a connector and configured an application proxy with that connector.
I am now trying to connect from an Android mobile application to the web app through the application proxy.
If I use a WebView inside my app, I can load the User access URL, enter my credentials and I receive a cookie for use by following connections.
I need to be able to use other HTTP clients that do not have the possibility to show UI.
I was wondering if it was possible to somehow request access and refresh tokens, and add those to future requests. or if possible convert them to a cookie in some manner and add that in a header.
Your client app can simply use MSAL (or ADAL, or another OpenID Connect client library) to sign the user in and an access token for the App Proxy app. Then you can include that token in the Authorization header in requests to the endpoint from App Proxy. App Proxy will recognize it, validate it, and (if everything checks out) proxy the call down to the App Proxy connector, where the rest of the process happens as normal.
Here are the relevant docs: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application
I have a NodeJS API on Amazon EB and an API on API Gateway.
API Gateway is configure as a proxy to EB.
I can call my API without problem, it's working but I don't know how to manage security.
Actually if I use the API Gateway URL I must sign the request (it's ok!) but I can use the EB URL and nothing is necessary.
Before using API Gateway I was using JWT but now what shall I do on my Node app? API Gateway is using the Authorization header for sign the request, so my Node app must check this signature maybe? Or something else?
The recommended approach to restricting back end access to only API Gateway is to use client side certificates. See documentation here
Note that if using client certificates with ELB, you must configure the ELB in tcp mode and terminate the SSL connection on your application server as ELB does not support client certificate validation.
An alternate approach is to configure your API Gateway to add a header with a secret value and then validate the value on your application server before processing the request. This is generally considered less secure, since its easier for an attacker to obtain your secret value. At a minimum, you would want to use SSL between your API Gateway and your application server so the secret isn't sent in plain text.
I have a server hosting an NGINX front-end and a Node.JS back-end.
Scenario: The server needs to pass each request containing the JWT token to the Node.JS back-end which will validate the token using the Firebase SDK and if the token authenticates then it should pass the flow back to NGINX which should continue with the reverse proxy and route accordingly.
So far I have managed to set up the NGINX as a reverse-proxy which works effectively. I am confused as to how to pass the token to nginx for authentication and back to nginx to continue with the reverse proxy if verified.
I found a solution to my problem.
I've created a public repository on GitHub; feel free to use it or fork and improve.
Fire-Guard-Proxy