I'd like to build a login with facebook feature using react native and Feathersjs. Feathersjs uses passportjs and NodeJS. So any strategies using the underlying technologies should work as well. I've been following this diagram but don't know how to do the user registration and return a jwt to the mobile app in feathers.
I can do the first two arrows. How do I implement (what do I expose and do) arrows 3-6?
Answer as #Daff suggested is this article https://medium.com/#jackzhang0096/how-to-setup-oauth-2-0-token-strategy-on-feathersjs-1d77cc32118b except one should use https://github.com/drudge/passport-facebook-token
basic idea is you pass the api the access_token and the api speaks directly to facebook for extra info and creates a User account and returns a jwt token to the react native app.
Related
I am developing a mobile application and am using React Native with a NodeJS / MongoDB API Backend.
I would like to add social authentication (Google/Facebook) to my application.
It is also important to me that the social authentication happens as a Native Login flow and not browser based (i.e. the user is not redirected to the browser to enter his/her credentials).
I also want to have some token returned whenever the user authenticates with either Google or Facebook so that I can use the token to call my API, verify that the token is correct and return user specific resources.
Most examples that I found use Firebase but I prefer not using Firebase since I am already using MongoDB. Other examples implement a WebView thus the user is redirected to the corresponding social provider via the browser and I also don't want that since I want to provide a Native experience.
I am also thinking to try and use one of the following libraries: https://github.com/FormidableLabs/react-native-app-auth or https://github.com/fullstackreact/react-native-oauth to implement this.
I am looking for any help/suggestions on how to implement this.
For Facebook, use react-native-fbsdk.
For Google, use react-native-google-signin.
Both do not redirect to browsers for login and have tokens should you need to use them.
I am trying to validate my node app using google. But I found these two modules being used in different tutorials. Could you please tell what the difference is between these two.
passport-google-token
On the npmjs.com page of both, i found the desc as Passport strategy
for authenticating with Google access tokens using the OAuth 2.0 API.
This module lets you authenticate using Google in your Node.js
applications. By plugging into Passport, Google authentication can be
easily and unobtrusively integrated into any application or framework
that supports Connect-style middleware, including Express.
passport-google-oauth
Passport strategies for authenticating with Google using OAuth 2.0.
Lead Maintainer: David Pate
This module lets you authenticate using Google in your Node.js
applications. By plugging into Passport, Google authentication can be
easily and unobtrusively integrated into any application or framework
that supports Connect-style middleware, including Express.
passport-google-oauth was made for express apps, so you can configure permissions, callback uri and request user data, all in the same place.
passport-google-token is made for REST APIs, so you handle authentication logic in front-end and then, you send google token to the back-end (node server) and there you can request user data using google token and grant access to your app using your own authentication mechanism (JWT, Bearer Token, etc.).
I am currently developing an API project using ClaudiaJS API Builder to build and deploy it on AWS Lambda with it's endpoints exposed on AWS API Gateway. I am planning to have at least a webapp and a mobile app for this platform, so I'm focusing mostly everything on API's, including the authentication methods(signup, signin, logout, verify account, ect.).
Unfortunately, as I am not using Express in this project, I can't find a good way to build these auth methods since every library I find has some dependency on Express (e.g PassportJS).
My initial thoughts for the login workflow are:
User submits login form containing user/pass stored in PostgreSQL
DB.
Front app calls auth API.
API method compared credentials against the user DB (Using BCrypt).
In case of success, API method generates JWT containing a few user details on it's payload and returns to the consumer app.
Is there any good approach for achieving this goal without using Passport and/or Express? Are there any other libs for this purpose or should I just use a regular db query and generate a JWT in case the evaluation succeeds?
Thanks for everyone in advance.
Best regards,
Enrico Bergamo
I want to use express server with passport-facebook to authenticate facebook users. the client side is Unity3D application. I have no problem authenticating users if it was javascript client, since if the authentication was successful, it redirects to the index page. However, since I'm using Unity3D as client, I was wondering what will be the redirect function.
I haven't had a chance to implement this myself yet, but I was just reading about it.
You are gonna have to use the Facebook Unity SDK and login in the unity app. The SDK provides all the functionality you would expect. As for using the authentication in Express, you would be implementing somewhat of a Reverse OAuth Flow. I don't believe Facebook wants your app doing this, but once authenticated in Unity you could send the temporary access tokens to the Express API at which point you should be able to use the Node.js Facebook SDK.
I'm a bit confused about how to properly and securely authenticate users using my REST API and provide and option to authenticate using other OAuth 2.0 providers as well (e.g. Facebook, Google, etc.).
Scenario
Users interact with a web application which should consume my REST API. Users should be able to login and perform CRUD operations both using username/password and by using 3rd party services such as Facebook. I will be using SSL to encrypt the traffic to the website and the API.
Without taking the 3rd party login services in consideration and by studying the various questions already asked here on SO, I thought about handling user authentication as in the picture.
Technologies and current idea
The REST API is written using JS using NodeJS and Express. The WebApp provided through another NodeJS instance is mostly AngularJS with templates which consumes the REST API.
My current idea is to let the WebApp handle the login sequence and let Facebook save their token in my DB using the callback. But this solution smells too much of workaround!
Questions
Is the authentication sequence depicted in the image correct?
How is the above authentication sequence compared to the Resource Owner Password Credential flow in OAuth2.0? Is it worth using OAuth2.0 instead of it?
How can I integrate login through 3rd parties (i.e. Facebook)? Any suggestion or (better) example?
References
passport.js RESTful auth
Login with facebook and using oauth 2.0 for authentication of REST api calls
And many others here on SO :)
My 2 cents..
The process looks good to me.. I would re-issue the token on each sign in and also keep it inside a database so tokens can be revoked easily.
Use PassportJS. Its got support for OAuth flows and supports many 3rd party integrations like FB, Twitter, Github etc..and since its a nodejs middleware.. its integration will be very tight within your application..