I am using apigee oauth2 service to run the Hyperledger Composer REST api in multliuser mode. https://hyperledger.github.io/composer/latest/integrating/enabling-multiuser.html
In the above link, I gone thru the github oauth authentication steps (https://hyperledger.github.io/composer/latest/integrating/enabling-rest-authentication.html), but wanted to use apigee.
How can I construct COMPOSER_PROVIDERS environment variable object literal specific to apigee? What kind of passportjs module need to use?
the supported authentication strategies for Composer REST server can be found at http://www.passportjs.org/packages/ (search OAUTH2). I did not see apigee there (albeit it uses Node.js passport and passport-oauth2 modules to implement its OAuth 2.0 authorization flow).
Furthermore, we do have an OAUTH2 tutorial - using Google OAUTH2.0 strategy that you can check out -> https://hyperledger.github.io/composer/latest/tutorials/google_oauth2_rest
Related
I need to call API's created using google cloud endpoint framework from my node.js applications. How I will be able to complete auth process and call the above APIs? Is it possible from node.js application to access the API's?
According to the official documentation, Cloud Endpoints Framework is a web framework for the App Engine standard (only) Python 2.7 and Java 8 runtime environments. It doesn’t support Node.js (nor PHP, Go) runtime environments.
=========================================================================
EDIT:
The answer to your initial question (“Is it possible from node.js application to access the API's”) is yes.
Your client application does not need to be in Python or Java, it can be on any language such as Node.js.
Regarding authentication, for the backend app (GAE), the flow would be the following:
You can authenticate the access to the Endpoints by creating a Service Account on Google Cloud Platform.
In the API Decorator, add the Service Account and public cert link.
In the API Decorator, add the SA as audience also.
Finally, on your Node.js application (client side), request Authentication by requesting the JWT token:
1.Create a JWT with the same audience set before on the API Decorator and sign it with the service account's private key.
2.Send the signed JWT in a request to the API.
Below you have some examples of the call request. I didn’t find examples in Node.js, they are in Python, but you can translate them to Node.js since the flow is basically the same:
1.JWT Authentication request GCP official documentation.
2.Accessing an API requiring Authentication (Python Client)
3.Github Google-Client-JWT Sample.
I am a first-timer in implementing user authentication on a web application. Below are some details for the app:
Its a hyperledger composer angular2 application generated using yo
hyperledger-composer command
Existing set of username and password available
User identities are successfully issued in composer.
Should I use passport-saml strategy as suggested in https://github.com/bergie/passport-saml? Or is there a better option considering Yo generates angular2 app (many angular 1.x examples available for other strategies like passport-local and passport-http)?
What are the details I will need from the existing database if passport-saml is the best option?
I checked Using passport-http on Hyperledger composer REST API, but it doesn't seem to answer (here the user wants to use userID and userSecret).
See here -> https://hyperledger.github.io/composer//integrating/enabling-rest-authentication.html
You can use the COMPOSER_PROVIDERS environment variable - to specify - the Passport strategies that the REST server should use to authenticate clients of the REST API. You choose, the strategy best suited to you - I can't advise if passport-saml is suitable for you, that's your decision :-) . The parameters (example shown for providers.json) are quite similar to the example shown in the docs. Some of the information from the Github repo you posted already has some sample information in the config parameters section.
I am trying to login clients using their email and password through Auth0 with a Node.js backend on the Azure app service and a Xamarin.Forms client. The problem is that I can't create a custom authentication on Node.js since the tutorial I was following used a .NET backend. I also followed this tutorial for Node.js backend both by the awesome Adrian Hall, but it seems to override the already exisiting Facebook login system, and I can't find enough material on that problem. Is there any other tutorial on doing that or am I getting something wrong?
You are doing something wrong. You can use Auth0 with no problems - Auth0 will be used for all the providers, and their client SDKs will allow you to choose Facebook, Google, Username/Password or anything else you need.
The mechanism for the process is as documented - I think you just need to re-read the blog post and understand the transaction - you use the Auth0 libraries to get the Auth0 token, then submit your Auth0 token to your custom login API (/.auth/login/custom) to mint an App Service token that is used by the Azure Mobile Apps client SDK.
I have developed a REST API with sailsjs and I'd like to add OAuth2 authorization to secure this API. I'm quite new to OAuth and I'm not sure where to start.
I found several modules that could be used for this purposes, for instance oauth2orize and an example of its usage https://github.com/aaron524/sails-oauth2-provider-example but I do not fully understand how this is working internally.
Basically, I'll have several clients consuming the API I'm developing:
- clients that I trust and that I'd like to use with the "Resource Owner Credential Authorization"
- clients that I do not trust and that will connect using the Authorization Code flow
I was thinking of adding a trusted property to the Client model within the sails application and then when a user will log onto an application:
- he will have a direct access to its resources (case of the trusted application)
- he will be requested to approve or deny the application from accessing his resources (case of the untrusted application)
Is this a good approach ? Any pointers on how to select the corresponding strategy based on the client trusted level ?
UPDATE
I've setup the following project on GitHub, using several tutorial and projects I found.
https://github.com/lucj/sails-oauth2-api
This project is not functional yet.
I'm still not clear on how to select the correct grant type (authorization code vs resource owner's password) when the user consume the API through an application. How to integrate this check in the policies ?
I do not manage to create the link between the OAuth endPoint (/oauth/authorize, /oauth/token) and the call to oauth2orize. Any idea ?
I finally struggled with Oauth2orize, sails and passport and managed to integrate OAuth2 security of my API in the project: https://github.com/lucj/sails-oauth2-api
I am completely new to ADFS. I need to access the ADFS server through node.js. I am searching for good reference notes, with implementation. And suggest me which protocol is best for requesting. Video tutorials are also heplful.
I assume what you want is to authenticate users in AD (via ADFS), for your nodejs based web app. I'd recommend looking first at passport.js.
ADFS supports 2 protocols for web sites: WS-Federation or SAML-P. WS-Fed might be simpler. We open sourced the strategy for WS-Fed and SAML that we use in our product. A strategy is essentially a plug-in for passport.
That strategy should give you a good start.
ADFS v3.0 exposes OAuth2. *
You could use Passport.js with OAuth support or Kong with OAuth support.
You could go the ADFS 2016 OpenId Connect route for ease of implementation (passport.js, only a feature request for kong).
If you're going the Azure route, there's one (passport-azure-ad by the Windows Azure team) specifically for that.
It includes OpenID Connect, WS-Federation, and SAML-P authentication and authorization.
Otherwise, versions disallowing etc., I recommend Eugenio Pace's answer.
Then, check these, is a complete solution (not a video tut)
Using Active Directory Federation Services to Authenticate / Authorize Node.js Apps in Windows Azure
http://seroter.wordpress.com/2013/04/22/using-active-directory-federation-services-to-authenticate-authorize-node-js-apps-in-windows-azure/
pretty fresh tut. (2013/04/22)