I am a new developer of https://getstream.io/. I am using NodeJS version. I am able to run the example Example, shows feed, activity, notification and profile. Now, I am trying to manage user profile authentication and trying to add a login and registration page with that project but I am unable to do that. Any help is appreciated.
You need to build a back-end application to manage the connection between your front-end and the Stream API.
Then, after creating a user, just get the user's token (using the createUserToken function.
When you create a user, you can pass the password information in the data object and when you create an endpoint for authentication (ie: retrieving the user's token) don't forget to remove this information from the response.
Hope it helps =)
Related
I was able to implement a NodeJS application to sign in with my quickbooks developer account using OAuth2.0.I have the client key and the secret key and I am able to get the access token by signing in to quickbooks with their pop up and it redirects me to my application, and then the user is able to send invoices or get data from this quickbooks account.
However, I want the user not to have to sign in to quickbooks in order for it to send invoices or any other operation on quickbooks. I want to be able to write the functionality the application is allow to perform on the QuickbooksAPI by automatically signing in into quickbooks. How can I achieve this?
To word this differently, I want the NodeJS server to log in into quickbooks automatically if application user has the roles or permission to do a quickbooks action, such as creating and invoice or retrieve information. The application should grant itself permission to the OAuth2.0. How do I do this? with a JWT token? Not sure
A bit of background: I was able to accomplish Oauth2.0 authentication by using node-quickbooks by mcohen module.
Thank you in advance
The application should grant itself permission to the OAuth2.0. How do I do this?
You can't.
But you may also be misunderstanding how OAuth is supposed to work.
You need to have the user go through the OAuth process ONCE. EXACTLY once. Never more than once.
Once you have them go through that process once, you get back an access token and a refresh token.
You can then use those tokens to get updated tokens whenever you want (e.g. refresh your access/refresh token programatically, without any user interaction at all). See the docs:
https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0#refresh-the-token
So, have the user go through OAuth once. Then store the tokens in your app. Refresh the tokens via the refresh token API. The user just has to auth exactly once, and then everything else you can do automatically forever going forward.
I want to implement a react-native app with social login (google, FB) only. I am not clear about the complete flow though.
I can use various react-native modules that are available for oauth based login from Google. I don't know what to do with the information I get back. For example, If I need to create a todo app, I would want to store the user email and task created on my local server. After obtaining the email from google, I can make an api call and store data into my server using email but that won't be secure enough.
How does this kind of flow usually work. Usually in web based social login, callback url will provide info to the server directly. How does it work without using WebView?
Any help is appreciated. Thanks in advance.
Trying to build a recipe ordering app via SMS using Bot Framework. How can I let the user 'login' to view all his previous recipes?
The user first must sign up through a website using Azure Active Directory B2C. I got the API sample template up and running and it lets me authenticate user through the website...
But I'm not sure how to authenticate this logged in user (on the website) on the bot chat level. How can I make Bot Framework be aware of this logged in user?
It'd be really nice if you could just turn on multi-factor authentication and access the phone number connected to the user but this is not possible programmatically at the moment according to Microsoft.
Any other ideas? I desperately need some way to allow a mobile phone user to authenticate via SMS and access their private data through it. I tried it with Active Directory's .net api sample but no documentation exists on how to make this all work together with Bot Framework...
I ran the pizza bot template and pondered upon the same question.
I ended up taking the user ID and store it along with any information I could get through claims. Then, I a reference for the user that I can look up and do stuff with. Not sure if this helps you.
This is how you can do it:
Generate an authentication URL and send it to your user via the bot. Ask him to login to the service using the URL.
The server would receive the result of that authentication (your API for the bot is now aware of the result) and if successful, you can show the data to the user through the bot.
You might want to take a look to the Facebook Auth sample to get an idea of a potential flow for the Auth scenario.
Hope this helps.
I'm in the process of building a Google Chrome extension, and have some questions about how to implement security into the application.
I need to access a couple of Google API's so am going to be using OAuth 2.0 for that. So basically from the extension I know which user is logged into the browser.
My extension then needs to get and post data to my (nodejs) API service. I want to ensure that the user requesting data is the same user that is logged into the browser. Is there any way of using the previous Google authentication process to also authenticate communications between the extension and my API? I dont really want the user to have to log in again, to access my API.
I'm sure I'm missing something simple, and I've not been able to find anything that fits this scenario
Follow the OpenID Connect auth flow and you will get an access_token and an id_token. The acess_token you will use to use to make authenticated requests to Google APIs as usual. The id_token will be used as authentication with requests to your server.
When the requests hit your server you will need to validate the token and you can then use the contents of the id_token to identify the user.
User wouldn't have to login on auth process provided if user is already logged in and you are using a web application flow (not chrome.identity APIs) but user would see the consent screen atleast the first time. However you can skip the account selector screen if you already know the email address by providing &login_hint= parameter.
I have managed to create an iOS app that successfully authenticated the user and connects to the Nest structures and device settings. Using the access token, the app connects automatically to the Nest server each time the app is launched.
However, I am unable to find any documentation that explains what procedure to follow if the app needs to provide the functionality to enable log on/off for different user accounts, e.g. monitoring devices at different locations under separate user accounts from the same app.
The only way that I can change the login for a different user at this time is when I delete and re-install the app, which is not practical.
Does anyone have a suggestion as to how to solve this issue?
Your help is much appreciated.
You'll want to just create a routine for getting the access token that can be reused. The login is part of the authentication process in retrieving an access token.
Once you have an access token, there isn't any open session per user account so there isn't a need to logout. Instead, just reuse the same method that got you the first access token and store as many access tokens as necessary.
Each access token is effectively a session id.