I'm working on a project that uses Bluemixes APP-ID for authentication and are using Node.js for our backend. What I want to do is to be able to login with the App-ID authentication (that uses passport.js) and use this token in my Angular5 project and from there be able to store new user-specific attributes.
What is the proper way of doing this?
Thankful for any answers :)
After some research, it seems like the way forward is to create an endpoint in the Node.js that one then uses with the angular project. Just make sure the endpoint also is protected by the webAppStrategy if using that.
Related
--First time poster, mods please let me know if the question is inappropriate/incorrect--
Situation:
I'm working on an app with friends. We have a dedicated frontend layer and a dedicated nodejs server running MongoDB. I am trying to integrate firebase into our server layer so we can login users and handle minting/verifying/refreshing tokens using Firebase Auth.
Problem:
I'm completely lost as to how to use Firebase Auth for this purpose. I've looked through the docs extensively, I first went down the "Getting Started with Firebase on an App", until I realized (I think) that guide was specifically for web applications without a dedicated backend.
Then I looked more into Firebase Auth Admin, which looked more like what I was looking for. I tried messing with custom token creation and other authentication related matters but I fail to be able to log in.
I reached out to friends for help, they recommended getting local login/googleauth working End-to-end using firebase before trying to secure our tokens moreso than they already are.
I'm very lost and not sure if I'm misunderstanding something fundamental or just not applying the right things. I apologize if this is unclear, I'm just trying to allow email/password login using firebase auth to securely authenticate with my MongoDB data (if that's even necessary)
Any guidance would be appreciated!
You're absolutely right with your approach and its possible to use Firebase Auth for just login/signup and rest of all on mongoDB.
There are 2 ways u can implement the Firebase Auth-
Using the sdk provided by Firebase
Using the Admin Auth API
Which ever way you selected, Later on save your UID on your custom Backend (Which is backed by MongoDB)
Just create your API's to verify user identity.
If you're using NodeJs you can follow this tutorial.
I am trying to build a portfolio website using react where I can showcase my projects and skills . I also want a seperate blog section in my website which lists my blog posts. I am aquatinted with node js and rest API so I can create a crud rest API for blog posts locally and use it to get all the blog posts .
How to deploy the blogs rest API online and make it secure such way that only I can access existing and submit new blog posts from my portfolio website after deployment ?
This may be too generalized of a question to give you exactly what you're looking for, but we can hit on some broad strokes to give you some idea.
Hosting. If you're using Heroku or similar, then they have their own instructions and guides on how to do deploy to their system. If you're self-hosting or are required to setup the host yourself, then you basically just need something that will load balance and auto-restart the node application so that it's always running. Commonly, you can use Docker or PM2 (or a combination of both) to do this. You can then put this behind a web server like Nginx or Apache to fine-tune your configuration.
Authentication. If the API is exposed to the public then you need a method of authentication. Commonly, you can use a system that leverages JWTs (login, sign a jwt with the user's ID, then have the client provide the jwt for each protected API request via authentication header or cookie, validate that the token hasn't expired and the user ID is correct, then respond back). You can use a middleware like Passport or write your own (imo Passport may be overkill for smaller projects).
I feel like I am wanting to do something that is either easy, or very wrong. Not sure which one yet.
I am wanting to build an application that is backed by Firebase for:
Authentication
Realtime Database
I will build an Angular2 Front end Single Page App using AngularFire2. Using AngularFire2, the user will authenticate using GoogleAuthentication provider. The Angular2 app will interact with the firebase realtime database directly under most cases.
But I have some cases that I want a NodeJS/Express REST API layer todo more complex business logic and interact with FireBase Database. What I want to have happen is when the user authenticates with AngularFire2 that the accessToken can be used on the API calls to NodeJS in the HTTP Header. Then inside the NodeJS Firebase SDK I just authenticate using that token.
How would you go about doing this? I've been digging through documentation for a while now and still haven't figure it out.
Took lots of digging, but I found the solution. I hope this is a useful thread for others to find.
The accepted answer at: Answer gives a good lead to this. Specifically look at:
Authenticating your privileged workers
Emulating users or limiting access from a server process
Validating client identity via security
I would like to develop a system that can help any developer to create an application based to my API.
My problem is authentication.
I have see (for example) as work google with your services; I would like create an system of oauth (private) such as google (concept) that an developer, after sign to my portal, get APP ID and APP SECRET.
When developer self create these credentials, can use for call API based to https.
My API are developed by nodejs and express system.
I say which way is more stable for create an system robust for this scenario.
Thanks for any support. Any idea is appreciate
You can try http://passportjs.org/, it can work as a middleware with express.
I'm trying to call one of Magento REST APIs (say products api) from a NodeJS application using a regular HTTP Request. I know that Magento APIs requires OAuth to authenticate the user/application, and this is where I'm a bit lost.
With Magento or any OAuth application, the end-user who is using the app has to click "Authorize" in order for that application to receive the token, and then the application will be able to communicate directly with Mangento APIs.
In my case, we are talking about 2 servers, Magento and NodeJS, that will talk to each other. So There is no user involve to sort of "Click" the authorize button and validate the auth request.
The point of what I'm trying to achieve is grab product data from Magento, store it in a DB, then make some changes, after that make it accessible via NodeJS REST APIs. (That is a hard requirement and I can't change it).
My question is, Do we have to write custom Magento REST APIs that doesn't require OAuth, or maybe require the regular basic HTTP Authentication (username/password). Or there is a way to use OAuth and authenticate my Node application directly?
I hope my question is clear, if not please let me know and I will try to fix it. Thanks!
After wrestling with a similar situation, I decided to use Magento's SOAP API. All you have to do as far as authentication goes is to set up an API user in the Magento backend and then use the username/password in your API calls (I think, it's been awhile). Not sure if this fits your use case but it saved me a lot of OAuth headache.