currently I have a React app, there I need to authenticate using OAuth2. I have the server, url's,callbacks, and clients already, now the only thing that I need is to exchange the code sent by the OAuth2 server for an access token.
I was reviewing some libraries that are made for javascript to handle these situations, for example:
Simple Oauth2
Passport
I was trying with simple-oauth2 however I see that it's made for node.js applications, and they use require to import the libraries. My question is, can I use that kind of libraries on client side using React? if so, which is the correct way to import that library inside my component? because readin their examples they are focus on express/node apps. Am not really a Javascript or node developer so I need help in this.
Related
I have a nodejs app deployed on AppEngine with IAP enabled, so right now access to its endpoints is protected against users outside of the project's IAM and I get the "x-goog-authenticated-user-id", "x-goog-authenticated-user-email" and another jwt assertion x-goog signed header, just like it should be (as detailed here https://cloud.google.com/iap/docs/identity-howto).
In certain AppEngine environments (so far Python, Java, Go) it seems you are able to use some already provided libraries to get more information about the user with Users API, however the nodejs page is disabled (here https://cloud.google.com/appengine/docs/standard/python/users/), there seems to be no indication of what should be done there. Any ideas?
If there is no straight forward way around it would I be able to have an app engine environment that also exposes for example the Python libraries for Users API so that I can wrap around them and use them in my nodejs app?
The Users API isn't supported for Node.js. Instead, you can get the identity from the x-goog-iap-jwt-assertion header.
We don't currently have a code sample for Node.js, though this looks like one reasonable approach. (Disclaimer: I'm not a Node user, and don't know enough about Node JWT libraries to endorse any of them in particular.)
Update for the current state:
There is currently a
Identity-Aware Proxy Documentation for Node JS.
I am using Angular 5 with Firebase, i understand the firebase credential in Angular has the chance to leak to client side when rendering the pages. But Firebase Products can use rules to secure it, i found it doesn't harm any to me.
But i have another question, what if I want to use SQL or any other services that require credential to perform authentication before executing an action, such as read/write from a SQL table.
When I using Node.js, the credential will declare in the server-side JS file, but apparently Angular is client-side framework. So i would like to know to solve this problem.
Thank you!
Code on your server/node app won't be available to the frontend.
Only data that's requested by the client via http requests is available to the Angular app.
So as long you don't return the critical data through your api you're good to go.
I apologize if this is a really basic question, but I am a beginner with a fundamental lack of understanding of how a React app works. Right now I am creating an app which uses Spotify API, including authentication. With React, I want to be able to fetch the data in my components. However, the API does not let me as it is meant to be fetched from 'server side'. My question is, how is the distinction made / how would I go about creating a 'server side' where all I do is authenticate and retrieve data from the api?
React is:
A JAVASCRIPT LIBRARY FOR BUILDING USER INTERFACES
So it is meant to develop client side of the applications (even though this can be done server side). Therefore would not it be better to use one of existing client side packages to access spotify api, like these ones: Spotify Web API JS, Spotify Web API Node
More packages are mentioned in the
spotify web api page, have a look.
I am doing a side project, with purpose of learning to separate front-end and backend, and I decided to use express with node, to design a REST Api as my backend.
My question is, how do I authenticate my restful api. I saw some tutorials, but they always connect frontend and backend by using serverside rendering with jade or ejs, and I'm not interested with that.
How do I authenticate each user and give them access only to certain data and also how do I design endpoints that are only accessible by my front-end application?
I would really appreciate help. Also you can send links to articles that describe this king of authentication and project architecture, because I feel that i'm looking in the wrong places, and need some help.
to access/write to a feed from the browser / Javascript, this answer says that you have to
Generate a token on the server (using API key+secret),
Provide that token to the client (just render it somewhere)
Use the token from in JS when accessing the feed
My problem now is that I basically have no server side. My app uses Polymer, so everything is running on the client and I have no way of creating those tokens (my app is served through Firebase, and I guess all it does is serve the html files).
With the polymer/firebase setup, can I still use getstream.io somehow?
Thanks!
We don't have any interaction with Firebase directly, so you'd still need some piece of middleware to handle API calls and generating these tokens.
It's an interesting idea, though. I'll add a TODO item to look into Firebase interactivity via a plugin in the future.