I am using Angular4 app for UI and I have a separate Node+Express app which handles rest api calls.
Angular app runs on a different port. and express app runs on a different port.
I try to use express-session framework on the server(express)app.
I use Microsoft ADAL services to authenticate the user. After successful authentication my approach was to make a rest api call from angular app to express server app by passing userEmail and set userEmail variable to req.session.userEmail. I expect the session to be available when a different route is being called to check if the session is available, but the session variable is always showing up as undefined.
What is the best solution here? My goal is to have a session management and prevent responding to unauthorized requests on the server side rest api calls.
Related
i am trying to integrate keyCloak in my application, i have created a Realm name "my-app" and added 2 clients
frontend (accessType -public)
backend (accessType - bearer-only)
I want to use the access token (returned from frontend client) to authenticate backend APIs.
i want to achieve same thing explained in this tutorial by making use of Roles, Client Scopes and mappers but not working for me
https://medium.com/devops-dudes/secure-front-end-react-js-and-back-end-node-js-express-rest-api-with-keycloak-daf159f0a94e
i made a mistake in configuration,
on frontend side i made url for auth server "http://127.0.0.1:8080/auth" and on Server side it was "http://localhost:8080/auth", else everything was correct
I have an admin site that has a react frontend, using redux actions, with a node.js app as the server which uses firebase-admin to do the work.
I want to use firestore's onsnapshot listener. but im not sure how this works within the HTTP protocol?
I can't use the firebase-admin from my frontend app, and i cant create realtime DB functionality from the backend within HTTP protocol.
The goal: to set snapshot listeners on my collections from rreact frontend without having to go through multiple authentication processes, considering ive got a separate auth system for admins with my express api.
Is there a solution for this?
EDIT:
my client app is currently initialized with firebase web app config data, but because im authenticating admins with my own express server, the firebase web SDK hasnt authenticated with firebase, so i dont have permission for the data i need. im not sure if i need a service account, or a web app config with extra setup or what
My recommendation is to integrate the Firebase JS SDK into your client app using signInWithCustomToken().
It's not too complicated to do. Though I suppose that depends a lot on how your current auth setup works.
The general idea is this:
Send auth request to your auth service.
Process the request like normal.
Evaluate if the user should have access to Firebase.
If they should, use firebase-admin to create a custom token and send it back to the user.
Use the token on the client to authenticate with Firebase.auth
You should make sure to have Firestore rules to allow admin users to access the data you need.
As an alternative that doesn't use the Firebase client SDK, you could have a long-running node process that opens an onSnapshot. Your react app could receive data from it using either Server-Sent Events or through a WebSocket
I have deployed an Angular 8 application and a Nest JS application using Heroku. Both deployments use https.
There is no authentication in the Angular application, so I don't need an authenticated user/password to call the API. I just want to make sure that the only calls that the API accepts are those from the Angular app (and rejects direct calls from people using some sort of REST client)
How can I ensure that only my Angular application can call my Nest JS API?
I have an app on MERN stack in which react app runs on port 3000 while nodejs app runs on 3001 in development environment .
I want to integrate Keycloak in app.I started Keycloak instance and created Realm named MERN in which i created two clients one is react which is public client and other is node which is bearer-only client .
I created one user also
I integrated the keycloak on react with react keycloak client configuration and got access token and passed it to Authorization Bearer on backend.
I configured the NodeJs app with node keycloak client ..
keycloak provides method keycloak.protect() to protect Apis which is not working it always gives Access Denied.
There is another method in keycloak getAccount which takes bearer token parameter and returns account in promise object.
I extracted the token from Authorization header and passed it to getAccount which returned account.
For key cloak configuration i download it from installation tab in client and haven't done any tweak just copy pasted code from keycloak nodeJS docs.
So i am not feeling any need to write code or configuration here.
For testing you can generate app from express-cli and create-react-app.
For reactJs i used library called keycloak-js and for nodeJs i used keycloak-connect.
Question is why keycloak.protect() is not working??
If anyone knows answere please tell me.
I am making react app and I want to use express server for backend because I want to have user authentication and registration.
So is it reasonable to create couple of "apps" signIn, signUp and general app where user data is displayed. If yes how is it possible to route these different apps for express server? As I have understood is that express serves only index.html of react and browser makes the rest necessary file requests.