I want to implement a react-native app with social login (google, FB) only. I am not clear about the complete flow though.
I can use various react-native modules that are available for oauth based login from Google. I don't know what to do with the information I get back. For example, If I need to create a todo app, I would want to store the user email and task created on my local server. After obtaining the email from google, I can make an api call and store data into my server using email but that won't be secure enough.
How does this kind of flow usually work. Usually in web based social login, callback url will provide info to the server directly. How does it work without using WebView?
Any help is appreciated. Thanks in advance.
Related
I have a nestJS app that allows a user to interact with my MongoDB, mostly CRUD operations. However, this is hosted on Heroku which means that anyone can send requests and perform operations on my database.
What I would like to achieve is to have only users who have a valid token be able to use the API. The users would have to send their requests with a token v1/search/errors?token=INSERTTOKENHERE
However, all the docs I've read are getting a user to login to a frontend like you would login to Facebook or YouTube. I have a frontend but the users of the API will be applications and not people so I don't want them to have to interact with a frontend. Ideally, I can just generate a token for the application and then only apps with a token can interact.
I have searched far and wide and have not found anything like this but every public API I have used behaves like this. Any links to docs that explain how I can achieve this would be appreciated.
Thanks
Tokens are a way to identify unique and authenticated users. Login attempt is mandatory for creating a token. You need a Guard implemented to verify each user on API request. Login from a front end Application is not mandatory. You can login from postman sending the right body elements.
I am developing a mobile application and am using React Native with a NodeJS / MongoDB API Backend.
I would like to add social authentication (Google/Facebook) to my application.
It is also important to me that the social authentication happens as a Native Login flow and not browser based (i.e. the user is not redirected to the browser to enter his/her credentials).
I also want to have some token returned whenever the user authenticates with either Google or Facebook so that I can use the token to call my API, verify that the token is correct and return user specific resources.
Most examples that I found use Firebase but I prefer not using Firebase since I am already using MongoDB. Other examples implement a WebView thus the user is redirected to the corresponding social provider via the browser and I also don't want that since I want to provide a Native experience.
I am also thinking to try and use one of the following libraries: https://github.com/FormidableLabs/react-native-app-auth or https://github.com/fullstackreact/react-native-oauth to implement this.
I am looking for any help/suggestions on how to implement this.
For Facebook, use react-native-fbsdk.
For Google, use react-native-google-signin.
Both do not redirect to browsers for login and have tokens should you need to use them.
I am a new developer of https://getstream.io/. I am using NodeJS version. I am able to run the example Example, shows feed, activity, notification and profile. Now, I am trying to manage user profile authentication and trying to add a login and registration page with that project but I am unable to do that. Any help is appreciated.
You need to build a back-end application to manage the connection between your front-end and the Stream API.
Then, after creating a user, just get the user's token (using the createUserToken function.
When you create a user, you can pass the password information in the data object and when you create an endpoint for authentication (ie: retrieving the user's token) don't forget to remove this information from the response.
Hope it helps =)
Trying to build a recipe ordering app via SMS using Bot Framework. How can I let the user 'login' to view all his previous recipes?
The user first must sign up through a website using Azure Active Directory B2C. I got the API sample template up and running and it lets me authenticate user through the website...
But I'm not sure how to authenticate this logged in user (on the website) on the bot chat level. How can I make Bot Framework be aware of this logged in user?
It'd be really nice if you could just turn on multi-factor authentication and access the phone number connected to the user but this is not possible programmatically at the moment according to Microsoft.
Any other ideas? I desperately need some way to allow a mobile phone user to authenticate via SMS and access their private data through it. I tried it with Active Directory's .net api sample but no documentation exists on how to make this all work together with Bot Framework...
I ran the pizza bot template and pondered upon the same question.
I ended up taking the user ID and store it along with any information I could get through claims. Then, I a reference for the user that I can look up and do stuff with. Not sure if this helps you.
This is how you can do it:
Generate an authentication URL and send it to your user via the bot. Ask him to login to the service using the URL.
The server would receive the result of that authentication (your API for the bot is now aware of the result) and if successful, you can show the data to the user through the bot.
You might want to take a look to the Facebook Auth sample to get an idea of a potential flow for the Auth scenario.
Hope this helps.
I'm working on a project to connect Google Apps (Contacts, Gmail, etc.) to our own private software.
I'd like to use Hapi.js in order to achieve this, but since I have no expertise in the matter (OAuth, Google, etc) I found it to be quite challenging.
I wonder if it's posible to use Hapijs and Bell to handle the "ask permission" flow, and once authorized save the credentials to long-term uses.
Also, is it possible to use Bell to handle token refresh and consume api? (like requesting http://www.google.com/m8/feeds/contacts/default/full)
In the documentation for Bell, there's an example for twitter, basically you need to change the provider to Google: https://www.npmjs.com/package/bell
When you request access, you can add the parameter access_type with a value of offline. The server will response also with a refresh token that you can use in further requests to the API's without asking for the user credentials again.
You won't be able to store the actual user's credentials since it wouldn't be secure.
You can use the Google OAuth playground to learn more about the authentication process, here is the link https://developers.google.com/oauthplayground/
Here you can find more information and examples of using node.js and the Google API's