I am in process of developing a POC as a part of technology overhaul.
For this i have developed a couple of Service endpoints using HAPI. I want to secure these web-services using Oauth 2.0 mechanism.
2 options that i have:
- Using the oauth2.0 support of npm which comes for express.
- Manually create the keys, share and then encrypt/decrypt.(node-rsa)
Being a novice to Nodejs i am unable to find a solid path for accomplishing this, and am a little skeptical.
Any help or examples would be really appriciated.
-V
Since you are working with Hapi I'd suggest leveraging the Bell plugin.
Support baked in for common third-party providers, but you can easily create a custom provider (detailed in the API docs).
Related
I'm trying to secure my Node.JS app with Keycloak, but my app doesn't use express. I have searched extensively, but to me, it seems like this is impossible, at least with the libraries provided officially by Keycloak. (“keycloak without express” just turns up no results at all)
I'm somewhat new to the keycloack ecosystem though, and would be delighted if anyone could offer some solution to my problem!
Keycloak offers Node.js adapter. Yes, examples in the doc are for express.js, but nothing stopping you to use it in any Node.js app (of course it depends how that Node.js app is implemented).
Anyway, Keycloak is not based on any legacy protocol, but on the OIDC standard, so you can use any OIDC library. It really doesn't need to have 'keycloak' in the name. You can start from OIDC certified libraries.
I'm looking for advice on the best way to integrate Django / Django Rest Framework with OpenId connect (we're using Keycloak but I think using the protocol is probably more flexible).
There seems to be several option out there, but it would be good to have something that works as seamlessly as possible with Django and DRF – so session and API authentication working like the baked in Django version, and ideally access to external logon screens if using admin/DRF API endpoint. What is straightforward to set up and well supported?
What I will ultimately be doing is trying to change an existing Django/React application, but for the purposes of this discussion let's assume it's a basic application something like the ones set up in the Django tutorial and Django Rest framework quickstart (https://docs.djangoproject.com/en/3.1/intro/tutorial01/ to tutorial01 and https://www.django-rest-framework.org/tutorial/quickstart/).
I hope that's enough as I fairly new to this – I can create some sort of simple application in Github if this isn't a clear enough basis for a discussion.
Any help would be much appreciated. Even better if you have an example (!).
I'm trying to use swagger API as a connector between Client side and Server Side in my meteor application. I'm trying to do this because then I can use this as a connector to connect mobile application and other third-party applications to my app.
I chose swagger because it has all tool that I need and also because of the security.
Is this approach good for what I'm trying to achieve?
What have you tried so far?
Here is a REST API for Meteor: https://github.com/kahmali/meteor-restivus
Also have a look at this: https://github.com/apinf/restivus-swagger - I haven't tried it, but it might be what you want.
I think this is a good project, and I'm sure a few people would be interested in it
Checkout https://github.com/meteor-rest That community is pretty much Restivus & Swagger :)
For existing API try out restivus-swagger.
If you start out by designing Swagger spec, try out generator-restivus, that scaffolds Restivus from swagger spec.
Please open Github issues if any problems, I follow up to help & fix bugs :)
The requirements of most web applications regarding the management of users are fairly common:
A user registers himself
Receives an email for confirmation
Requests a forgotten password
An admin person assigns a role to the user, etc.
Is there a node.js/express.js project that has already implemented the flow and is customizable?
Passport.js allows the application to only authenticate but not perform the functions listed above. I have seen Drywall. It uses MongoDB.
I am looking for a module that lets me customize the user storage mechanism as well, so that I can use my own MySQL DB to store users.
ASP .NET provides such features in the membership module and also lets developers customize it completely. Do we have something for Node.js?
I use sails framework and there are some packages that integrates with sails. For authentication i found this package: https://github.com/kasperisager/sails-generate-auth, maybe it help you.
To build on Victor's answer, there is a comprehensive user/role management system for express called sails-permissions that is based on sails.js.
I think you will have to use Drywall and customize it to use mySQL. It's uncommon to use mySQL for node.js as you know already.
Maybe this article will help you with the mySQL integration:
http://teknosains.com/i/simple-crud-nodejs-mysql
I have a restful API that I built using node.js and node-restify. I am up to the part where I have to secure it. Apparently, it is easy to find out how to use OAuth 2.0 as a client but hard to find out how to set up a provider. I guess my google skills aren't as good as they used to be.
Can someone point me in the direction of where to start? Is there a basic OAuth 2.0 server provider library for node?
I don't have a problem with creating my own library if need be but I looked at the spec, and being that it is a spec, it seems overly complicated. I would think that there would be some sort of tutorial, webcast, or "hello World" style project that broke it down for the dummy in me.
Thanks for your thoughts.
After some heavy googling, I came up with a lead. I spoke with a kindhearted genius who began work on such a project. He decided to finish up his code and to release it to the world.
The package is called restify-OAuth2.
Here is a link to the package. Here is the link to the github page.
Thanks for all your help Domenic.