WeChat authentication for web - node.js

I am creating a web app and I have implemented authentication using Facebook, Google. Now I want to authenticate using weChat. I understand I need to use "passport-wechat-auth" but for that I need to create wechat account and that throws me failure each time. SO if anyone have better idea to implement it will be very helpful.

Basically you must have a official wechat account to implement. For authentication as like FB etc, you an use WeChat-oauth npm module to do it.
In-Case if you don't have a actual official account. You can use sandbox account for development.Wechat Sandbox

Related

DialogFlow Authenticating with external application/API

We are prototyping in dialogflow which is going well but I have what is more of a strategic question. Our app will interact with APIs in a third party system that requires user/password credentials, I am wondering if anyone can recommend an appropriate approach.
For example when I start the app in Google Assistant it knows who I am from my google account, this account however has no authorization for the target system - it needs an ID / password. I can prompt the user for these and they can type/say the values with which we can connect but this prompts more questions:
Is this secure? Clearly speaking my password isn't a great plan.
If this approach is reasonable is there a way to save my credentials within the app so that I don't have to enter them next time?
Are there other approaches to remote authentication you'd recommend? I have searched around but so far without any success.
Any tips would be much appreciated.
Chris.
Google provides build in authentication options for Google Assistant. Have a look at the documentation. If you wish to connect your Google Assistant app to your own login you want to have a look at the 0Auth or Google Sign-in + OAuth options. Depending on your requirements, one might be a better fit.
Accountlinking is a build in solution, if you implement this you will have done it in a secure way and it is integrated with the users Google Account, so when they come back into your app they won't have to enter any credentials again.

Xamarin Forms OAuth2 Microsoft/Google authentication

I'm building an app that should be able to send emails. I'm using OAuth2 to verify the user, and I've looked at the Xamarin Forms Sample which works great with gmail after setup.
However it doesn't work with my Microsoft account.
I've created a cliendId and all that stuff on Microsoft. Do I have to have a Azure AD as well?
I'm calling the authentication with:
new OAuth2Authenticator(
"myClientId",
"User.Read",
new Uri("https://login.live.com/oauth20_authorize.srf?client_id=myid&scope=user.read&response_type=token&redirect_uri=https://login.live.com/oauth20_desktop.srf"),
new Uri("myRedirectUri"),
null,
true);
But am reaching a screen saying: We cannot perform your request.
Microsoft-accounts is having technical issues right now. Try again later.
Have looked at this sample, where the author uses Google and Microsoft accounts in similar ways.
If I'm instead using this sample it works with the original setup, but not if I change to my own clientId and redirectUrl. Is this since I don't have any Azure account?
Would not like to pay to get it, and since the first approach works fine with my gmail I would love if it could work with Microsoft as well.
/Oliver
Have you tried the microsoftonline.com endpoints instead? I've also implemented this using Xamarin.Auth and could get it working that way.
AuthorizeUrl: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
AccessTokenUrl: https://login.microsoftonline.com/common/oauth2/v2.0/token
"common" is the {tenant} which you can replace with "consumers" if you only wanna allow personal accounts.
An alternative to coding it yourself, is to use a 3rd party library to handle authentication.
CloudRail have SDKs for Xamarin, with build-in integrations for social login/authentication, and also for email sending, which you mention.

How can I have Google Cloud Security Scanner log into my app?

I ran Google Cloud Security Scanner against my Google App Engine app. I asked it to authenticate against a "Non-Google Account" -- in other words, user-name/password fields in my webapp. However, I get back the message "Could not sign in using the provided username and password" each time.
(I tried it several times, specifying different user-agents and credentials and against two variants of my login page; and of course confirming that the credentials work when typed in manually. I have the necessary Editor-level permissions on the Google Cloud project.)
What do I need to do to get the Scanner to authenticate?
Here's what the docs say about Non-Google account authentication:
Note that support for login forms is still in development, and may not
work out-of-the-box with your system. If you have confirmed your test
account is able to login manually, but not in Cloud Security Scanner,
use the feedback option within the tools to request support.
One possible workaround is to create a simplified alternative login form for the purposes of using the scanner if it's unable to work with the current one.

Azure Mobile App Authentication using Xamarin

I read these two articles 1.here and 2.here to find out what is best way to perform authentication against an Azure Mobile App when the API on the server is using Claims based custom authorization and the Xamarin client calling it is using the MobileServiceClient framework. I am unable to finalize which of the two examples in those links is the better way to go.
In the first link there doesn't seem to be any dependency on platform specific code like it has in the second link, which means I don't need to write any code in the Driod or IOS or Windows projects and can get away with doing everything in a class library itself.(Am I right here?)
Also, the first link seems to not require any provider like the second link does because I am invoking a direct service call to a Url. The second link on the other hand only seems to support Facebook, Twitter, MicrosoftAccount, Google and WindowsAzureActiveDirectory. The mandatory MobileServiceAuthenticationProvider parameter doesn't seem to provide for Custom Authentication against a sql server based User table. I am not sure about this part and cant find documentation that says otherwise.
If LoginAsync doesn't provide for Custom Authentication then its clear that I will need to follow the InvokeApiAsync route. If it does provide it then the question is: should I write platform specific(Droid/IOS/windows) code in each target project like in the second link or should I handle all the service calls in a class library as can be done in the example shown in the first link? In other words should I go with LoginAsync or InvokeApiAsync? Which of the two is the recommended way?
The first article shows off custom authentication, as you intimated. The second article shows off App Service Authentication, which has a known list. If you need to do a custom username/password, then go with the former. If you need to go with social auth or enterprise auth, then go with the latter.
My general recommendation is don't require the user to create yet another username unless you have to - which means social authentication for consumer apps and enterprise authentication via AAD for enterprise apps.
My other recommendation is to always use the client SDK for doing the authentication part. This allows you to follow the very latest practices from the provider (facebook, twitter, etc.) in respect to security, refresh tokens and other authentication requirements. Once you have the provider token, it's easy to swap it for an Azure Mobile token by using LoginAsync() with a token. See the Azure Documentation for information on this.
In all cases, you are going to need platform specific code - that means using the DependencyService (as in the second example) to execute your login code. I generally create a singleton class that wraps the MobileServiceClient in the PCL. Then create an ILoginProvider interface which has LoginAsync/LogoutAsync code in it to handle the platform dependency code. My singleton class then calls the DependencyService to get the code. You can find an example in my GitHub Repository that covers iOS, Android and UWP.

using OAuth in node application

I am developing an application which is only going to be required to be used by a few people within the organisation. It is being developed using Yeoman and expressJS.
What i need to do is only authenticate a few users to use their google accounts as they require access to google calendars etc which they currently share within their organisation. The only difference is that it will be used within the application.
The users will need to login but trying to find out how i can use their google accounts to login and colloborate?
I only want to limit it to certain users.
Hope someone can assist.
Regards
Passport.js is a popular choice of authentication/authorisation library. You can easily integrate it with express. It has a strategy for google account using OAuth as passport-google-oauth.
I have never used it, but it seems very straightforward.
If you have ever used the google API the examples seem easy to understand.
https://github.com/google/google-api-nodejs-client/

Resources