I would like to develop a system that can help any developer to create an application based to my API.
My problem is authentication.
I have see (for example) as work google with your services; I would like create an system of oauth (private) such as google (concept) that an developer, after sign to my portal, get APP ID and APP SECRET.
When developer self create these credentials, can use for call API based to https.
My API are developed by nodejs and express system.
I say which way is more stable for create an system robust for this scenario.
Thanks for any support. Any idea is appreciate
You can try http://passportjs.org/, it can work as a middleware with express.
Related
So my project has got a two asp.net projects. One is for showing date(User Interface) and the another one is API(for background processes like login, database calls and etc.). Right now my app has Username and Password feature to login. I have setup a startup class in my API which authenticates the user and pass the user token. Now I want to add a feature to login through Azure portal.
Can anyone suggest me a good practice in this situation? Like I don't want to change my code and just add a feature. Should I make changes in API or Web or Both? Meanwhile I was reading about expose api in app registration. Will it be appropriate to use it just for login purposes?
Azure AD supports OAuth2, OIDC and SAML. See more information here. It is probably best to introduce the mechanism through the API first, since it would apply to the frontend as well (though slight modifications may be required there as well).
I am creating two application :
1. Chrome extension for gmail.
2. It's IOS version
Now, since both the applications have same behavior and uses same google apis extensively, i decided to create a single project in google cloud platform for both. Now, when creating credentials, what will be my application type? I see both 'IOS' and 'Chrome App' under application type. Should i generate two Client IDs for chrome app and ios app?
To use single Client ID, i also tried creating a Node REST API (created a new project and set application type to 'web application' in google cloud platform) that will be used by both of my application to make request to google apis? But the authorization process includes, setting a callback url to get the authorization code and later use this code to get the access token. I guess this is not feasible for a REST API. Where should i keep the authorization part? In the application itself and later send the access token to my rest api? Is it possible?
I am very much confused about how should i start. Please could anyone suggest a better way to do this?
I generated two client ids, one for ios and for the web. Isolating both applications is a good way to start. Both the apps generate their own token id, pass the id to Node Rest API and later the use that token to make a request to Google APIs.
I'm faced with the current dilemma. My application flow is as follows:
Admin logs in
Has to select a list of clients
The selected Client data is then loaded in
Admin should now be able to Link Facebook, for example, to that
client's account with their credentials on a click of a button. Same
would apply for other social media accounts that the user has. The
reason that's important is the app then goes and fetches data from
their social media, such as Facebook Insights.
Is there a way I could achieve is ? I was thinking maybe Auth0 but I had a look on their documentation and it seems I could do it but only if Admin was the one linking his own social media account to his account. Can't really see a way where he could link other accounts to the Client's account currently selected.
I'm working with a React-Redux, Express and MongoDB app.
Even a push in the direct direction would be greatly appreciated.
This is certainly achievable using Auth0 - take a look at the Link Accounts API (User) - you want to use the second option using an API v2 token
See sample here that illustrates how this might work using Node.js.
You could possibly rework this to your technology stack pretty easily. Since you are using a Management Token you'd want that to remain server side (Express) and the react/redux app could make ajax calls via the Express Server side component - which in turn calls out to the Auth0 endpoint to perform the user search / linking actions.
I've been searching high and low for an example of using an Azure API App with authentication with a javascript client. Specifically I am interested in how something like an Angularjs app can authenticate with an Azure API app.
The closest I've got is this example http://azure.microsoft.com/en-us/documentation/articles/app-service-api-javascript-client/
but unfortunately this does not use authentication.
Given many users with be using SPA applications with Azure API Apps I would think there will be a lot of demand for this.
Does anyone have any pointers?
http://azure.microsoft.com/en-us/documentation/articles/app-service-api-dotnet-consume/#authenticated-call-from-a-windows-desktop-application shows how to authenticate for scenarios where we don't yet have an SDK. You should be able to follow the same steps from a JavaScript client. Hope that helps!
Thanks,
Mohit
I want to be able to programmatically update a Youtube playlist using nodejs. In theory, this is possible using the Google API and jsonc.
As I want to do this without user interaction I have been battling with using a Google API Service Account on nodejs server.
Notice there is no API Client Library for Javascript listed on this page.
I then stumbled across this message in the Google documentation for using Service Accounts with Google Drive:
For security reasons service accounts are not supported in client-side Javascript. Service accounts for server-side Javascript is not yet supported.
Is this saying that what I want to achieve is not possible? I cannot use a Service Account on a NodeJS server to make changes to a playlist without user interaction?
Correct. Not yet supported. There have been security problems with service accounts. This may become possible in the future.
Since yet there is no integration via Javascript for security reasons , you maybe want to try implementing this library.
https://github.com/extrabacon/google-oauth-jwt