How to redirect users to login page when users try to access without login using direct URL.
I have completed a token based authentication, after user login I got token, so I will maintain same token for further request. But I tried direct url without login, page is loading. I want to allow access only after user login.
Please refer this link https://github.com/strongloop/loopback-example-access-control. I have downloaded this application and I tried the direct url without login (that is http://localhost:3000/projects), page is loading. Here I want to redirect login page. Please suggest any sample application.
I am not using AngularSDK
Related
I want to implement a feature in which there is a central login site lets say: https://example.com , and when user enter login credentials in this page and select from dropdown on which sub domain user wants to log into, the user gets logged into that subdomain like https://abc.example.com.
I am using MEAN stack and jwt token for authentication. JWT implementation is applied in standard way in which first: request is sent to "/authenticate" and then token is returned which will be stored in browser local storage.
I have successfully done one site authentication ie. login from https://example.com and logging user in that domain, but now I want to implement like this flow =>
On login page of https://example.com :
User can select an option from drop down in which subdomain to login
After that user enters login credentials ( these credentials can be different or same for all subdomains )
User gets redirected to dashboard page of that subdomain ( with JWT token stored in the local storage of that selected sub domain )
Above is the flow I want to be implemented but can be changed if other flow achieves the same result
I have searched questions and blogs regarding this topic:
I have gone through SSO ... but that is not what exactly I want; because SSO is like login in one subdomain and it gets logged in everywhere else... but I want to login from a single login page to subdomain's dashboard page based on user selection.
How I have thought of implementing this (not working) :
I will first send "/authenticate" request to https://example.com with parameter like
{ username: "alice", password: "****", subDomainUrl: "https://abc.example.com"}
My nodejs backend will authenticate and return me the JWT token. Now I will redirect to that subdomain(https://abc.example.com) and send this token from https://example.com to https://abc.example.com and somehow it will get stored in this subdomain's(https://abc.example.com) localstorage. After it is stored in local storage I can easily do my other work.
So how to implement this? Is the above approach practical; if then how to properly do it? What is the best way to implement these kind of architectures? Any help will be great, Thanks!
I suggest you first send /authenticate request from https://example.com/.
It will be validated by nodejs backend and then generate JWT token and redirect to the new subdomain including token.
http.get('*',function(req,res){
res.redirect('https://abc.example.com?token='+JWTtoken);
})
You can fetch the token from the subdomain and store in your local storage. Further, you can use this token for your api authentication.
My website has AAD authentication enabled and it works fine when we try to access the home page.
But if I am accessing html pages directly, it is not prompting for authentication. Am I missing any setting to enable authentication for all the pages?
Usually you have to set up your pages to request the user to be authenticated before it loads.
Here is me solving this problem with Python Flask:
Refresh Tokens for Azure AD V2 Applications in Flask
Now, in order to invoke this code at the right time, I need to create
a view decorator, and Flask has a sample for almost exactly what we
want to do here: a login required decorator.
Basically, we add this decorator to any view where we expect the user
to be signed in. If the user has no token, we will redirect them to
the login page. If they have an expired token and a refresh token, we
will use the refresh token to get a new access token. Otherwise, if
the token is present and valid, we simply let the view load.
This same concept is available out of the box using .Net: active-directory-dotnet-graphapi-web
You can find in the README of this sample the following:
If you want the user to be required to sign-in before they can see any
page of the app, then in the HomeController, decorate the
HomeController class with the [Authorize] attribute. If you leave this
out, the user will be able to see the home page of the app without
having to sign-in first, and can click the sign-in link on that page
to get signed in.
Requesting an access-token for Instagram App needs user to hit some url, and then log-in and then click on Authorize button. Is there any way to get this done without anyone intervening?
No, its not possible without redirecting to Instagram login page.
Here is documentation for authentication:
https://www.instagram.com/developer/authentication/
When the user clicks on some secured page or try to open some bookmarked page(which is a secured page), if the user is not authenticated then user will be redirected to login , and then after authentication , user must be redirected to the requested secured page.
Please help me to achieve this using sails.js. Thanks a lot.
I tried one method ie in policies/authenticated.js , i stored req.url(ie requested url) in session and redirected to login , once user authenticated , the user is redirected back to the req.url. This works.
Scenario:
I built a Facebook tab application that requires authorization.
The application is installed on a Facebook page.
When an unauthorized user accesses the application I redirect to the OAuth dialog:
http://www.facebook.com/dialog/oauth?client_id=appid&redirect_uri=http://www.facebook.com/pages/page name/pageid?sk=app_appid&scope=user_birthday,user_location&display=page
Note the "redirect_uri" is the Application on the installed Facebook page.
So, if the user allows we redirect to the tab application - This works fine!
But, if the user denies access (clicks Cancel button - using new OAuth dialog).
The user is again redirected to the tab application and again redirected to the OAuth dialog.
I have noted from the documentation that when the user denies access the browser will redirect to the "redirect_uri" with the following parameters: error=access_denied&
error_description=The+user+denied+your+request.
But if Facebook is using an additional redirect to my application from the "redirectt_uri": http://www.facebook.com/pages/page name/pageid?sk=app_appid
...the error response seems to be lost.
Note: I can successfully capture the error parameters when setting the "redirect_uri" to the canvas url, but I need to have the redirect_uri formatted to open the application in the context of the installed Page if the user allows access.
How would I capture the error parameters in this scenario?
I solved this by adding a flag to the app_data parameter for the redirect_uri. When the user accesses the application initially, this flag is set. I check for OAuth token, if one does not exist I redirect to the OAuth dialog with a redirect_uri to the application installed on the Fan Page. The redirect_uri now includes the flag in the app_data parameter. So, after "Canceling" the application, Facebook redirects to the installed application on the Fan Page - I then check for the flag and redirect to an error page.