Currently I am trying to create a login page that would allow a user to authenticate through his facebook account. All the tutorials I found explain how to implement it, but in all implementations their websites take a user to Facebook's login window. I wonder if it is possible to use my own login page to provide a username and password using my own form and then authenticate the user on the server side without any Facebook pages popping up?
Thank you in advance
Related
I am trying a post-call to generate an access token using the client username and password. I would like to know how we can achieve this through Node Js Code.
Generally speaking, access_token are rattached to the OAuth2 authentication framework, which doesn't require the application owner (you) to have access to one of your user email/password. This is a more secure approach that is broadly adopted.
The way OAuth2 works on the Google Calendar API is a 3-parties (or 3-legged) authorization. Let's take the example of a user that browses your website and want to sign-in using its Google Account. The steps to authenticate him are the following:
The user clicks on "Sign-in with Google"
The application owner (you) performs a request to Google saying that a user wants to connect (that's the OAuth consent screen)
Google replies by giving you a URL (authorizationUrl) where to redirect the user
On that URL, the user is prompted with several information about your application and can grant access.
When the user has granted access, Google will redirect the user to your application success page (callbackUrl) with a unique code.
Using that code, the application can retrieve an access_token, which temporarly lets your application performs requests on behalf of a user.
These steps are a rapid overview of the OAuth-flow, also known as the OAuth dance. To make POST requests to the Google Calendar API, you will have to perform that OAuth dance for every single of your users.
Implementing that flow can be tricky. Fortunately, Google gives very helpful documentation on that. If you don't want to bother, you can also use API-tools (like Pizzly) that takes care of that for you.
I'm using Python and trying to login to basecamp to consume their API but i'm having some trouble with OAuth2 authentication...
How do I login without interacting with browser? I'm making a post request but it returns a 422 message...
I checked out the headers and they seem ok. I'm confused and dont know where the mistake is.
OAuth2 requires that the user authorizes the integration to access her/his account. This is done through a web page in which basecamp.com will display some HTML including a button. For this to work, the user must be logged in using the web form at https://launchpad.37signals.com/signin.
I've implemented that in Javascript: https://gitlab.petton.fr/basecampel/libbasecampel/blob/v0.2.0/proxy/src/oauth.js. The function at line 20 opens the system's default web browser in which the user is supposed to login if he/she is not logged in already.
Requesting an access-token for Instagram App needs user to hit some url, and then log-in and then click on Authorize button. Is there any way to get this done without anyone intervening?
No, its not possible without redirecting to Instagram login page.
Here is documentation for authentication:
https://www.instagram.com/developer/authentication/
I have creating a website running on Node.js and Express. For logging into my website I use passport.js based social login with Google, Facebook and Live.
I need to expose user data via authenticated REST services so that website's Chrome & Firefox browser extension can do CRUD operations.
When user clicks on a button injected via browser extension, I need to check if user is already logged in to website. If user is not logged in then I will do a redirect for login and return back to original page.
I am clueless after this. Which token do I use for REST API calls ?
Any Advice ?
After the social login, when the user is redirected to the callback url, you can create your own token, e.g. using uuid, and then send it to the client.
For all the consequent requests the client needs to use that token for authentication and you have to manage its expiration.
I would like to make a login page where users provide credentials and then have other pages check if the user is authenticated before serving those internal pages in Undertow.
While the example shows how to authenticate a user (for what will eventually turn into a login page), if the user were to navigate to another page after authenticating, how do I test if that new page request was been made by the authenticated user?
I have referenced http://undertow.io/documentation/core/security.html and https://github.com/undertow-io/undertow/tree/master/examples/src/main/java/io/undertow/examples/security/basic.
This is an ancient question no one answered, but I did manage to learn about Keycloak which is Wildfly (Undertow) + SSO/Secure login.