I'm building an anonymous app like yik yak and wanted to ask what is the proper passport strategy to use to authenticate. I'm currently using the device's UUID. I looked at the local strategy and that requires a username, password and it's session based (i'm implementing token based so my api isn't left open).
That said, would I implement a passport-http basic strategy and disregard the password altogether and use just the UUID as authentication?
Please help! I'm not entirely sure how to approach this issue. I do know, however, that I don't want the user to login, ever.
Thanks!
Related
I am attempting to connect docusign on my app using nodejs and passport.
Requirements:
the docusign authentification is required only for few actions
a user can have multiple docusign connections
I would like to store the docusign token on my db, not only in session
Context:
I have already an other strategy with passport to authenticate my users (using bearer token in the headers of each request).
Is the library passport-docusign really suitable for these requirements or
it makes more sense to create something custom?
Someone which has the experience of this kind of use case would have any advice on it? 🙏
The passport-docusign strategy for passport is pretty vanilla.
If passport works for your use case, then the passport-docusign strategy should be of help with implementing the authorize code grant flow.
If you find changes/updates that could be made to the passport-docusign strategy, please add an issue or pull request to the repo.
Thank you.
I have an API eg. http://www.myportal.com/login and when we call this URL it asks for username and password and after successful login, it returns an access token.
Same thing I have to implement in Loopback4 by calling the above URL.
Please give some idea, will appreciate your help.
Based on your question, what you need to do is do authentication using passport-local strategy and then create a jwt token with authenticated user obtained.
But to do this, you will need to create a separate component with decorators and providers in loopback4. Loopback 4 team is working on ways to provide such features out of the box in the framework. But its not there yet.
We created a loopback extension for the same which supports 4 different passport strategies. You can use that from here. Hope it helps.
I need to enable authentication on my REST server, but I have some troubles in understanding,I think.
So, if I use some custom strategy, I need to take some credentials and checked it on some data-base, and if it's right credentials, return some token which user will use later.
Am I right? If yes, how can I connect my database and how data must look like for rest-server understanding?
You need to learn how to create custom passport strategy. If you want to validate the credentials stored in some database then, I think you might find a passport strategy for that database. You just need to provide correct COMPOSER_PROVIDERS arguments (you can check with the documentation of the passport strategy) and that's it. And I dont think rest server has anything to do with the way data (credentials) are stored in your database. It's the passport strategy which checks for your credentials.
I know that web apps don't normally tie their sessions to the sessions of their login providers, but I have a requirement in which I need to detect when the user signs out of their login provider so that I can sign them out from our application as well.
I currently have passport set up on my Node.js server. The login was very easy to implement and it's been working fine, but I haven't been able to find documentation on polling the current status of the user's session on the provider's end. Does passport provide a means to check this status? Calling the authenticate route again always does a redirect so I'm looking for a simple and ajax-friendly way to get a yes or no answer to the question: 'Does the user still have a valid session at their login provider's end? Thanks
This is going to depend on the provider and the protocols they choose to implement. What provider are you using? What protocol is used to authenticate?
Currently, SAML is the only widely-used standard which defines facilities for federated session management. Even in that case, I'm not sure how common those profiles are, since it is typically used for authentication only.
As far as Passport is concerned, that module is focused solely on authentication. Session management and logout are separate (but related) concerns. I'd like to develop other modules that work in conjunction with Passport; however, lack of deployed standards make it difficult.
I am using node (8.14.0) and want to access the Twitter REST API v1.1.
I tried node-oauth so far and simple https, but none of them worked further then "login with twitter".
I don't just want to authenticate user's (aka sign in with twitter), I want to perform actions on the API with their access.
My problem is, I have not found a single example for node describing the actual process of retrieving the needed access/request tokens from the user and performing the API call with them.
All node-oauth examples "assume that you already have access token and access whatever". Well I do not have them, and I do not know how to get them, since I find no concrete example or documentation. Only a reference to a reference.
As I know the oauth libraries are to authenticate or authorize.
While the authentication you get back the accestoken and refreshtoken from the platform.
This tokens you have to save in your session or database.
After that you can use it in combination with other libraries.
I suggest to have a look at passport or everyauth for user authentication. They both support oauth.
in addition:
Google has a pretty good documentation about OAuth in general. I think this schema can be applied to other platforms too.
https://developers.google.com/accounts/docs/OAuth2?hl=en