I have the following code to make ember-simple-auth work with torii to authenticate my ember js app using facebook: https://github.com/wayne-o/sonatribe/blob/master/src/sonatribe-ui/app/routes/application.js
My NodeJs API (sails / waterlock) has an endpoint which accepts the access token to authenticate the user on the backend.
My flow ATM is to fire off torii through ember-simple-auth which provides me with a token - this can't be used with my backend as it would have already been consumed by torii / simple auth.
To overcome this I am having to use the FB JS library to re-login and grab the access_token which is then sent to my API and the login completes.
This is a complete faff and loging the user in twice in the ember app seems ridiculous and is almost certainly down to my lack of understanding of how this should work.
Can anyone shed some light on how I am supposed to be doing this?
Related
We have a project.
Nodejs RESTapi
React native mobile app
I followed a tutorial about Google oAuth signin / signup in Nodejs. There basically front end sends and access token to the back-end and the back-end verify that token with the Google, If that token is valid back-end generates a JWT token and pass to the front-end.
I think this follow will nicely working with the Single page applications,
but I don't know how this gonna be work with react native mobile apps. Because, according to the tutorial that access token get expired.
I have no idea what should I do after that token expired?
Usually you also get a refresh_token that it is used to renew the main access_token.
The access_token has a limited lifetime, but the refresh_token never expires unless you remove the authorization on Google's side. In that case you need to ask the client to login via Google's OAuth once again.
I'm creating a game in which I would like to use firebase authentication using cloud functions for logging in and registering users. Since my dev platform (GameMaker Studio 2) doesn't have the firebase sdk, I've resulted in attempting to use the firebase auth restAPI. To authenticate a user, I have to at one point create a custom token using the users uID and then use that to login. The problem with this is that I can't really understand the flow of the authentication. How could the client have knowledge beforehand on it's userID from parameters such as email and password?
Any help in understanding the flow I need to authenticate a user will be greatly appreciated.
If you're developing on node.JS, you should be able to use npm to install the firebase package -- that would simplify things greatly.
Otherwise, the overall flow of authentication should look as follows.
Client gives email and password
Pass email & password to Firebase Authentication using your HTTP request. You should receive an auth token, and a uID if authentication was successful. (see here)
Now you have an id token that you can set as a cookie in your client's browser. You can verify this cookie by storing it in your backend for each subsequent GET request to your Node server.
I'm facing a problem related to oauth authentication using NodeJS. The main concern is how to connect all to my current architecture. Lets me explain it a little bit.
I have a Cloud API which is a REST API to serve and manage the data. I also have the web client developed in ReactJS (an SPA). My main goal is to allow social authentication without redirect or without to leave the page. For this, I'm using HelloJS and the oauth proxy in the same Cloud API.
Taking for example my Facebook App, the workflow is like:
The user clicks signup with Facebook
The oauth proxy serve as "handshake".
Facebook sends back the token to the web app.
At this point, this approach is working perfectly for me. My main concern is how do I send the token to the Cloud API for registration?, obviously I could add a middleware in the Cloud API to automatically register the user in the database, however I still need to invoke the authentication from the web client in order to exchange that token for a JWT token.
Yes, I'm using JWT for communication with the REST API. I would like to allow local registration and social registration (Facebook, Twitter, and so forth).
It seems odd to me to trust in the token received from the web app without ensure that it is real and not expired. I thought to check it with passportjs.
Advices or recomendations?
Thanks.
I'm trying to create and app that uses reddit's OAuth flow to authenticate the user and retrieve an access token that will be used by my app for further reddit api calls.
When they consume the api call '/login', the client to be redirected to reddit's OAuth page where they will login and and accept or decline. Then they will be redirected to the OAuth callback URL where NodeJS will fetch the token (or the error) and proceed.
What is the best way I can test this flow and obtain the access token in the tests so I can use it for further testing calls?
The best way is to mock the authorization URL in your tests, just to make sure that the rest of your app works correctly.
If you do need a valid token, for some sort of system testing after that, you have to check if the provider supports other authorization grant types that do not require user interaction. Like for example client_credentials or password grant_type.
I am building a ember cli app and I would like to know what is the best approach for user authentication and authorization.
I fiddled around with https://github.com/simplabs/ember-simple-auth
https://github.com/simplabs/ember-simple-auth/tree/master/packages/ember-simple-auth-torii
along with it for social auth like facebook and gmail.
But what happens is client(emberjs) sends request to facebook/gmail app and gets back a token.
But this token is on the client side and my server does not know about the received token.
Question - How do I make the server aware of the token received on the client(ember js) ?
What should be the approach if on my ember app I want to include custom login that communicates with my node backend and gets a token and as well as I want to be able to login via facebook/gmial. ?
I am looking for a unified and seamless login solution that works well with ember cli
See this question: Workflow for Ember-simple-auth, Torii and Facebook Oauth2
You simply define a custom authenticator (you could also override the torii authenticator as opposed to the OAuth 2.0 authenticator as in the answer) that first gets the token from torii and then posts it to your own server in the authenticate method.