I'm developing an api server in (NodeJs/ hapi) coupled with an android application.
I'm having a problem understanding how to do login via a third party like google and facebook.
So far my strategy is:
authorize my app(android)
get the email and other data from google/facebook(android)
Send email and data to my server and save it in a database(server)
Next time when authentication. I'll just check the same data(from google) against the save data(my server).
I'm pretty sure there is a better way to do it, but the documentation I have read so far leave me with a head ache.
Help is appreciated.
I just setup a demo project using ExpressJS.
It would be interesting to have a fork for Hapi.
Check it out if want: http://git.io/RHnjBg
Related
I have following problem:
I have an App with React Native and I need authentication via Facebook.
I figured out how to do it with expo and the expo-facebook but my problem is, that I also need authentication in the backend, which is done with NodeJs.
What is the right approach to do it, when the backend also needs to be secure?
I looked thru the internet for ours and didn´t find any tutorial...
Thanks in advance!
Check Passportjs. It's an authentication middleware for Nodejs. Search for the relevant strategy. Should be fairly easy to implement.
Scenario:
I’m building Spa end Android app with quasarjs.
The backend is a feathers-js server with the feathers-js-oauth plugin for authentication.
I am using an SQLite database to store users.
I set up Facebook and Google oauth2 login, and it works in Spa mode with simple hypertext link “/oauth/google” in quasar
https://docs.feathersjs.com/api/authentication/oauth2.html#client-usage
Usually, for OAuth Cordova, people use “browserinapp” plugin that opens a pop-up for oauth2 authentication to fetch the token.
The problem is that Google dropped support for browserInApp user agent as you can see here https://github.com/nraboy/ng-cordova-oauth/issues/283
Did anyone have the same issue? How to solve?
I see some people use firebase, but can I use it only for authentication? I would like to maintain my server app with user collection.
I have the same problem. Temporarily fix the problem in a non-optimal way
add a timeout of 2 seconds inside the signInWithRedirect () method and then get the result getRedirectResult ()
Only works in production mode
I opened a case at https://github.com/quasarframework/quasar-cli/issues/186
I started studying openAM recently and need to go deep into its infrastructure.
I have learned that openAM provides some authentication APIs such as
Post: http://mywebsite/openam/json/authenticate
headers: X-OpenAM-Username:xxx , X-OpenAM-Password:xxx
Basically I want to learn more about how openAM handles such a request, where is the controller? how does it validate the username and password? Can anyone give a hint where to start in openAM's source ?
If you have the privilege of having access to the OpenAM/AM source code, then you could start to look at AuthenticationServiceV1 and the various RESTAuth*CallbackHandler classes to get a closer look at the REST side of things.
If you are interested in the authentication framework in its all glory, then AMLoginContext, AuthContext, LoginState and AMLoginModule are the classes you should take a look at.
Please read OpenAM 13 Developer's Guide - Using the REST API at first.
If you want to know the implementation and behaviour of REST API, please check the OpenAM debug logs, read source code of OpenAM REST Services and attach a debugger by using IDE.
you can get token value after posting below REST API
Post: http://mywebsite/openam/json/authenticate
headers: X-OpenAM-Username:xxx , X-OpenAM-Password:xxx
After that a list of List of REST API provided by openAM
you need to add header value for every request
"iplanetDirectoryPro" = "Received token value"
I am using Electron to create an app for my raspberry pi to run and i want to be able to use my spotify playlists but i am having a little trouble using their api. I need to use their authorization code flow which grants you an access token after you login in. My question is, do i need to have my app running on a server (in localhost) in order to be able to make use of the spotify api ? I started playing around with Express but i am still not quite sure what i am doing or need to do.
Has anyone done this before or have any advice?
Are there any nodejs modules that help with this kind of authentication?
I tried to develop a node.js module that allows the use of the SOAP web service of CRM Online: XrmNodeKit
The code based on the JavaScript code provided by Jason Lattimer
So far I was able the retrieve the auth-token but when I execute the WhoAmI requst the web-service call just runs forever (see test "should fetch the name of the current user", no error is thrown....
You can find the source-code on github
Has anyone tried to consume the SOAP web-services via Node.js?
Have you found this post?http://www.alexanderdevelopment.net/post/2015/01/24/authenticating-from-a-node-js-client-to-dynamics-crm-via-ad-fs-and-oauth2/
I understand this is the correct approach. You need to use OAuth.
But it is not correct in one regard (I'm quoting an expert from the CRM product team)
He says "You cannot move the node.js code to client, since in this case you need to use the Implicit flow rather than the Authorization code flow , Finally after getting the OAuth token, you still cannot send it to our Web services from the client since [CRM Online] does not support CORS in 2013/2015"
While this is a .NET sample it covers the principles, just have to make it work with Node.js: https://bitbucket.org/Georged/caseowary/overview (credits to George Doubinski)