I've just begun playing around with the Nest API and am having trouble understanding why the OAuth2 server will not redirect a response to my redirecturi.
Example of my authentication attempt url:
https://home.nest.com/login/oauth2?client_id={ClientId}&redirect_uri=http://localhost&state=STATE
I'm able to authenticate and get a PIN back but ideally this is a response sent back to me and handled in my app dynamically.
Nevermind - I realized how can it possibly redirect to my localhost. Oops!
Thanks for the comment David - I found the redirectURI on my clients page now...must have overlooked that before.
Related
So I'm currently building a really small app to prove a concept using Node, passport, and angular.
I'm having trouble trying to get the users information from the server to my front end because of the way that twitter authentication works. And I thought I'd reach out to see if any of you can help me understand.
Basically my problem is that I call my backend localhost:8000/auth/twitter and that redirects to the twitter auth page, and then calls a callback which is in my backend. At that point I have user data, and all is good. However I can't just send that to my frond end as I have to do a redirect.
If I redirect to my front end: localhost:4200/ I no longer have the session data that is included on the request from the backend. So I can't redirect to the front end.
I can redirect to a page in the backend, and I have all the data available to be, but that doesn't really help me as I need to send it down to my angular app.
What would be a good way of doing this?
Is it possible?
How can I make sure that the user that is using my site is authenticated when calling backend routes to do things?
Any help would be greatly appreciated.
If you'd like to see my code, I can show it but I'm not sure if it would help, as I'm just trying to understand a concept.
I am implementing google reCaptcha. In the Google documentation, they say the way to do it. The documentation suggests server side validation of captcha. I wanted to know why we need to verify it in the server side as it is already verified in the UI side from the google server. Is it a suggested to implement captcha in the UI side alone with no validation in the server? What are the problems(if any) if done in UI alone.
a example would be: you're creating a register form and want to prevent bots to create a account on your site, you need to verify it serverside, because in the background you're sending a request which will look something like this:
POST /register 1.1 HTTP
Host: www.example.com
{"username":"example","email:"hey#gmail.de","captcha-token":"123984f729340fmu2q34f9"}
and if you dont send the captcha-token with the request or the server doesnt validate it, this bot could just spam this request without loading the frontend page. Please mind in head, that bots dont visit your "UI" (frontend page). Just verify everything serverside like text length, bad characters, rate limits...
it will be great if someone can help me with this and I have researched for countless hours on stack overflow already
This is my login page
When I click on the facebook button, it takes me to /auth/facebook
Then after that, I get redirected to a
ECONNRESET: Request could not be proxied!
There was an error proxying the request error.
In the terminal, it says:
enter image description here
How do I fix this? PS.
Going off this tutorial
https://scotch.io/tutorials/easy-node-authentication-facebook
Also Im using node.js, MongoDB, express.js, and facebook
Much thanks and have an amazing day
From the error that I'm seeing when trying to authenticate your app via Facebook, it seems as if your domain URL has not been properly added to Facebook's Developer API.
Are the proper URL's entered for your Facebook App Domains (in Basic Settings) and Valid OAuth redirect URIs (in Facebook Login Settings)?
Also, regarding that Node error that you're receiving, what is on line 60 of your Passport.js file?
I've been looking a lot for an answer here.
I have a nodejs server with some REST endpoint. Each endpoint has isLoggedIn middleware so I can authenticate the user by it's email.
The client runs on port 4200 and the server runs on port 3113.
What I would like is basically to have my client redirect to Google's consent screen if not authenticated. Since the ports are different I get:
XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/v2/auth?response_type=code&redirect_ur…d=604408607019-ha937stehe6s3nk7ea892rviihrq5n4s.apps.googleusercontent.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
Now, what haven't I tried... :)
I tried using the CLI proxy feature (it's a webpack configuration) and to forward all /api requests to the server.
I have added headers to the server but then I realized that it's Google who's sending this error and not my server.
I saw lots of posts here that are related. The best solution that I've seen so far was to put a login button and just put the call to auth in href, because I cannot do ajax calls between domains.
Is this really the best solution? Isn't it any other way to authenticate from the client while the authentication code is running on the server?
I even added all the relevant ports for the api and the callback call to Google developer console.
BTW, all works well when a client is served from the same port.
Thanks.
A little late, but I have your solution. I just solved this myself and I stumbled upon your question when I was looking for a solution. You will not be able to call a .http.get() request from the google auth itself through Angular. What you're going to have to do is do a redirect window.location.href = 'your-express-uri-here' and then when you authenticate, you can create a new Express route, and get the user data from that route itself. for example you can call .http.get('your-profile') from angular and then in your express route have your route be router.get('your-profile/', (req, res) =>{ res.send(req.user) } This works, because with Passport you use a cookie and when you sign in you are authenticated already, and you have access to the data from the user. You don't need to have a GET request from the login to get the user data, just a GET request from your node app once you have already logged in using Google+Passport. For this to work, you do have to run Angular in proxy to your node app.
I have approved for public_content clientId. To get access token, I send a request to www.instagram.com:
GET /oauth/authorize?client_id=MyClientId&redirect_uri=MyRedirectURL&response_type=code&scope=likes+comments+public_content HTTP/1.1`
After authentication, the browser redirects me to MyRedirectURL and I can get the code from the URL.
With this code I send a request to api.instagram.com:
/oauth/access_token HTTP/1.1
client_id=MyClientId&client_secret=MyClientSecret&grant_type=authorization_code&redirect_uri=MyRedirectURL&code=CodeFromURL`
But sometimes I get response HTTP/1.1 400 Bad Request.
This situation continues for a few hours, and sometimes for a day. It is interesting that the problem is very unstable. I may have two client apps that make identical requests, and one app will work fine, while the other will fail at the same time. Looks like it is a problem somewhere in the Instagram infrastructure.
Instagram is no longer supporting custom schemas for your callback urls. That was my problem, I changed it to https and the problem was solved.
I think you should prefer this document of Instagram.
You may also receive responses with an HTTP response code of 400 (Bad
Request) if we detect spammy behavior by a person using your app.
These errors are unrelated to rate limiting.
It seems like , we can not use http://localhost/... in call back url. Instagram may have restricted it.
It worked for me, when I have added live Ip of my aws server. for example http://xx.xx.xx.xx/.. instead of localhost.