tl;dr: Is there any way to create a facebook login session with passportjs using existing access key?
I'm working on a product that is composed from a website , a mobile app and a nodejs server that serves both entities. registration is possible using facebook login from both mobile app and the website. Passportjs perfectly handles the facebook login procedure from the website, while keeping the users details in a mongodb server.
Login from the android app is implemented with the facebookSDK. Once the user is logged in , I file a request to our internal server with the access key and the facebook id in order to submit a request to facebook and authorize the user + request her details.
Right now, I'm using 2 different libraries to do that (passport for registration from the website and node-facebook to request the users details from an existing token) but that's an aweful waste and not very efficient.
Is it possible to harness passportjs to create a facebook session from an existing token+facebook id?
The passport-facebook-token strategy is designed to handle just this situation.
Related
Scenario :
User is logged in on my app using Google oauth (using next-auth Google provider)
Now I want to give user the option to connect their Twitter account permanently on Button click(i.e. store their Twitter access token somewhere in db).
Once the user connects and authorises my app using Twitter, my app can perform action on Twitter on behalf of the user.
Next time, user just has to login on my app using google auth, and he should be able to access and perform action (use Twitter API) without authorising again from twitter page
Main Question:
Q1. Does next-auth support different providers on different page? If yes, then how to call signIn() for each of them individually?
Q2. Can I implement point 2 to point 4 in next-auth? If yes, then how? If No, then what's the alternative approach?
I'm currently developing a front-end system (build using NextJS) and backend (build using Node/ExpressJS). I'm using Firebase for the authentication system. Users can log in / signup to the website using email/password, Google or Facebook login. The system also needs to store user data on its own, and it uses the Postgres database for its persistence storage.
Currently, this is what I have:
For Registration
with username and password
user fill in the sign-up form
frontend call the firebase.auth().createUserWithEmailAndPassword(email, password)
frontend call the /register endpoint on the backend with the Authorization header consists of the token that's generated from the above step
with google / login
user click on the sign up with Google / Facebook button
frontend call the firebase method to open up a popup for Google / Facebook login
frontend call the /register endpoint on the backend with the Authorization header consists of the token that's generated from the previous step.
For Login
with username/password
frontend call the firebase.auth().signInWithEmailAndPassword(email, password) and store the token generated from the response in cookie
all of the subsequent requests to the backend will use the token as an Authorization header
The only thing that I'm still not quite sure about is Google / Facebook because it uses the same firebase function. How to differentiate between login/registration for the social media login apart? And is there a better way for the system to ensure that the user data is created in the database? At the moment, when the /register endpoint throws an error, I'll call the firebase.auth().deleteUser function afterwards.
I believe this must be a common scenario for a website that uses Firebase authentication. I really appreciate any suggestions.
I have created a connected App in salesforce end, and using passport saml to provide SSO to several nodeJs applications based on expressJs.
SSO is working fine.
However when I logout from salesforce, I can still login to the applications.
I believe that this has something to do with cookies. Is there any way to watch a salesforce cookie and logout when it is invalidated?
Or is there any way to send a call from salesforce to one of my routes when a logout is initiated?
You can validate the auth token(salesforce or whatever) before serving the static files.
However, if you are building a SPA, then you will need to validate the session in the frontend code(which runs on the browser) as well.
Otherwise, your approach will not work when the browser performs caching and when you are saving data to the browser's local storage from your SPA.
The solution is to validate the salesforce auth token before serving the web application from NodeJs. In other words, the NodeJs backend application will validate the corresponding salesforce session using the salesforce sessionId token received when logging in using the jsforce.connection.login interface. If the session is no longer valid, the passportJs session should be invalidated using req.logout() method
I'm facing a problem related to oauth authentication using NodeJS. The main concern is how to connect all to my current architecture. Lets me explain it a little bit.
I have a Cloud API which is a REST API to serve and manage the data. I also have the web client developed in ReactJS (an SPA). My main goal is to allow social authentication without redirect or without to leave the page. For this, I'm using HelloJS and the oauth proxy in the same Cloud API.
Taking for example my Facebook App, the workflow is like:
The user clicks signup with Facebook
The oauth proxy serve as "handshake".
Facebook sends back the token to the web app.
At this point, this approach is working perfectly for me. My main concern is how do I send the token to the Cloud API for registration?, obviously I could add a middleware in the Cloud API to automatically register the user in the database, however I still need to invoke the authentication from the web client in order to exchange that token for a JWT token.
Yes, I'm using JWT for communication with the REST API. I would like to allow local registration and social registration (Facebook, Twitter, and so forth).
It seems odd to me to trust in the token received from the web app without ensure that it is real and not expired. I thought to check it with passportjs.
Advices or recomendations?
Thanks.
I have creating a website running on Node.js and Express. For logging into my website I use passport.js based social login with Google, Facebook and Live.
I need to expose user data via authenticated REST services so that website's Chrome & Firefox browser extension can do CRUD operations.
When user clicks on a button injected via browser extension, I need to check if user is already logged in to website. If user is not logged in then I will do a redirect for login and return back to original page.
I am clueless after this. Which token do I use for REST API calls ?
Any Advice ?
After the social login, when the user is redirected to the callback url, you can create your own token, e.g. using uuid, and then send it to the client.
For all the consequent requests the client needs to use that token for authentication and you have to manage its expiration.