I use matomo Tag Manager to get the frontend data. I want to pass matomo analytic data in aws api gateway.
Is there any way to pass matomo data on the AWS side?
Related
I'm new in the back-end world and I'm trying to create an admin backoffice with React-Admin, except that I have trouble choosing the dataProvider.
I have a MySQL Express API, which I developed locally so I use Simple REST Data Provider, but it doesn't support HTTPS protocol?
I try to put in production my back-office linked to my api in https://___.org but I have "a communication error with the server".
Isn't it not advisable to use http for such sensitive requests? How can I make requests to my API in a secure way while remaining in harmony with React-Admin?
How to sync requests after deploying WebHook with your own server
You will need to enable the Homegraph API, create a service account key, and then call the API. Detailed instructions for each step, along with example API calls are shown in the developer docs.
I have the following entities:
An mobile app
in-house API Server
in-house OAuth Server
I need to implement OAuth in mobile app to the OAuth Server, and access user information in the API server afterward, and I am having trouble with how this can be achieved securely. I have only think of the following methods:
Method 1: Pass user id directly from Mobile App to API server
Login user through OAuth in mobile app (using library like AppAuth)
Store the user id retrived from OAuth in mobile app
Mobile app send the user id to the API server, so they can retrive the correct resources back to the mobile app
However, this method seems non-secure, as attacker can fake their user id when passing to the API.
Method 2: Pass OAuth access_token to API server, let API server call OAuth server again
Login user through OAuth in mobile app (using library like AppAuth)
Store the access_token retrived from OAuth
Mobile app send the access_token to the API server
API server pass the access_token to the OAuth server
OAuth server return the user info back to API server
Now API server have the user info, and can return the correct resources back to the mobile app
Method 2 seems more secure, however I don't seems to see this kind of infrastructure suggested by anybody. This method also seems resource intensive as API server need to call OAuth server every time an API is called.
So my question is:
What is the best Practice with accessing API Server on mobile app which login using OAuth?
If there is a best practice, any link to those resources?
Thank you!
I have an angular web app talking to a c# .net web api back end.
They are both hosted on azure app services.
Azure app services offers a suite of authentication services and I've chosen to use google auth.
I've got my google client id and secret setup in azure google auth and my web app correctly shows and prompts me for my google credentials.
My problem now, is that i need my web api back end to authenticate the web app google token. I couldn't find any articles or tutorials that demonstrates the following:
How to get and send the token to the web api? I've read that azure app service should automatically inject the necessary auth headers but any calls to my api do not include those headers. Should i manually call auth/me and add them to the request header?
How do i get my web api to authenticate the details from the request header with google auth? Do i need a separate client id for the web api or should i re-use the web app client id?
Cheers!
According to your description, I assumed that you are using the built-in Authentication / Authorization provided by Azure App Service.
AFAIK, App Service Authentication (Easy Auth) provides two flows: client-managed and server-managed flow. For the server-managed flow, the server code manages the sign-in process for you, and your backend would directly receive the token from the relevant identity provider (e.g. Google, AAD,etc.), then both generate a authenticationToken for browser-less apps and AppServiceAuthSession cookie for browser apps. Details you could follow Authentication flow.
For your angular web app, you could just use server-managed flow, after user successfully logged, you need to call https://<your-angular-app-name>.azurewebsites.net/.auth/me to retrieve the google access_token, then send the following request against your web api endpoint for retrieving the authenticationToken as follows:
POST https://<your-webapi-app-name>.azurewebsites.net/.auth/login/google
Body {"access_token":"<the-google-access-token>"}
After successfully retrieved the authenticationToken from your Web API endpoint, you could send the following subsequent requests for accessing your APIs:
GET https://<your-webapi-app-name>.azurewebsites.net/api/values
Header x-zumo-auth:"<authenticationToken-generated-by-your-webapi>"
Moreover, you could also use client-managed flow in your angular web app, you may need to directly contact with your identity provider (Google) to retrieve the access_token in your client via Auth0 or google-signin or other third-party libraries. Then you may need to both send request to your angular web app and Web API web app for retrieving the authenticationToken as the above request sample.
Do i need a separate client id for the web api or should i re-use the web app client id?
Per my understanding, you must use the same google application. For AAD authentication, you could configure a AAD app with the access permissions to another AAD app.
We are developing a web application based on Angular JS on front end and firebase in the backend. We are considering to use Amazon S3 service to store the images and other attachments. The users logged in on our application are allowed to upload. Only some uploads are readable by public.
As there is no server side execution with firebase, what is the correct procedure to do such a setup without statically exposing the credentials publicly on the front end?
If is it not possible, we are considering to run a node.js server which is generating the credentials dynamically and writing into firebase. The frontend can read and use this credentials to upload the document to S3 bucket. But this is our last option.