I apologize if this might not be the correct platform to ask this question.
I need to start a new project. Laravel backend, ReactJS frontend.
Im really struggling to find out which authentication system to use.
I did read that a good approach might be setting up Laravel Fortify as a back-end and using Laravel Sanctum as part of the front-end to facilitate CSRF tokens.
Do you know of any good tutorials or where I can find documentation on how to use it in this kind of combination?
PS - I will move the question if it is not the correct place for it.
Related
I'm experimenting with these 2 technologies to make a secure web app [Currently learning React (60%) and Django (<50%). This is intended to be like a medical database, so doctors and nurses enters their patients' information. They need to login obviously. I wanted to implement React-based UI (And not using the classic method to create views from django), so I've found many tutorials just like this one:
https://www.digitalocean.com/community/tutorials/build-a-to-do-application-using-django-and-react
It basically turns Django into a restAPI, and then the React frontend uses axios to retrieve data from the endpoint. Sounds not bad at all (comparing to the native method of rendering data in a webpage from Django), but the problem is that I have no idea on how to make this secure, you know, Django provides an auth system, which is pretty good and secure, I have to say, but in a project with this structure, the auth needs to be done in React, so there many questions appear:
To start with, is it a good idea to make a project of this structure? (If no, then what could be a good one)
If it's a yes, how can I protect the API so only logged in users can interact with it? (What mechanisms to ensure protection)
Yes, this is absolutely a good idea to separate the client application and the backend server application.
You can access the backend through the rest api basically with any frontend framework/app/script.
Customers are able to extend their own applications with the abilities of your backend service.
You can create multiple different frontends that use the same backend or different parts of the same backend via the rest api (multi-branding, reselling). Or you can just swap the frontend framework every second year to a new one.
It's also easier to create different automations by using the rest api.
And the list goes on.
For django rest api auth I would recommend Token Authentication which is already included in the Django REST Framework and for React use this tutorial for implementing the login and the token handling.
And don't forget to use TLS on your servers, and create API documentation. (Example)
I am developing a React app that needs to be connected to a backend server so that the user can login using Google OAuth, and then once that access token is granted, they are able to see the rest of the app. However, I am having a difficult time understanding just how to connect the front-end app to the backend. If someone could enlighten me on this, using SpringBoot MVC and PostgreSQL, that would be great. Thanks!
You have several ways to communicate your FE(React) and your BE(SpringBoot MVC).
You can have REST endpoint on your Backend, and then try to communicate from your react application, you can use [axios][1], request or the native fetch.
Then you can just make calls to the BE, and try to read, update, delete or create information, you should read about CRUD.
The most common this days is build something like this:
(FE) <---> (BE) <---> (DB)
But I strongly recommend you to read more about:
- React SPA.
- REST, you can also read about SOAP or even GraphQL.
- CRUD.
You will found a lot of tutorials with very good examples of how to do it.
Hope this helps you to understand a little more what approach to use.
I plan to build Web application for which the structure is:
My questions are:
Is that correct structure in the commercial?
I plan that FrameWork of Frontend is express(nodejs) at first, but I try to change to django or flask because nodejs is my first use. I wonder if react can be used in this combination.
How about using firebase? You can handle authorization, store and retrieve data. I believe that it will be much easier than any other alternative.
This great article will enable you to implement authentication in few hours. Handling data is also simple, I would use redux as well...
I want to develop "Remember ME" functionality with Angular JS + JWT Authentication Using Spring Security 4 + Spring Rest API + Hibernate + Maven + Tomcat.
Because of some code review and business need, I am forced to use JWT method for user authentication and authorization with above mentioned Spring feature,
I searched on Internet for sample projects and application, But I couldnt find any solution?
Most of them doesn't serve my purpose or way complex to understand.
I would like to get a sample project for reference. Or an IDEA to complete this application. I am stuck with it.
Any one please help me.
Clarification:
My Login page should have "Remember Me" check-box, I have decided to use Spring Security remember me feature. But later when using Angular JS in client side, decided I should not use Spring Form tags that provides REMEMBER ME functionality.
And now I am unable to find example in Internet for this. So Please can any one help in creating an sample application.
It would be great if any one could help me with a sample application with good coding standard or some URL of sample codes
This could serve many people who are searching for a good Sample code to do this and enhance upon it.
Requesting help. I am stuck and have very less time to research things.
This is exactly what we did on this project:
https://github.com/RedFroggy/angular-spring-hmac
The stack is: AngularJS, Spring MVC, Spring Security, Spring Boot and a jwt authentication.
I came across with this AngularJs thing, and I thing it is awesome, really solves many problems I confronted while working on my last WebApp with just a few lines of code.
Now, what I didn't find or was looking in bad places is the protection of AngularJs app with SSO (simpleSAMLphp Identity provider). How to deal with this?
What I am going to build will use Pyramid framework as a backend REST API, and AngularJs (I wish) for the frontend. But how to protect the app from unauthorized access, skipping the sso login. Any implementation example or lessons working on similar case would help (may be with php, ruby backends and SSO etc)
I doesn't seem like pyramid has any direct support for SAML authetication. I suggest using a third party application for SAML. For example Shibboleth. The SAML communication is done on the server side so Angular wont need any integration.
Google like 'Authentication in angular JS application' you can get lot to protect your angular app. To protect your REST API use Oauth whether its a php or ruby application.