I assume I can build an additional API that registers users/apps/containers.
But is there a simpler way to accept multiple clients dynamically ?
That is for example, if my IDP is in the UK, and i would like to allow a predefined containers to "add themselves" to the client list of my IDP.
I achieved a simple "User -> Client -> IDP" authentication but would like to automate the process.
Thank you fellow coders.
In short, yes - but you'd have to create the mechanism to do so yourself.
If using a database to back your client storage (rather than using the default static/config file based in-memory store) then you're free to implement that any way you like.
In our solution we have an API that allows for this as well as a more limited self-serve UI capability.
There is an OpenID Connect spec for this that may provide some inspiration: https://openid.net/specs/openid-connect-registration-1_0.html
You can implement you own client store using IClientStore interface.
Something like
internal class MyCustomClientStore : IClientStore
{
public Task<Client> FindClientByIdAsync(string clientId)
{
throw new System.NotImplementedException();
}
}
You can store client data anywhere you want, interface is pretty simple.
This implementation can be registered using DI with
services
.AddIdentityServer()...
.AddClientStore<MyCustomClientStore>()
Related
I'm trying to write a custom connector Swagger file for Logic Apps and am having problems. The API I want to connect to only accepts OData queries so all my parameters are asking for $filter and the user has to type in Name eq 'Name' and Id eq 1. Is there a way to make this prettier and just ask them for the parameters directly?
I tried just adding them in (Name, Id, Active) but it puts them in the url like ?Name=. Not in the OData syntax. Is there any way to do what I want to do?
The custom connectors are designed to work as interfaces to existing REST APIs and the UI is more of a 1-1 mapping of their specification.
AFAIK, there is no way to direct customize how the connectors work but you could achieve it by proxy request through your own service.
You simply need a service which accepts requests the way you want and translate them accordingly for the actual service.
Azure API Management is probably the best candidate for this. As a bonus, once you have the APIs you need designed, you get an OpenAPI spec that you could use for the custom connector.
Depending on your expected load, you might have to use its Consumption Tier but do note that its currently in preview.
The alternatives could be having your own API hosted on Azure App Service or Azure Functions instead (or even Functions Proxies), again depending on your expected load.
PS: The downside of doing this is the obvious maintenance that you would have to uptake in case your requirements change and/or the backend API changes.
Ok so recently I have been in need of creating a application with WebRTC for video voice etc.
So after looking into some libraries I found SimpleWebRTC to be pretty handly looking:
https://github.com/andyet/SimpleWebRTC
So what I am interested in is how do I implement a STUN/TURN server? (Would be great if someone could explain the differences in plain English!) And also is there a authentication mechanism. At the moment my app contacts my database and logins in user etc, but the stun and turn server would be private and not in any way involved in the authentication procedure.
So basically:
What is the best way to implement STUN/TURN
Is there any authentication mechanism?
Note, this is for a hybrid app so I will be using JavaScript/AngularJS for this. The main reason why I chose SimpleWebRTC.
Thank you!
I suggest you use an existing STUN or TURN server like coturn.
STUN servers are very lightweight and often left without authentication. A STUN server basically tells a client what its IP address appears to be, which is necessary to make peer connections across NAT (network address translation) boundaries.
TURN servers are very resource intensive because they relay media; all of the media for a call can go through the TURN server, so it's important to secure TURN. You use TURN servers in situations where UDP may be blocked, or for particular kinds of NATs that cause problems.
The authentication for coturn's TURN server can take one of two forms:
Simple (username, password) pair
TURN REST API. This uses a secret between the TURN server and another entity. The entity issues tokens with expiration times, and the TURN server verifies the token has not expired and was issued with knowledge of the shared secret. This is passed by the TURN client as a username, password pair in a format described in the documentation.
For my application I need to use an open source calendar server. After some research I selected Bedework Server for my task. Basically what I want is to use this server to handle my application's calendar events. Even though I have setup a local server using quick start package, I kinda still confused on how I can use this. I can create events using it's web UI. But I want to use this as a service from my server (Something like a REST service). I read their documentation but I could not find anything that will help. I am really grateful if you can help me on this. Thanks in advance.
You can access the server using the CalDAV protocol. This is a standard REST protocol which specifies how you create/query/delete events and todos. It is the same protocol the Calendar or Reminders apps on OS X and iOS use to talk to the server.
The CalConnect CalDAV website is a good entry point to learn more about this.
If you are still looking this, you can try using any CalDAV Client Libraries -
CalDAV-libraries
I tried CalDAV4j library. For all basic use cases, it works fine.
There is also a demo github project on this library developed to list down the events in the server -
list-events-caldav4j-example
You can make use of the ListCalendarTest.java in the project and give appropriate endpoints to the Host configuration. For Example (for Bedework) -
HttpClient httpClient = new HttpClient();
// I tried it with zimbra - but I had no luck using google calendar
httpClient.getHostConfiguration().setHost("localhost", 8080, "http");
String username = "vbede";
UsernamePasswordCredentials httpCredentials = new UsernamePasswordCredentials(username, "bedework");
...
...
CalDAVCollection collection = new CalDAVCollection("/ucaldav/user/" + username + "/calendar",
(HostConfiguration) httpClient.getHostConfiguration().clone(), new CalDAV4JMethodFactory(),
CalDAVConstants.PROC_ID_DEFAULT);
...
...
GenerateQuery gq = new GenerateQuery();
// TODO you might want to adjust the date
gq.setFilter("VEVENT [20131001T000000Z;20131010T000000Z] : STATUS!=CANCELLED");
CalendarQuery calendarQuery = gq.generate();
I am coding a MVC 5 internet application, and am wishing to use Hangfire for recurring tasks.
How can I setup Hangfire to use SQL Server storage without specifying this in the Startup.Auth ConfigureAuth(IAppBuilder app) function.
Here is a resource link for SQL Server configuration: http://docs.hangfire.io/en/latest/configuration/using-sql-server.html
This resource states that:
If you want to use Hangfire outside of web application, where OWIN
Startup class is not applicable, create an instance of the
SqlServerStorage manually and pass it to the JobStorage.Current static
property. Parameters are the same.
The example code is as follows:
JobStorage.Current = new SqlServerStorage("connection string or its name");
I have tried the following code (with my own connection string), yet the dashboard is not available. I have called the code above from a controller function.
Is there something that I have not done correct? How can I setup Hangfire to use SQL Server storage without using the Startup.Auth class?
Thanks in advance.
I think this is your problem:
I have called the code above from a controller function.
You should be setting this up once on application startup - either in the Configuration method of an OWIN Startup class (followed by an app.UseHangFireServer();), or in the Application_Start method of your Global.asax.cs if you really don't want to use OWIN. Either way, the line you're looking for is right there in the documentation you reference:
Hangfire.GlobalConfiguration.Configuration.UseSqlServerStorage(#"connection string or connection string name");
HOWEVER, as far as I know, if you want to use the dashboard you must configure that part via OWIN along with an authorization filter. See http://docs.hangfire.io/en/latest/configuration/using-dashboard.html
So really, I don't know if any downside of using the OWIN configuration for all of this. It's the more modern platform, and since you mention this is for an MVC5 app it's unlikely that you have legacy concerns.
I am busy writing an mobile application that connects with IBM SmartCloud. Since I want to use OAuth 2.0 I find it difficult to handle the Secret Key and the Client ID.
Since I have to Register the Application within the IBM SmartCloud console, and copy the Client ID and Secret Key to the App I am creating... Well that ain't the biggest problem, but when someone wants to use my app on another environment he doesn't have the same Secret Key and Client Id.
What is the best way to deal with this, because I want to make it usable for others, and not only for my use.
You may want to refer to the ibmsbt.openntf.org - the sources include directory includes a project for iOS. It's tested with IBM Connections On Premises
http://www.openntf.org/main.nsf/project.xsp?r=project/Social%20Business%20Toolkit%20SDK/releases/F07E34DFDDA6C06686257C6B006C6393
The project uses a callback to a custom PROTOCOL/URL : ibmsbt://myapp?code=
For IBM Connections/SmartCloud, you'll want to register an OAuth2 Key.
When you register you'll want to register your application, ibmsbt://myapp/
Then You can use these endpoints and parameters:
https://apps.na.collabserv.com/manage/oauth2/token/manage/oauth2/authorize?response_type=code&client_id=app_20085940_1384885218905&callback_uri=ibmsbt%3A%2F%2Fmyapp%2Fcallback
https://apps.na.collabserv.com/manage/oauth/authorizeToken?oauth_token=OAUTH_TOKEN