I want to integrate third party authentication with AWS Cognito in my webapp.
I have a React JS app with a django backend.
I found this tutorial but I dont really get how this will work with an existing frontend application rather than how to implement it.
if a user logs into the frontend and is authenticated via cognito (other question: is a backend in Amplify necessary?), can the token be passed to the django API - does cognito then need to be called again in django? this step is not yet completely clear to me.
Any help is appreciated. Are there no examples for react + DRF?
The tutorial that you read shows the correct way to implement it on the backend. In your react frontend, you will use Amplify to get the token. When you are making an API call from your React API, pass the token to your API via the HTTP header Authorization with the value Bearer <access_token>.
Related
We are in the process of setting up a project that requires mobile and web app authentication and were wondering if there are any best practices for implementation.
For the backend we are currently using django rest framework with a knox token authentication and for the web frontend react.js. For the future, there will be a mobile app in react native.
We want to set up the authentication now so that it supports the react native mobile app in the future. However, I have seen that Knox authentication does not work for mobile apps straight forward as it uses csrf token.
So I'm wondering if there are any best-practices for mobile app and web authentication that specifically feature good documentation, multi-device login and smooth extensibility of login options (fb, google etc) for the current setup drf and react.js/react native.
I'm grateful for any guiding hints.
AWS Cognito seems to be a solution to your problem:
Typically, your users get tokens via an external UI provided by amazon (not really customizable) or by calling the Auth API within your React UI.
Cognito sends access_token, id_token and refresh_token to your react app. You need to pass the access_token to your drf backend (similar to knox token authentication) and validate it again via amazon.
Check out the official docs for React, check out this tutorial for django (it helped me a lot!).
I am thinking of using a JWT to secure my .net Core WebAPI endpoints for a public API. This API will only be consumed by a React front end that does not require a user to authenticate. I am trying to ensure that only my React app can call my WebAPI endpoints.
My thought is to include the JWT when the React app is downloaded/initialized and use it when calling the API.
Thoughts on this? Are there other more efficient ways to do this?
My thought is to include the JWT when the React app is downloaded/initialized and use it when calling the API.
I guess that way wouldn't work because I can copy the JWT token/API-Key or whatelse from network easily and use it for sending own requests. If your API is setup well (validation etc.), sending requests "manually" shouldn't be a problem. So why you only want your react app to request your app?
The only way (I guess) to give only your react app access to the API is to configure your API-server/proxy to accept only requests from the same domain.
I need to create basic app with a silhouette. What I need to do is:
login with Google
Generate JWT
Use JWT to communicate with backend
I don't really know how this flow should look like. My idea is:
use login with Google in react app
generate Google token
use this token to generate JWT in the backend (using silhouette)
retrieve JWT in frontend
Will that flow work? Is there any simpler/better way to do that?
I had similar problem, so that's my proposal:
Create a controller for social authentication on backend side.
In react app add button for authentication and simply redirect to the
backend endpoint.
Authenticate user on backend, use Silhouette JWTAuthenticator to create a JWT token
Redirect to the react app with JWT token in query params.
Save token and use it in consequtive requests
This is made me new about how it works the authentication of laravel in the ReactJS
Hi I'm new in ReactJS, is their sample, or tutorial how to use the authentication login of laravel in the ReactJS.
I read in github other say use JSON web tokens (JWT)
Thanks.
Building an authentication flow with Laravel and React is similar to using any other framework like Nodejs. You just build the auth endpoints in Laravel and make REST calls to your endpoint from ReactJS.
But a quick google search will reveal multiple solutions to your problem. But the one that I think would be of most help: React-Laravel JWT Authentication Tutorial
I'm trying to find the best way to integrate Auth0 login into a React Native application. The login widget for React Native works perfectly fine, but I'm kind of confused as to how we get the users also logged in on the backend so they can make requests to modify data. The backend is running on Node (Meteor). Do I have to send the id_token to the backend, and login with auth0 there? I'm kind of confused on how to integrate this for both the app and the backend, so that when the user logs into the mobile application, the backend also knows they're logged in.
Whenever the client communicates with the backend, it should send the id_token with the request. On each request, the backend should validate the token (using a jwt library) to verify that the token has a valid signature and has not expired. Once validated, the backend will be able to use the user id embedded within the token to perform any authorization rules or business logic it wishes.
Check out this github project for an example Meteor auth0 backend.