I need to create basic app with a silhouette. What I need to do is:
login with Google
Generate JWT
Use JWT to communicate with backend
I don't really know how this flow should look like. My idea is:
use login with Google in react app
generate Google token
use this token to generate JWT in the backend (using silhouette)
retrieve JWT in frontend
Will that flow work? Is there any simpler/better way to do that?
I had similar problem, so that's my proposal:
Create a controller for social authentication on backend side.
In react app add button for authentication and simply redirect to the
backend endpoint.
Authenticate user on backend, use Silhouette JWTAuthenticator to create a JWT token
Redirect to the react app with JWT token in query params.
Save token and use it in consequtive requests
Related
I built an app (Django backend, React frontend) that whenever a client login it will generate JWT authentication. React will store the access token and client can use it to access Django backend database.
Then I want to add in social login feature (Google) so I will get back access token from that as well. However, this access token is different from the JWT access token generated before, so I wonder how can I integrate both ways of logging in a user smoothly on both Django and React?
For JWT I use djangorestframework-simplejwt
For social login I use django-allauth
I can run each individual way perfectly on React, but I don't know how to keep both the installations of JWT and allauth in Django settings.
I have a project where I am creating a React frontend for users to sign SSL certificates. That frontend is used with a Django DRF backend to handle request. Currently, I have authentication specified in each of my views for token and session auth. I can authenticate a user through postman and through a python client using request. But I want to turn this around and be able to login from the front end using react and a login form and keep is secure and safe from XSRF. Ive also been reading about how token auth is insecure because of how tokens get stores in browser local storage.
So my questions are as follows;
Should I use token auth or session auth, and how do I decide which is best?
How to implement that authentication with a React login form?
And how I could protect this from XSRF?
Thanks in advance Stackoverflow Gods
I'm building a web app with Wagtail as back-end, running on app engine, cloud functions doing micro-services and triggered via http.
I want to let my users register and authorize using social apps and classic login-password and get a JWT token from Wagtail App. Then, the token will be used to authenticate users both on cloud functions and Wagtail back-end.
How do I provide the user with JWT tokens if he/she authorizes with OAuth?
Is my approach correct? Any suggestions on how this should be done in the proper way?
The best solution I found so far is to use firebase auth. In python I verify token like that:
from firebase_admin import auth
decoded_token = auth.verify_id_token(id_token)
uid = decoded_token['uid']
I have created a Twitter authentication using Firebase in React JS. It works correctly. And I want to get user timelines, post a tweet once logged in. I am not sure how to retrieve the user timelines after the login? Any idea to get through this?
You will need to communicate with the Twitter API using the Twitter OAuth Token that firebase authentication provided after your user signs in.
Firebase Documentation for retrieving the OAuth token: https://firebase.google.com/docs/auth/web/twitter-login
Twitter API Documentation for making requests with their OAuth token: https://developer.twitter.com/en/docs/basics/authentication/guides/authorizing-a-request
However the firebase implementation of twitter auth only has OAuth 1.0. It is not recommended to use this method to authenticate requests from the browser.
https://twittercommunity.com/t/how-to-make-oauth-1-0a-calls-from-javascript/428
I'm trying to find the best way to integrate Auth0 login into a React Native application. The login widget for React Native works perfectly fine, but I'm kind of confused as to how we get the users also logged in on the backend so they can make requests to modify data. The backend is running on Node (Meteor). Do I have to send the id_token to the backend, and login with auth0 there? I'm kind of confused on how to integrate this for both the app and the backend, so that when the user logs into the mobile application, the backend also knows they're logged in.
Whenever the client communicates with the backend, it should send the id_token with the request. On each request, the backend should validate the token (using a jwt library) to verify that the token has a valid signature and has not expired. Once validated, the backend will be able to use the user id embedded within the token to perform any authorization rules or business logic it wishes.
Check out this github project for an example Meteor auth0 backend.