The AWS Mobile React Starter Kit is great, but it doesn't let users see anything without logging in first. I'd like to build a web app where unauthenticated users can query parts of the database, but can't make any edits. I've tried poking around in the AWS configuration, but so far I've only broken the app, not gotten it to do what I want.
Can anyone advise with the general steps to follow?
What I've tried:
Commenting out the first PublicRoute element in /src/index.js, then modifying the last one to redirect to /main/home instead of /login
Changing MobileHub configuration of the API from Private to Protected
Created a duplicate role (that I planned to remove write permissions from, once it worked) and selected it for unauthenticated connections in Cognito
Looked around for clues in the \awsmobilejs directory of the project folder, without luck
Related
I've been trying to find the appropriate resources for the last 2 days but all resources I find are for embedded apps and I hope someone can point me in the right direction at least.
I have an external CRA custom app that I don't want embedded in the shopify admin. It is a custom dashboard pulling information from Sanity IO not for customers. Some of the same information is also being pulled into Shopify and displayed on the storefront.
Question is how do I authenticate the app from the CRA front? I can get to the redirect address with the hmac and shop url params.. but what then?
Greatly appreciate any help!
To connect your App to Shopify you still can do the oAuth dance. Has nothing to do with whether your App is embedded in the Shop or not. You would do oAuth with the Shop, get a token to do your API work, and save that token. Now the App is used OUTSIDE Shopify all you want, as you wish, but internally you can make all the API calls you want that you asked for scopes on.
Basically, just outfit your App with oAuth flow as per any other type of App that uses oAuth, and you're good to go.
I am currently implementing Okta authentication/authorization in a create-react-app. I followed instructions on 1 and had been able to login and verify that that okta-token-storage contained information on the user group. While working today, something broke. When I log in I see this in the developer tools in chrome a picture showing that okta-token-storage was completely empty, while okta-cache-storage contains information.
I have reinstalled #okta/okta-signin-widget, #okta/okta-react and react-router-dom but to no avail. I also have tried creating a new application in the Okta developer dashboard and used that ClientID and that does not work. I also created a new react app and followed the aforementioned blog 1 and was successfully able to sign in the simple example and view the protected page.
I am hoping to find a fix without having to rebuild the app from scratch. Has anyone at Okta seen this happen before? I am new to working in React...
Thanks!
I created a very simple FireBase + Angular app with AngularFire, or rather, I copied the code from the examples. All it does, for now, is allow logging in and out via Google. The code is so simple I don't think there's even a need to post it here.
I tried it on different static files hosting solutions, and got somewhat weird results.
On Google Drive, Dropbox, and Github. Though the pages were served on all of them, no 404 error and no JS errors in the console, the login itself didn't work. What would happen is that the program would launch the login screen and log in the user, but then the angular "auth.user" object stayed null.
The same code exactly, when run on Visual Studio (just by "view file in browser") and also hosted on FireBase's own hosting solution, ran as expected, no problems. Logging in and logging out both worked.
I wondered how that could be, since this is a "no backend" app, or, more precisely, it has the same back-end, i.e. FireBase services.
What is happening here?
explanation on hosting on Google Drive
explanation on hosting on Dropbox and Github
(comments on how to improve this question will be appriciated)
You have to liste the domains that will host your app in the settings of FireBase.
It is in the login and auth tab, the "Authorized Domains for OAuth Redirects" field.
You should put there the domains you want to use, like dropbox.com, etc...
Details here : https://www.firebase.com/docs/web/guide/user-auth.html#section-configuring
Your code works on your local Visual Studio because localhost and 127.0.0.1 are enabled by default.
I believe there is an undocumented Google API available to create and manage Google Cloud Console (and App Engine) projects on behalf of third party users.
Does anyone know how to use it?
I think older versions of the Google Eclipse Plugin obtained an OAuth2 token in the (undocumented) scope https://www.googleapis.com/auth/appengine.admin, and this allowed it to generate a Cloud Console project on your behalf. The latest version doesn't seem to do this. App Engine's own appcfg.py also uses this scope, but doesn't seem to do much more than deploy the code - I'm looking to change core settings for the project, such as Name, Redirect URLs, and Web Origins.
Any information would be appreciated.
I maintain a WordPress plugin providing secure Google Apps Login for end users, and currently have to give detailed instructions to admins for creating a new Cloud Console project manually, and entering settings such as Redirect URL. Ideally, I would create a simple on-line service to do all of this for them.
Thank you!
It is possible to programmatically create a new Developer Console project on behalf of a Google Account (yes, you read that right). You do so in a very roundabout way:
Request the https://www.googleapis.com/auth/drive.scripts scope from the user (standard OAuth 2.0 flow).
Use the Drive API's drive.insert method to create a new file with a mimetype of application/vnd.google-apps.script.
Somehow try to get the project ID, maybe by uploading some Apps Script code? This is the part that I was never able to figure out.
A little known fact is that every Google Apps Script project has a hidden Developer Console project associated with it. This project is not shown in the list of projects, but it does exist. It is created automatically when the user starts a new Apps Script project, and the drive.insert method is enough to cause this to happen.
How do you get to the hidden project? Well, the only way I know of is to open the Apps Script project from the Drive website, open the "Resources > Advanced Google Services" dialog, and click the link to the Developer Console. You'll find the project ID in the URL.
Aside from not being shown in your list of projects and not being able to use App Engine, this is a normal Developer Console project. You can add additional OAuth client credentials, service accounts, Compute Engine instances, etc. And of course once you have a project ID, all of the various management APIs will work: creating new virtual machines, making use of a service account's impersonation ability, etc.
I am having a weird issue. I created an application on Google App Engine and have a Login with Facebook button on it, for which I am doing server side authentication.
I give the redirect_url, and facebook was calling the URL correctly with no issues. The session parameters that I set were being retrieved on the redirect call and everything was working fine.
Yesterday, I got a domain on godaddy and mapped it to my appspot account using google apps. Now when I click on Facebook login, I am getting two calls on the redirect uri, the first one carries the session varaibles and the session one doesn't. I am not very familiar with domain mapping and followed the steps on Google Apps.
Can anyone help me in the right direction on this.
it's a little out of date, but i documented some GAE to Facebook gotchas here:
http://javagwt.blogspot.com/2010/08/facebook-apps-on-app-engine-without-any.html
It may also help to read about naked domain mapping with godaddy, to make sure you're not getting bounced around. Even though you are mapped to your domain through google apps, you can try to put the redirect URL for facebook as yourappid.appspot.com - the redirect URL you provide, and the one in your facebook app settings must match.
My app, nimbits.com writes to facebook from GAE all of the time - the code is on github under server/facebook
https://github.com/bsautner/com.nimbits/tree/master/nimbits-tds/src/com/nimbits/server
Thanks for the answers bsautner and Michele. I finally figured out the issue. I have google ads on my website. The google ads was trying to parse the URL content and creating a second request for every request that I create. After removing the google ads, I get a single callback with session values retained. It all works now. The final output is this website - www.imagecrashers.com. I will be glad for any suggestions from the gurus here, regarding layout or api calls simplification. Thanks again to all.