React JS Twitter Authentication Firebase - reactjs

I have created a Twitter authentication using Firebase in React JS. It works correctly. And I want to get user timelines, post a tweet once logged in. I am not sure how to retrieve the user timelines after the login? Any idea to get through this?

You will need to communicate with the Twitter API using the Twitter OAuth Token that firebase authentication provided after your user signs in.
Firebase Documentation for retrieving the OAuth token: https://firebase.google.com/docs/auth/web/twitter-login
Twitter API Documentation for making requests with their OAuth token: https://developer.twitter.com/en/docs/basics/authentication/guides/authorizing-a-request
However the firebase implementation of twitter auth only has OAuth 1.0. It is not recommended to use this method to authenticate requests from the browser.
https://twittercommunity.com/t/how-to-make-oauth-1-0a-calls-from-javascript/428

Related

How do i use JWT in my react js app, if my backend is firebase firestore

can i use JWT in firebase firestore for my react app. If possible how do i use that. I know firebase have firebase auth. But just wanted to use JWT.
Please detail.
React or Angular is totally independent of what authentication you use. Even if you have no authentication they don't care.
To use FireBase JWT auth, you need to,
have a front end login page to collect credentials from user
Firebase will give you Javascript necessary to call firebase from your React application, embed that code. When ever anybody visits your site, make the user put in login credentials
Through those credentials using the javascript library to firebase APIs so you get can get the token if credentials are okay
deny login to enduser if the credentails are not accepted which you can know based on the result of API (invoked using that javascript provided)
if valid token is returned, store it in session storage and use it throughout the application (token itself contains the signature) to verify if the login is legit or not.
Hope this helps

Django Rest Framework Authentication - Session auth or Token auth

I have a project where I am creating a React frontend for users to sign SSL certificates. That frontend is used with a Django DRF backend to handle request. Currently, I have authentication specified in each of my views for token and session auth. I can authenticate a user through postman and through a python client using request. But I want to turn this around and be able to login from the front end using react and a login form and keep is secure and safe from XSRF. Ive also been reading about how token auth is insecure because of how tokens get stores in browser local storage.
So my questions are as follows;
Should I use token auth or session auth, and how do I decide which is best?
How to implement that authentication with a React login form?
And how I could protect this from XSRF?
Thanks in advance Stackoverflow Gods

Oauth for authorization JWT for authentication for an app using DRF and cloud functions

I'm building a web app with Wagtail as back-end, running on app engine, cloud functions doing micro-services and triggered via http.
I want to let my users register and authorize using social apps and classic login-password and get a JWT token from Wagtail App. Then, the token will be used to authenticate users both on cloud functions and Wagtail back-end.
How do I provide the user with JWT tokens if he/she authorizes with OAuth?
Is my approach correct? Any suggestions on how this should be done in the proper way?
The best solution I found so far is to use firebase auth. In python I verify token like that:
from firebase_admin import auth
decoded_token = auth.verify_id_token(id_token)
uid = decoded_token['uid']

Silhouette - react + scala + play app authentication flow

I need to create basic app with a silhouette. What I need to do is:
login with Google
Generate JWT
Use JWT to communicate with backend
I don't really know how this flow should look like. My idea is:
use login with Google in react app
generate Google token
use this token to generate JWT in the backend (using silhouette)
retrieve JWT in frontend
Will that flow work? Is there any simpler/better way to do that?
I had similar problem, so that's my proposal:
Create a controller for social authentication on backend side.
In react app add button for authentication and simply redirect to the
backend endpoint.
Authenticate user on backend, use Silhouette JWTAuthenticator to create a JWT token
Redirect to the react app with JWT token in query params.
Save token and use it in consequtive requests

Firebase authentication with Strava provider

I would like people to sign in with there Strava account (strava is a cycling/running platform)
Firebase has some default authentication Sign-in providers like Google, twitter etc. but no Strava. Is there any other way I can authenticate users via there Strava account in Firebase?
My project is in AngularJS
Strava authentication API documents
Currently there is a limited list of OAuth providers supported by Firebase Authentication.
If you just want people to be Authenticated against your application I would suggest to implement the OAuth flow by yourself in your client application.
If you also want to store some user state and therefore want to use Firebase you could create a Firebase User Account for every ID Token you receive from your Oauth-Client. People can sign up /sign in to your Firebase backend by providing their ID Token and exchanging it against a Firebase Access token.
Important: Make sure to verify the Strava Id/Access token in some way. Simplest way would be to call the Strava API and see if the token gets accepted.

Resources