What is the best way/approach to manage the session for a reactjs application.
I have been through multiple links but haven't figured out a way to manage the session.
Thanks in advance for the suggestions.
Related
I want to create an app with Flutter and also a web site with WordPress. However, I don't know if it is possible to connect both oh my site and app to a unique database and I don't find any document on it. Indeed, I want my customers to be able to log in them on both. Do you know if it is possible or not and have you any document that could help me ?
Thank you for your help
there is actually a very good article on how to proceed to make a Wordpress connection throught your app made with Flutter:
https://wordpress.org/support/topic/flutter-app-connection/
Also, don't forgot, that every wordpress have a public API (by accessing {wordpressWebsiteUrl}/wp-json) where you can get your post etc...
I'm setting a rest API to handle the authentication and the data for a react app, which will be a single page app with the ability to login using a google account. My question is if it possible to make the verifying process (using OAuth 2.0 in the backend) without leaving the react app, I saw that TikTok is simply opening a new window to choose a Google account. Is there a better solution? Is there something similar to the way we use Google maps API inside the web apps?
The window.open is the best bet. In many cases if you are working with identity providers window.open does not work, there you need a redirect to their website and back. Attempting anything else like an IFRAME equivalent is wasted effort :). Can you explain your use case further. Is yours a web app or device native app?
We are thinking of creating a site in Angular that would get the information from SharePoint Online site using a Web API. The site and the Web API will be on Azure. The problem that I have is weather or not it is feaseable to query SharePoint Online using on single generic user that would authenticate for each request, or maybe using some sort of additional unique identifier for identifiyng each request, but same user overall. Do you believe it is possible? I have little experience on Azure and SharePoint Online, so any suggestion is welcomed. Thank you in advance.
BR,
Anisia
Yes, it is possible. At Web API level you can call sharepoint (use client-side object model (CSOM) for this) using single user for authentication.
I have a stateless header based authentication API endpoint. I would like to build my website that will be requesting data from it. Being a stateless authentication and given the fact that the server does not maintain any sessions, How would I go about implementing a Login Flow for the same. I am building an AngularJS SPA and would be using multiple routes in my application. What would be the best way to approach the authentication for a production level service. I came across AngularJS cookies, but it is not really that secure(I am concerned about a possible Cookie Hijack). What are my options here? Any help will be really appreciated as I am completely new to login flow.
I will be sending the headers over SSL for obvious reasons. But how prone am I to an attack by doing this? https://security.stackexchange.com/questions/988/is-basic-auth-secure-if-done-over-https There are weaknesses pointed out here, but how do I overcome these? Any help will be really appreciated.
PS: I understand that there are better ways to implement it currently by making modifications on the server side, but if I were considering this current scenario of how everything works(explained above) how would I go about with it?
I would suggest using JSON Web Tokens (https://en.wikipedia.org/wiki/JSON_Web_Token).... check out https://github.com/auth0/angular-jwt for a ready to use solution for Angular. You just need to setup the server side part.
Im using mvc4 web api project. i have included angularjs.
as i have read an articles that session is not supported in we api as it is stateless.
basically we used to do coding with asp. net session. which is now not there. (it is there but i havent implemented yet).
if i dont plan to use session, how should i go ahead? currently i m storing user name in html local storage but it doesnt seem promising as it resides at client side.
how can i show msg of session time out after 10 mins?
should i go with client side js only?
ot there are some ways???
i dont know to handle such situation?
timerjs or something? what should i do?
IMO, storing client session in client side is a bad practice as it can be hack easily which result in a vulnerable website. I recommend to use OAUTH2 if you are developing web api. On the client side, you can use ng-idle to show the users if they are idle for a long time and log them out on timeout.
Hope this help