Does IdentityServer4 offer Identity Brokering? - identityserver4

I am currently working on a project where we need to integrate with another companies Identity Provider. I noticed that the product the other company is using KeyCloak (https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/identity-broker.html) provides a feature known as Identity Brokering. Does IdentityServer4 have anything like this? One feature of IdentityServer4 that seemed like it may be of some use is the External Identity Providers integration (http://docs.identityserver.io/en/release/topics/signin_external_providers.html) but there is no documentation available or so it seems. Any help would be appreciated as we are now at the crossroads and need to decide if IdentityServer4 is going to fulfill all of our use cases.

There is no documentation but there is working sample code in the quickstart UI sample.

Related

How to implement Authorization for Admin Application in react

I know normally I have to ask questions about specific code problems. But I need advice to get started at all. I was thinking about making a webapplication with react the application is a admin controll pannel things like, employee costs, orders and so on for a family business. For the authentication part I wanted to keep it simple and do it with google but before doing that, I wanted to ask the experienced developers here if that makes any sense or if I should use Jhipster/Keycloak.
Benefits of google would be I think it is easier to implement and the security part would be handled by google but what could be possible problems? I hope someone could give me a good advice.
with regards
Using Keycloak/JHipster would probably be overkill for a simple family business application.
I would rather use simpler authentication types offered by JHipster that do not require external applications like session. An alternative would be to use provided Okta integration, this way you get a ready-to-go solution.
If you want to use Google, then you'll have to use spring-security-oauth2-client and build your own solution on top of Spring Boot or adapt JHipster generated app if you still want to use JHipster.
Also, do you have decided of where you want to deploy your app? Your cloud provider could offer a good integrated solution for authentication.

Is 3rd party Oauth2 Provider in Google DataStudio with custom connectors supported?

I have an API that a user can query for data after that user authenticates against an OAuth2 provider that I maintain (i.e. not Google). Is it possible to expose data through this API to Google's Data Studio using a Community Connector? If yes, is it possible to use the setup outlined here https://github.com/gsuitedevs/apps-script-oauth2#setup against a non-Google OAuth2 provider? Thank you for your help!
I have not found any requisite to expose data through an API. So I expect that it is possible, but take into account the specific configuration requested when implementing it.
The setup outlined there is not official so you will need to test it unless someone has done it already or has enough time for it. The post is really detailed and has work behind, so I would give it a chance!

For ADAL.js (or MSAL) with ReactJS/AngularJS, what's best way to handle versioning the framework

I’m working with a large company with multiple dispersed teams developing applications using the ADAL client libraries and either the React and/or Angular frameworks. Over time, the various organizations within the company have each modified/extended ADAL.js to create their own adaptations for handling different needs (for example, implementations differences for React vs Angular …or handling different versions of a framework, like Angular 2 vs Angular 5).
With this context in mind, I was asked the specific question:
"Just wanted to know if Microsoft has any plans to enhance and support
ADAL.js for newer frameworks as most UI use cases for Azure AD would be on Angular and React and these ‘solutions’ are frequently updated"
In other words, do we have guidance (and/or a roadmap) for a more abstracted way of handling the implementation with various frameworks …or across different versions of a particular framework?
Or should each org continue to create their own adaptations?
So far there appears to be updates to existing ADAL libraries but no plans to support additional web frameworks. I.e "to bad so sad" for those of us using Angular 2/4/5/6
See the following issues in the ADAL.js github repo
azure-activedirectory-library-for-js/issues/510
azure-activedirectory-library-for-js/issues/379
Also keep an eye here: Vittorio Bertocci's Blog
There are a bunch of 3rd party efforts to create wrappers for later versions of angular, but they all need to be vetted before use (that is certainly what I am doing).
We do have plans for building wrapper libraries for Angular in the Azure AD SDK roadmap. However, we are focusing the efforts on the newer MSAL.js library which integrates with the Azure AD v2 endpoint and brings additional capabilities such as support for Azure AD B2C and signing in MSA accounts. You can track this issue on the MSAL.js repo.

Web API OAuth external login without using any Asp.Net Identity tables?

I am developing an AngularJS application with some Asp.Net Core Web API support. This application is not using any database in backend. Now I want to implement a social login option for some privileged access. What is the best authentication mechanism without using any Asp.Net Identity tables?
As far I know OpenIddict is coupled with Asp.Net Identity So that I must implement a storage mechanism for that. Please correct me if I am wrong. I am also looking for other options like ASOS but it is too complicated compared to OpenIddict so I couldn't find a good solution with that.
Kevin Chalet published an excellent article but still I am struggling because of my poor technical knowledge on this subject.
http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/
Can you please guid me?

what is the best project to introduce among 'Google oauth2.0 java client' and 'java-scribe' to provide user logins for facebook/twitter?

I am trying to provide additional login mechanisms for our web applications. Currently, it is using the Google accounts login. I want users to login using facebook/twitter etc.
After searching the group and on the stack overflow, I am thinking, that you can do in the following ways
- Google oauth2.0 java client (https://code.google.com/p/google-oauth-java-client/wiki/OAuth2). An example of using the DailyMotion oauth2.0 using this jars is found here.
- Use java-scribe. An example is found here https://code.google.com/p/gwtoauthlogindemo/ and here
Any suggestions, what should I choose going forward?
I would suggest taking a look at Google Identity Toolkit - this offers more than just Google Accounts:
https://developers.google.com/identity-toolkit/

Resources