I'm implementing a hybrid iOS web and native app. I'm using iOS native FB login capabilities, and sending the access_token from the native app to the web, which uses Satellizer.
The question is: can I avoid the FB permissions dialog and directly use the access_token to sign up the user and recover the JWT from the server, using the normal Satellizer flow?
Permission dialog is a must for every third party social login.
The user need to approve and to know what application he is going to use with that social network and what permissions he will give to that specific application.
I solved it doing Satellizer job of sending the access_token and storing it manually:
$http.post('/auth/facebook', {
token: receivediOSToken
}).then(function (response) {
$auth.setToken(response.data.token);
loginSuccess();
}, function () {
loginError();
});
Related
I would like to use GmailService (Google.Apis.Gmail.v1) in my Blazor-Wasm app.
I have already implemented the OIDC-Authentication with
builder.Services.AddOidcAuthentication(options =>
{
builder.Configuration.Bind("Google", options.ProviderOptions);
});
and CascadingAuthenticationState and AuthorizeRouteView.
The authentication is successful, I will be requested to allow permissions to my gmail account.
now I want to create and use a GmailService insance in my razor page, but I cannot find an example, how do it.
can you please help me?
I am trying to add Google login in an Ionic app.
Sadly, Google remove the inappbrowser login flow, so I added the GooglePlus plugin which is working fine and I am able to get an id_token.
The issue is that I cannot use auth
.getProfile(idToken, funct...)
This will return an 401 error saying that this token is not authorized; in the Auth doc is implies that the method can only be used with id_tokens acquired from Auth login.
My question is:
Is there a method to login to Auth using id_tokens, something like Firebase's "loginWithCredentials()"
I am fairly new to Django and Token authentication as well as AngularJS. So far I have made Django backend and AngularJS frontend. I installed the Django Rest Framework and got the standard token authentication working as far as doing:
$scope.login = function () {
$http.post('link to my api', {
'username': $scope.data.username,
'password': $scope.data.password,
}).success(function () {
$state.go('tab');
})
.error(function () {
});
};
So far I succeed by getting a token with the right username and password. I see so much options about authentication that I don't know what fits for me anymore and where to start as I don't get a lot of information on the standard Token authentication. I have an Ionic app with a login screen, the Django backend has the users stored. I want to be able to login with a user account that resides within the Django database. Whenever that is done the user got permission to use the app. Later on it should be possible for example to get the credentials like personal details of the logged in user. Let's say I use the TokenAuthentication like above, I get the token. But how can I get the user credentials or whatever else from Django later on by that token? I am totally lost. If someone could please bring me into the right approach and material.
I found out that when you implement the following DRF permissions:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
)
}
and you make viewsets like on http://www.django-rest-framework.org/#example that it automatically requires a token to view those viewsets. So then you could work with that token to send requests to the api to get specific data.
I'm interested in creating an application using loopback and passport (and AngularJS).
I see this example app which I have up and running and I'm able to log in via google. What I don't quite get is how this should work with an AngularJS app. Using the example app, everything is done on the server (auth). Once I'm logged in, how does this relate to the Access Token needed between the client (AngularJS) and the loopback server? I can see the user created with the access token from google and other identity information but how does that "connect" with the access token required by the client (AngularJS)?
I'm mostly beginning with it as well but here is what I grasped so far:
3rd party provider <--- OAuth token ---> Loopback app <--- LB Token ---> Client
The OAuth token, used to interact with third party providers is abstracted by passport and so far I never needed to interact with it.
Basically, once you are logged in using OAuth, a LB token must be generated and provided to the user so that the user can be further identified.
To do that, I implemented some custom code inside serializeUser. My custom user model is called Client
app.serializeUser = function(userDataToSerialize, done) {
app.models.Client.create({
email: userDataToSerialize.email,
password: userDataToSerialize.password
},
function(err, user) {
if (err) return done(err);
app.models.Client.generateVerificationToken(user, function(err, token) {
if(err) return done(err);
done(null, {
userId: user.id,
accessToken: token
});
});
};
I create a new client, then generate a token for that user. Calling done(null,..) with both the token and user id will let passport put this data into the session, and thus should be accessible client-side.
This way, the Angular app should be able to get the user id and access token, be properly identified by Loopback, then the Loopback app can make requests to third-party providers on behalf of identified user.
Hope this helps
I have an api on a subdomain : api.exemple.com written with symfony2 and my main application on exemple.com (SPA - AngularJs).
I would like to allow user to link their facebook account with their local account. I don't know how to proceed in order to authenticate through my app and use third party oauth provider.
Do you have any clue ?
Thank you
On the angular side, start by opening a new window and send your oauth handler a get request:
self.oauthConnect = function(provider)
{
var url = apiPrefix + '/oauth/tokens/'. provider;
oauthWindow = $window.open(url,'_blank', 'height=600, width=600, top=100, left=300, modal=yes');
oauthWindow.focus();
};
Your PHP api site then redirects to the oauth provider site (i.e. facebook). We use a new client window so our SPA keeps running in spite of the redirect. The provider then presents their login screen and redirects with the oauth token information.
Your PHP api site does what it needs to and generates the actual authorization token (hint: use a json web token). The site then returns an html page back to your angular app.
<body>
<script>
window.opener.oauthCallback('<?php echo $oauthToken; ?>');
</script>
</body>
Your angular controller (that opened the window) will then be called with the oauth token.
$window.oauthCallback = function(oauthToken)
{
oauthWindow.close();
oauthWindow = null;
authManager.oauthToken = oauthToken;
self.oauthSubmit();
};
Easy right? Well not really but it works. In my case I turn right around and:
POST /auth/tokens/oauthToken
to get the real application token. That way my oauth service can be used for multiple applications.