Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I know what I'm asking is quite vague, but Google has run up dry on this. I'm trying to build an API in Cloud Endpoints that hooks into a React frontend. The application requires authentication and authorization - so naturally I've got a few options:
1) Custom Login
2) Third Party via OAuth2
3) Both (what I would like to do)
My question is, how exactly would I go about implementing a custom authentication system with an Endpoints API? Since it's a RESTful service, I know that it's stateless. How exactly do I store session data? Do I have to send credentials with every API request (that seems tedious)?
Gah, could someone please point me in the right direction here? I'm not the most knowledgable person when it comes to authentication. THANK YOU!
There is a not well known nor documented feature in Google's cloud endpoints that allows you to use custom authenticators on api class level or api method level. This is also described / documented in a stackoverflow question.
There are a couple of questions here on stackoverflow for python like this, which uses cookies as far as i can see. I've not yet seen how to implement a custom authenticator like you can in Java.
As for how to store session data in a stateless service. The answer is simple: You don't. Every call to your api should contain all the information to process the request. So it's up to the client to maintain the session information and provide it when needed for an api call.
If by session data you mean stuff like the usual user data (name, address, etc) those are attached to your user (not the current session) so if you have a working authenticator you can simply request the user information from your database via the authenticated user.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
I'd like to create application with reactjs on frontend, .NET Core web api on backend, some database, and token-based authentication.
I want users to be able to sign-up, sign-in, sign-off, recover password.
I cannot believe I need to build all this from scratch. There should be set of building blocks that I just need to put together. Are there?
I was struggling with this as well. If you're still looking, I have a boilerplate I'm creating to address authentication / authorization with React + .NetCore:
https://github.com/moh704/AuthenticationExample
I have the signin and authorization employed so far as this is the hardest part for me. I'll soon be adding sign up / log out features. I'll also put in sql server database scripts to generate user registration tracking and password storage.
Azure Active Directory B2C seems to be a right answer for security user flows.
react-adal enables AAD B2C with react.js
.NET Auto Generated Controllers enables very thin transparent back-end, allowing to have the entire business logic in react.js.
The only business logic I manually created in .NET is authorization. It verifies that the user is eligible to read/write data he/she is reading/writing.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I need to integrate Zoho CRM to my react project(External application) and am new to react.Any one can give a solution? Is this integrating through back end or front end?
There is only one method which is through API's. Just go through the API docs. Api documentation has all the required information and also the sample json data. If they are not sufficient kindly try using Zoho postman collections.
Documentation: https://www.zoho.com/books/api/v3/
I understand that you wish to integrate React Project (External application) with Zoho CRM. However as now, There is no any method for direct integration of Zoho CRM - React Project. Hence, you can contact the API developer of ZOHO organisation & check the possibilities of completing the integration based on the business requirement using the API methods.
As previously mentioned you need to use the API's, the correct link for the CRM API is:
https://www.zoho.com/crm/catalyst/rest-api.html
A quote from Zoho:
"Zoho CRM offers the perfect collection of REST APIs and client libraries for building exciting new apps, for businesses of all sizes. The APIs are also secured by OAuth2.0 and API key methods to enable you to seamlessly integrate your Zoho CRM account with any third-party application.
Seamlessly push and receive information into your Zoho CRM account, or into any app that your team develops, using Zoho CRM API. Extract CRM data in JSON format, including any errors using simple HTTP methods."
I know this thread is quite old now but I still would like to contribute anyway.
Zoho's API is mostly used for extension apps or integrations; not if you want to add a user when the latter submut a form on your app; and their OAuth protocol is overkill, especially if you just want to add a new contact or whatever.
Plus their documentation is reaaaaaally organized (sarcasm obviously).
The simplest way to integrate any SPA with any Zoho apps is to use Zoho Flow (10$/mo or 25$/mo).
You can seamlessly create your own API using webhooks on it AND create workflow between any Zoho apps (CRM, Campaigns, Bookings and even third party apps.
You might be asking why should you pay an extra just to call their API?
Well it's just less of a nightmare, it's a small price to pay to make everything easy with Zoho
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I'm building a web app using angular 2 + web api. I have created the api using web api template that vs provides. I manage to create the log in of my app, what I did was pass the user name and password using basic authentication over https and api responds with a token + some details such as token exp, username etc., I then store these details in a local storage and use it to validate if the user is authenticated. Is the security around what I did enough?
Foremost, the kind of security that your application needs depends on what kind of data you are dealing with.
FYI, basic authentication is a really old technique which was drafted in 1999.
If you have security as a necessity for your application, you could go with OAuth 2.0 or JWT/Bearer tokens or you could even use basic authentication only for the initial API requests, get the token and then proceed with the token in the following requests.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I am developing a web, iOS and Android app simultaneously.
I have setted up phalcon that connects to Cassandra database and it is used for an API gateway.
All requests are HTTP and nothing connects directly to Cassandra everything is filtered in Phalcon developed app.
Now, I have to consider the login behind the dashboard and the way to develop a fast and scalable user interface.
What to choose for better development and of course safety; Laravel or AngularJs?
AngularJS is a front end framework and Laravel is a backend framework, comparing them is like comparing apples to bicycles.
Seriously though:
Authentication and database access are fundamentally backend procedures. The framework used to manage the business logic around this are frameworks that run on the server itself, and typically expose a web server and API calls. PHP is one of those languages and is not run in the browser (client) or on any native mobile system (ios/android). Laravel is a framework built around server side PHP to help with these procedures.
The client is the actual browser or mobile phone that is connecting to the back end services through http requests and manages the user experience and UI. AngularJS is a front end javascript framework built for the browser.
If this is news to you, you need to learn a lot before you dig into laravel and angular. Good luck!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
As I understand, App Engine Apps are OAuth 1 providers by default.
Is there a way to use OAuth2, e.g. with Google+ Sign-In or (mobile) chrome.identity API while still taking advantage of the GAE Users API and not having to implement a custom provider?
If not possible, what are the alternatives?
Can't say anything about what you refer to as "(mobile) chrome.identity API," but, inasmuch as I got to your question because of its google-chrome-app tag, I can answer for a Chrome App: Yes, it's possible to use the chrome.identity API to connect to an OAuth1 server (I've done it), but it's a lot of work, and you have to horse around with all of the OAuth1 handshaking. It's somewhat easier than trying to connect without chrome.identity, but not nearly as easy as connecting to an OAuth2 server, which is pretty much automatic.
Note that this is not a way of using OAuth2 to connect, which is what you literally asked. Rather, it is a way of using chrome.identity (for a Chrome App) to connect to an OAuth1 server.
Cloud Endpoints seem to be exactly the solution I need. They are not (yet?) a part of the official GAE for Go documentation, but can be found at Github.
Probably the best way to start is the examplary tictactoe app.
A quick test with the Google+ Sign-In button was successful (although with my probably wrong config it is performing multiple calls under the hood and some of them resulting in scoping errors).