I'm currently developing an application in CakePHP 3, this application contains a Web Front End and a plugin for API/WebServices that serves mobile apps.
The web front end login system rely on FORM Based Authentication and work perfectly, but i want to uses a Digest Based Auth to check user credentials on API Request.
The API request is a plugin on the same system made for me, and router via /api/users (example) endpoints to server mobile apps.
I trying to get the 2 ways of authentication with no luck and also try the JWT plugin with no luck.
Anybody has a solution to this or have a similar problem?
Thank you folks!
after further investigation, the problem is all about CORS
CORS Enabling
In Cake create a new beforeFilter with the following code:
$this->Security->csrfCheck = false;
And that's all.
Thanks folks!
Related
i am a newbie to Cakephp 3.*, I was playing around with cakephp REST API and angularjs. So far i was able to successfully integrate the registeration and login using the ADmad/JwtAuth (Link). I want to add social login as well (My application is a stateless, as all the back-end related queries are in the REST API)how can i do this?
Please Help.
Thanks
I'm developing a Restful API using MEAN.js, which will be consumed by an AngularJS Web site and Phonegap Mobile Apps.
I'd like the user to be able to create an account and/or login using Faceboo, Google and Twitter.
I'm trying to use the same sample code that comes with MEAN.js seed application, but with the Node side of it, on port 3000 serving only the API, and the web site running on another server (currently on port 9000).
I','ve already implemented Token authentication using a Passport custom Local strategy, which generates a token, and the Bearer Strategy to autheticate API calls.
But I'm having problems with social login, to link social accounts to existing users.
From the Angular Client I call an api endpoint that redirects the user to the oauth provider (e.g. Twitter). When the user comes back, my serve has no knowledge of the logged user, since I'm not using sessions anymore.
I've tried to return the provider token to the client, but have problems parsing the anguler url. Then I coded another page outside angular that receives the provider token and calls an api endpoint sending the oauth token and the token issued by my api. It worked for Google, but not for Twitter. It seems twitter needs a session.
Anyway, what is the best approach to achieve what I want? How can I make this work?
Since your using Angularjs, take a look at this Angularjs library https://github.com/sahat/satellizer. The library pretty much opens up an oauth popup and checks the popup url for tokens. You can easily replicate the approach or just use this library. It works with a few social media providers like Twitter and its easy to add more.
I was in need of the same thing and so I set out to create my own. It's still in development but should give you a good start. Feel free to create a pull request and help to make it better. Maybe we can eventually merge it into their codebase.
https://github.com/elliottross23/MeanJsSocialLoginTokenAuth
I'm working on an application using the mean.js framework. I have successfully managed to get facebook and local passport auth working. What I'm looking for a way to do is use https instead of http after the user has successfully logged in. I havent been able to find something useful on this so far.
Kindly note I'm new to working with mean.js, angular and express.
I'm trying to retrieve a LinkedIn users profile information by authenticating them on my hybrid application.
I have tried to use the REST api, but I can not register a redirect URL on LinkedIn in order for this to work.
From:
https://developer.linkedin.com/documents/authentication
I used:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code
&client_id=YOUR_API_KEY
&scope=r_basicprofile%20r_emailaddress
&state=STATE
&redirect_uri=YOUR_REDIRECT_URI
... but because applications on an iPhone get's installed with a unique URL, I cannot register it on LinkedIn as a redirect URL.
I also tried using the javascript API, but can not load the page dynamically for the button to appear and parse correctly.
From: https://developer.linkedin.com/documents/javascript-api-tutorial
Is there anyone that found a different solution to implement this on Ionic or any other Hybrid application?
Thanks in advance.
I'm currently working on the same thing and ran into similar issues. My approach is to use the InAppBrowser for the user login to LinkedIn and then grab the authcode from that response. Then, send the authcode to my node backend, where I issue a request with it and my client secret to get the access token.
Here are a few resources for oAuth with phonegap that I found very useful:
Using An Oauth 2.0 Service With IonicFramework
Ionic forums - OAuth Login
(would have left this as a comment, but can't due to my reputation)
Any help, advice and experience is welcome.
Im currently having a separate AngularJS SPA on a Apache HTTP Server and a Spring Backend on a Tomcat 7 Servlet. The backend serves as a Rest API for the SPA.
Some rest resources will require a user to have a certain role.
I've been searching the internet for days on what and how to implement the best security strategy:
Basic Auth
Digest
oAuth
Stateless, Cookies? Sessions? Tokens? CSRF?
How would you go about communicating Spring Security in Json or XML to your SPA to show the user an authentication page or an "your successfully authenticated page"?
Any help is appreciated.
I finally figured out how to make the SPA authenticate with my Rest Backend.
In spring security I created a
Custom SimpleUrlAuthenticationFailureHandler which returns a HTTP-Unauthorizated if a login attempt fails.
Custom SavedrequestAwareAuthenticationSuccessHandler which returns Http-Oke if a login attempt is successful.
Custom AuthenticationEntryPoint which returns Http-Unauthorizated instead of a redirect.
Custom LogoutSuccessHandler which returns Http-OK.
I disabled CSRF.
If anyone needs more help feel free to let me know or message me.
I highly recommend watching this Spring's introductory video. It explains usage of Spring Security from ground up using Java configuration. Apart basic configuration, authentication and CLRF token usage also dive into field security. Uses templating on server with Thymeleaf though, but can provide a lot of wisdom for REST based app also.