Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I'm using angularfire/firebase to authenticate with various OAuth 2.0 providers (github, google, facebook, twitter) from a chrome extension. They all return the same error: Authentication failed: Error: The user cancelled authentication.(…)
Looking for a way that the extension can capture the token generated from firebase's $auth function.
Thanks!
I am trying to do the same thing as you and I am getting the same error.
From this page: https://www.firebase.com/docs/web/guide/user-auth.html#section-storing
Note: Browser popups and redirects are not available on all platforms or browser environments. Popups are not available in Chrome for iOS, iOS Preview Panes, or local, file:// URLs. Redirects are not available in PhoneGap / Cordova, or local, file:// URLs. Therefore, it is recommended that you use a combination of both authentication methods to cover all environments:
Have you tried using the redirect method?
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I have a Node JS backend which consists only of API.
I want to develop an Angular dashboard for my system, that communicates through REST API to perform all actions.
I have seen some MEAN examples where the Angular project lives inside the Node JS project, in public folder.
However I was wondering if this is the best approach, or should I create another project that simply connects to the API and that is hosted independently.
My main fear is that Node JS project is deployed in Google Cloud Platform and I have the feeling/understanding that whenever I update something I need to upload a whole new instance of the project (and traffic is redirected to this new instance), so I would lose control of API versions if new updates are being submitted for frontend changes.
No, it doesn't have to be on the same project or hosting, angular 2 or any other single page application framework would work just as fine with any API as long as you apply same origin policies or your API provide the right CORS policy headers.
here is how to enable CORS on express.js if you are planing to have backend on a different domain.
or you can redirect/proxy specific urls to be served from different upstreams or static files using Nginx for example.
You can even have your angular app hosted via a cdn where your api is on any other hosting.
It is even recommended to manage back end and front end in separate developing cycles.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I'm building a web app using angular 2 + web api. I have created the api using web api template that vs provides. I manage to create the log in of my app, what I did was pass the user name and password using basic authentication over https and api responds with a token + some details such as token exp, username etc., I then store these details in a local storage and use it to validate if the user is authenticated. Is the security around what I did enough?
Foremost, the kind of security that your application needs depends on what kind of data you are dealing with.
FYI, basic authentication is a really old technique which was drafted in 1999.
If you have security as a necessity for your application, you could go with OAuth 2.0 or JWT/Bearer tokens or you could even use basic authentication only for the initial API requests, get the token and then proceed with the token in the following requests.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I know what I'm asking is quite vague, but Google has run up dry on this. I'm trying to build an API in Cloud Endpoints that hooks into a React frontend. The application requires authentication and authorization - so naturally I've got a few options:
1) Custom Login
2) Third Party via OAuth2
3) Both (what I would like to do)
My question is, how exactly would I go about implementing a custom authentication system with an Endpoints API? Since it's a RESTful service, I know that it's stateless. How exactly do I store session data? Do I have to send credentials with every API request (that seems tedious)?
Gah, could someone please point me in the right direction here? I'm not the most knowledgable person when it comes to authentication. THANK YOU!
There is a not well known nor documented feature in Google's cloud endpoints that allows you to use custom authenticators on api class level or api method level. This is also described / documented in a stackoverflow question.
There are a couple of questions here on stackoverflow for python like this, which uses cookies as far as i can see. I've not yet seen how to implement a custom authenticator like you can in Java.
As for how to store session data in a stateless service. The answer is simple: You don't. Every call to your api should contain all the information to process the request. So it's up to the client to maintain the session information and provide it when needed for an api call.
If by session data you mean stuff like the usual user data (name, address, etc) those are attached to your user (not the current session) so if you have a working authenticator you can simply request the user information from your database via the authenticated user.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
As I understand, App Engine Apps are OAuth 1 providers by default.
Is there a way to use OAuth2, e.g. with Google+ Sign-In or (mobile) chrome.identity API while still taking advantage of the GAE Users API and not having to implement a custom provider?
If not possible, what are the alternatives?
Can't say anything about what you refer to as "(mobile) chrome.identity API," but, inasmuch as I got to your question because of its google-chrome-app tag, I can answer for a Chrome App: Yes, it's possible to use the chrome.identity API to connect to an OAuth1 server (I've done it), but it's a lot of work, and you have to horse around with all of the OAuth1 handshaking. It's somewhat easier than trying to connect without chrome.identity, but not nearly as easy as connecting to an OAuth2 server, which is pretty much automatic.
Note that this is not a way of using OAuth2 to connect, which is what you literally asked. Rather, it is a way of using chrome.identity (for a Chrome App) to connect to an OAuth1 server.
Cloud Endpoints seem to be exactly the solution I need. They are not (yet?) a part of the official GAE for Go documentation, but can be found at Github.
Probably the best way to start is the examplary tictactoe app.
A quick test with the Google+ Sign-In button was successful (although with my probably wrong config it is performing multiple calls under the hood and some of them resulting in scoping errors).
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm trying to get a link to my app to work on mobile devices similar to this:
http://m.facebook.com/angrybirds?id=314467614927
however my mobile web link from the app center requires a facebook login, where the angry birds link does not. Any ideas how to replicate the functionality?
my link:
http://m.facebook.com/appcenter/ansibletestapp
edit:
also filed a bug report with facebook: http://developers.facebook.com/bugs/343512979067831
http://m.facebook.com/angrybirds?id=314467614927 is the link to the page of the Angry Birds. (Web version here: http://www.facebook.com/angrybirds)
Using an application on facebook will always require authentication, that is a valid session, so the user will have to log in to facebook to view the application.
It's probably related to list of permissions listed on Settings -> Permissions page for your application. (See Authorization section of App Center guide).
Configuring Permissions
Use these settings to enter the set of permissions your app requires when displayed in App Center or using Auth Referrals
Learn more about Configuring Permissions
Listing some of permissions in that section of application settings will result in Auth Dialog appearance prior to application visiting from any link on Facebook.