I'm building a REST APIs in Symfony2. The idea is to use these apis from a angular web app and a mobile app. Authentication is required to use the APIs.
I thought in the following possibilites:
Separate Symfony and angular in diferent projects:
The URLs under /api would use OAuth2 to authenticate user (FOSOAuthServerBundle). Both web and mobile app would need to use an access token.
Include angular inside Symfony: In the web app the users are authenticated using a symfony form, and therefore no need to protect the urls under /api with OAuth2. But how would authenticate users from the mobile app?
Please, any help is good!
In short, what I need is that the APIs can be used from two clients: web app and mobile app
Thanks!
I'm currently studying and suffering from the same problem and so far the best option I've seen is to keep the projects separate. If you include angularJS in your Symphony project, you will end up using resources that Symphony provides that you won't be able to replicate in the mobile structure. By detaching the server with the client completely, your Web App built only with Angular will be more similar to your mobile app, mimicking the stand-alone application mode.
Personally, I chose JWT Auth since it doesn't require 12 tables in your database, but using OAuth2 would have similar result.
Is always better to choose some solution that is already tested for many people and is used by them. So, I think is better you to use the OAuth technique, so you can consume your api from mobile, web and every other technology.
If you will join the API and WEBApp is up to you. because REST use no session and every call is a new call that you need to check and block or respond. I have an app that has an Codeigniter API and an AngularJS APP in the same project, but thoose does not share any exclusive thing as sessions.
I built e-commerce with FOSRestBundle, HWIOOauthBundle and FOSUserBundle
From server side, generate accesstoken and authenticate via api/login/ api/login_check/
write your security.yml routing access
From client side, call your api. It should render 200 or 403 HTTP_Code.
Related
We have started to work with serverless technologies specifically with AWS Lambda and API Gateway using the serverless framework. We are working with Auth0 to manage authentication. Question is what is the best front-end technology we should use?
I think that we can build the front-end using S3 and cloudfront. The flexibility of each webpage or a set of webpages without any server sounds fantastic and simple, however I wanted to know of any pros and cons in building out web pages that use standard javascript ajax calls using S3 and cloudfront versus using other front-end technologies such as angularjs or vue?
tldr;: Should we build front-end pages using angularjs, vue, etc. or should we use S3 using pure AJAX calls? What are the pros and cons?
You should find hosting any application that uses a popular SPA framework via S3 is achievable. The fact you are using serverless for the API(s) that will be called from your SPA application makes no difference from the perspective of the SPA (client). The client is referencing a web endpoint only. For secured API endpoints, please look at Auth0's Resource API approach, where you would receive a JWT ID Token and JWT Access Token on successful authentication, and send the JWT Access Token with each request. More information on this on the Auth0 website together with samples illustrating how it all works.
Regarding choice on SPA framework / JS technology to use - here are a few useful links to help getting started:
AngularJS - https://auth0.com/docs/client-platforms/angularjs
AngularJS 2 - https://auth0.com/docs/client-platforms/angular2
EmberJS - https://auth0.com/docs/client-platforms/emberjs
EmberJS 2 - https://auth0.com/docs/client-platforms/ember2js
React - https://auth0.com/docs/client-platforms/react
jQuery - https://auth0.com/docs/client-platforms/jquery
Vanilla JS - https://auth0.com/docs/client-platforms/vanillajs
Hope your project is a success.
I am working on my Django project which is going to be a Web App and REST Api for the mobile app.
I am using Django Rest Framework to build the API for the mobile app and it is going pretty good. I like it. For this part, I have a separate app within my Django project. Let's call it 'api'.
What I also want to do, is a web app. Let's call it 'webapp' in my Django project. So basically, web version of the mobile app, with a few different functionalities (e.g. different user/account management) for a slightly different part of the audience. Obviously, the majority of the models that I need, as well as logic are already there in the 'api' app. Also, I want to use Angularjs for the front end of the web app.
My question is what is the best path to take here? Should I create a separate app for my web app and copy the majority of views.py logic, which again will reference models and serializers from the 'api' app in the project? Or should I adjust my existing 'api' app to handle requests from both mobile phones and web app? Thank you.
You can follow link. I also follow that link when started angularjs, django and django-reset-framework.
I am developing an application using MEAN Stack. However I am developing an app using ionic framework for the same application. How would I use the same authentication used in MEAN, in Ionic framework app?
Ionic Framework is built on top of Angular. I would suggest you to use token-based authentications for that; one popular strategy would be JSON Web Tokens (JWT). JWT is basically a standard to transmit data between communicating entities (client/server) through JSON.
I am not exactly sure what kind of authentication system are you using in your MEAN app. It's very likely that you will be using cookie-based authentication. If that is the case, you will need to alter your code so that instead of storing user/session info in cookies, you'll store them in JSON. You can check out the jsonwebtoken module for that.
There are a couple of token based authentication tutorials out there. You could try these out:
https://thinkster.io/angularjs-jwt-auth
http://code.tutsplus.com/tutorials/token-based-authentication-with-angularjs-nodejs--cms-22543
I'm developing an Android app and am using Google App Engine as the back-end. I want to use Endpoints since it seems easy to set up and appears to make authentication easy, but I've seen that it doesn't support custom domains. I'd like to use a custom domain to allow users to log-in and make changes with a web client, though not through Endpoints.
What I want to know is what they mean when they say that custom domains aren't supported. Does that mean you can't use Endpoints at all in your project if you've set up a custom domain for it, or that you just can't make Endpoints API calls to a custom domain?
If it's the latter, I've written a utility class that both my Endpoints API class and servlets could call, so my web client doesn't need to interact with Endpoints at all, only the mobile clients do. I'd like Endpoints and the servlets to be part of the same project so they can both access the same data in the Datastore.
If anyone knows whether this is possible or if there's a better way of going about this, I'd appreciate it. Thanks.
I tried it out and found that it is possible to use Endpoints in a GAE project that uses a custom domain, so long as the custom domain is not used to call the Endpoints API. So when it says in the Endpoints documentation that custom domains are not supported, it simply means you can't make API calls to a custom domain, as I suspected.
I've been developing a GWT project which uses Google APIs authorized by the App Identity API. This way, I can authorize my application backend to exploit the APIs needing authorization (e.g. Calendar, Mail, etc). I want to keep control of the data, I don't want users to need their authorization for the personal data.
It is very useful to use the hosted mode to develop GWT apps. But as far as I know, you won’t be able to hit the real calendar API using OAuth while running in hosted mode because the GAE dev server doesn’t simulate the Application Identity API.
But how about the other APIs? Has anyone used this approach? Can I simply create a mock for the Identity API and work with Calendar Java API in hosted mode?
It is unclear to me how to work around this problem. Any help would be greatly appreciated.
How about you create a Calendar Stub class.
In case you are running in the production environment,
the Stub class calls the Google API using the App Identity API.
In case you are running in the developer environment,
the Stub class calls a secret handler in your production app,
which then calls the Google API using the App Identity API.
All you basically need to create is a proxy handler in your production app.
You can have a shared secret between the dev and the prod environment
and use https to communicate.