Authentication from Rest service and Cordova - angularjs

I'm developping an hybrid application with Cordova and AngularJs witch consume services provided by a REST web service. I'm beginner with this kind of project and I look for a simple example of authentication.
I searched on the net but I cant't find a simple tutorial to follow.
can anyone healp me please ?

Are you developing the REST API youself? In that case an easy way to set up authentication is to use JSON Web Tokens (JWT). Check out http://www.jwt.io for more information. You could use the Satellizer library to handle the client side stuff, they even have example implementations for the server side.
Good luck!

Related

Ionic / Apache Cordova - HTTP requests best practices

i'm developping an app with the ionic framework and a jee + postgresql backend.
I'm actually doubting about the HTTP Requests :
Should i use only jsonp? Or add an Access-Control-Allow-Origin * in my HTTP headers ?
Of course, both of these solutions are working, the second solution seems unsecure to me but i'm not use to mobile requests (without domain-based call/endpoint) so i don't really know what to choose ... i might also miss some other way to do the job ....
Do somebody know how to properly build this kind of communication ?
Thanks you !
If you want to be very flexible and very secure, you might want to implement a JSON Web Token solution. The server issues json web tokens to your users. You can define who gets a token. Then the token must be attached to every request from ionic to your server. The server determines what data to return, if the user is authorized.
For JEE there is this package. For ionic the auth0 repositories are a good study start. You can find many examples online. I think that is the most elaborate solution available, despite might not be easiest to implement.

How to develop Remember Me Functionality with Angular JS + JWT Authentication using Spring Security 4 + Spring Rest API

I want to develop "Remember ME" functionality with Angular JS + JWT Authentication Using Spring Security 4 + Spring Rest API + Hibernate + Maven + Tomcat.
Because of some code review and business need, I am forced to use JWT method for user authentication and authorization with above mentioned Spring feature,
I searched on Internet for sample projects and application, But I couldnt find any solution?
Most of them doesn't serve my purpose or way complex to understand.
I would like to get a sample project for reference. Or an IDEA to complete this application. I am stuck with it.
Any one please help me.
Clarification:
My Login page should have "Remember Me" check-box, I have decided to use Spring Security remember me feature. But later when using Angular JS in client side, decided I should not use Spring Form tags that provides REMEMBER ME functionality.
And now I am unable to find example in Internet for this. So Please can any one help in creating an sample application.
It would be great if any one could help me with a sample application with good coding standard or some URL of sample codes
This could serve many people who are searching for a good Sample code to do this and enhance upon it.
Requesting help. I am stuck and have very less time to research things.
This is exactly what we did on this project:
https://github.com/RedFroggy/angular-spring-hmac
The stack is: AngularJS, Spring MVC, Spring Security, Spring Boot and a jwt authentication.

Angular, JWTs and 3rd party auth

I'm not posting any code here as I have a design problem. It may also be that I'm trying to do something that makes no sense - if so, let me know.
I have an Angular site that uses JWTs. At present I use Passport.js with a LocalStrategy. I would like to use Twitter login. I can't work out how to handle the communications.
The Passport docs envisage a situation where you go to a route on your server that redirects you to Twitter and Twitter calls back your server after it has finished, and then your server can respond to this second request (I think) with a new page and a cookie.
But I have Angular on the client side, and I can't find any tutorials for handling that. I think I could get Angular to open a window and connect to Twitter, and then I presume twitter could callback my server, but how then does my server find the Angular client to send the JWT?
I had a project that I needed to implement Facebook, Twitter and Local logins. With passport Facebook and Local were easy but with Twitter I just gave up and implemented it without passport.
I just used the Twitter API.
Very helpful was the documentation on Satellizer. It is an angular library for handle the login types in the front end, but it also have a very nice examples how to handle the logins in the different back end languages without using any third party libraries. I actually haven't used it, because I wrote all I needed myself without any third party libraries, but it helped me understand better different login APIs and how to handle them in the backend. You can check the examples here.
Hope this helps you.

Angularjs and SSO (SAML2)

I came across with this AngularJs thing, and I thing it is awesome, really solves many problems I confronted while working on my last WebApp with just a few lines of code.
Now, what I didn't find or was looking in bad places is the protection of AngularJs app with SSO (simpleSAMLphp Identity provider). How to deal with this?
What I am going to build will use Pyramid framework as a backend REST API, and AngularJs (I wish) for the frontend. But how to protect the app from unauthorized access, skipping the sso login. Any implementation example or lessons working on similar case would help (may be with php, ruby backends and SSO etc)
I doesn't seem like pyramid has any direct support for SAML authetication. I suggest using a third party application for SAML. For example Shibboleth. The SAML communication is done on the server side so Angular wont need any integration.
Google like 'Authentication in angular JS application' you can get lot to protect your angular app. To protect your REST API use Oauth whether its a php or ruby application.

Parse.com+CakePHP+OAuth-2.0, anybody use them together?

I've been looking for the best way to build a search web/ios/android application with user login and a REST Webservice. I have landed on CakePHP for the Website creation and REST api handling.
I would also use the RestKit API for iOS, and not sure for what RestAPI I'd use for Android.
I also want to be able to use OAuth-2.0 for communicating with Twitter/Facebook/Pinterest.
My Question:
Is there a way to use CakePHP and Parse.com together to handle all the user authentication, and would I need to separate data tables (one on parse.com and the other on another hosting service with CakePHP)?
I would like to keep everything at Parse.com if I could. Any help would be awesome!
I'm not familiar with CakePHP, but if you can completely ignore whatever DB/ORM comes with it by default, you can use Parse on your server and in client apps. There's an un-official PHP library you can use for the server, and they offer iOS and Android SDKs.

Resources