I'm trying to retrieve a LinkedIn users profile information by authenticating them on my hybrid application.
I have tried to use the REST api, but I can not register a redirect URL on LinkedIn in order for this to work.
From:
https://developer.linkedin.com/documents/authentication
I used:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code
&client_id=YOUR_API_KEY
&scope=r_basicprofile%20r_emailaddress
&state=STATE
&redirect_uri=YOUR_REDIRECT_URI
... but because applications on an iPhone get's installed with a unique URL, I cannot register it on LinkedIn as a redirect URL.
I also tried using the javascript API, but can not load the page dynamically for the button to appear and parse correctly.
From: https://developer.linkedin.com/documents/javascript-api-tutorial
Is there anyone that found a different solution to implement this on Ionic or any other Hybrid application?
Thanks in advance.
I'm currently working on the same thing and ran into similar issues. My approach is to use the InAppBrowser for the user login to LinkedIn and then grab the authcode from that response. Then, send the authcode to my node backend, where I issue a request with it and my client secret to get the access token.
Here are a few resources for oAuth with phonegap that I found very useful:
Using An Oauth 2.0 Service With IonicFramework
Ionic forums - OAuth Login
(would have left this as a comment, but can't due to my reputation)
Related
I have a ASP.NET Core Web API that I am trying to set up office365 authentication on. The frontend when you load it should be redirected to the azure sign in page and if the account details are correct they should be returned to the SPA application.
The SPA and API are in different applications. I understand how to do in an MVC context using asp.net.core MVC it's the separating the 2 API and SPA.
Could anyone help?
Looks #Tiny's comment is correct, move it to answer to help others:
you can use msal in Spa and add filter in the api app, so that when you visit the api directly it returns 'forbidden' because of no access token in request head and when you visit page view it redirect to login page to make you sign in.
I have tried following several ADAL (Azure AD Authentication Library) examples to get my WPF application to call an Azure secured Web API. Everything appears to work fine. I receive the login prompt, it accepts my credentials, I'm able to acquire a token. I attach the token to my request but the request always returns the HTML for the Azure login page as if I'm not authenticated.
Has anyone else experienced this type of issue? Are there certain things I should be checking for?
I think you are securing your API using a redirect based protocol instead of the oauth bearer. For a discussion on the differences between the two see http://www.cloudidentity.com/blog/2014/04/22/authentication-protocols-web-ux-and-web-api/.
The canonical WPF sample is in https://github.com/AzureADSamples/NativeClient-DotNet. See how the web API is secured.
I'm developing a Restful API using MEAN.js, which will be consumed by an AngularJS Web site and Phonegap Mobile Apps.
I'd like the user to be able to create an account and/or login using Faceboo, Google and Twitter.
I'm trying to use the same sample code that comes with MEAN.js seed application, but with the Node side of it, on port 3000 serving only the API, and the web site running on another server (currently on port 9000).
I','ve already implemented Token authentication using a Passport custom Local strategy, which generates a token, and the Bearer Strategy to autheticate API calls.
But I'm having problems with social login, to link social accounts to existing users.
From the Angular Client I call an api endpoint that redirects the user to the oauth provider (e.g. Twitter). When the user comes back, my serve has no knowledge of the logged user, since I'm not using sessions anymore.
I've tried to return the provider token to the client, but have problems parsing the anguler url. Then I coded another page outside angular that receives the provider token and calls an api endpoint sending the oauth token and the token issued by my api. It worked for Google, but not for Twitter. It seems twitter needs a session.
Anyway, what is the best approach to achieve what I want? How can I make this work?
Since your using Angularjs, take a look at this Angularjs library https://github.com/sahat/satellizer. The library pretty much opens up an oauth popup and checks the popup url for tokens. You can easily replicate the approach or just use this library. It works with a few social media providers like Twitter and its easy to add more.
I was in need of the same thing and so I set out to create my own. It's still in development but should give you a good start. Feel free to create a pull request and help to make it better. Maybe we can eventually merge it into their codebase.
https://github.com/elliottross23/MeanJsSocialLoginTokenAuth
We are the process of developing a android phone app using IONIC framework and Web Api as the backend.
My question is ,is it sufficient to use Forms Authentication along with SSL to keep the phone app secure.
Our background is in Asp.Net web development and we could not see any examples that uses Hybrid mobile app development along with forms authentication,that makes me wonder if we are in the wrong track.
We implemented CORS along with WithCredentials both on Angular and Web API side, and the authentication piece seems to work fine for all subsequent calls in debug mode.
Do we need to take additional steps for security ,since its a phone app ?
Edit: I was reading about bearer token authentication with Web Api, is this a recommended way to go with phone apps ?
Thanks !
Yes my recommendation is to go with bearer tokens not with forms authentication.
You need to use OAuth 2.0 Resource Owner Credentials Flow which means that end-user provides the username/password only once for a specific endpoint i.e(/token) and then if the username/password valid you obtain something called Bearer Access Token.
This token is valid for specified period and you can configure this in your Web API. Once you obtain the access token, you need to store it securely in your android/hybrid app, then you keep sending it with each request to your web api protected end points using the Authorization header (Bearer scheme). I've written very detailed post which covers your scenario 100%. Please check the post Token Based Authentication and another one for authentication with AngularJS authentication which should work with your case. Let me know if you need further help.
I'm plan on deploy a Java application to Google AppEngine and use federated login (still experimental according to Google). The application is pretty simple Java EE application which expose RESTful interface for simple CRUD operations.
I then want to be able to authenticate to this application using Windows Client Application written in C#.
I think the application should be able to open a window with a browser in ti which will present the login page of my web application and after successful authentication I should be able to get the login token or a cookie to use in the rest of my HTTP requests.
Is it possible to do such thing using federated login? I've found a post explain how to do it using google proprietary login.
Thank you,
Ido.
I've manage to make this work much easier then I thought it would be.
When I send HTTP request to my web service I get 302 Found response with response header name Location which point to the login page.
I use WebBrowser control, register to it Navigated even and navigate to the URL in the Location header.
When the Navigated even fire I use the code from this answer to get the cookies container.
I check each cookie until I find one with the name ACSID and store it.
For every web request to my service I add cookie name ACSID with the value saved at step 4.
This is not the most secure way of doing this. I will add check for the domain of the cookie but this looks good.