I am using salesforce login api to get the instance_url of a user. Is there any chance that the instance_url may change in later point of time?
Yes, it can change over time, your organization can be migrated to a new pod which would change the instance_url. The only long term stable URL is if you have my domains turned on and you use the my domains version of the url.
Related
I'm adding a new document every time a user is logged in with Google authentication and that user does not exist in firestore.
What I want is to add a 'USER' role when creating this new USER.
I was expecting to do this outside the react application so it can not be hacked into creating different types of users by calling the Firestore api.
At first I thought of a function but now they are only allowed by having a paid plan.
Thanks in advance for the help.
If you want to implement a role-based access control to your Firestore database, the recommended approach is to use Custom Claims. This indeed requires using the Admin SDK via Cloud Functions or a server you own.
Activating Cloud Functions indeed requires entering the details of a credit card but there is a free tier which allows up to 2M invocations/month for free. So, unless your app is very popular, you'll be only billed for each container required to deploy a function but this is a negligible cost of few tenths of $.
If you don't have any credit card, there is another solution: using some Firestore documents to declare the users roles, as explained here in the doc.
I wanted to add this as a comment but I guess you could make use of the firestore rules to make sure that the role value sent by the client is always set to user and not anything else or you could make sure that this USER role added it a boolean value and in the rules make sure he can only edit his own document this way he won't be able to change his role even if he set it to false it won't give him a different role
I have an application deployed on GAE. It allows users to register for an account, and I use the google user id as the primary key to link to their account.
I have a registration link that should be visible if either the user has not been authenticated by google and/or they do not have an account on my site.
What I am trying to figure out is what is the best way to figure out if the user has an account on my site as they go from page to page. I have an authentication filter that is triggered on every page, and the filter looks at their google id (if they are logged in), goes off and determines if the user has an account on my site, and sets a request parameter, that I use in the jsp to determine whether or not to show the registration link.
It seems wasteful to do that every time, so I refactored it and had the authentication filter store the Key object tied to their user account on my site in a Session. If the key attribute is not null, I take that to mean that the user is registered on my site.
Does that seem logical, or are there better approaches? The complexity to me comes from the fact that the user may be logged in with google, but that doesn't necessarily mean they have an account on my site.
My question
When it comes to storing authentication data, you have two options :
Store the data in session
Store the data on client side, in a cookie typically
Storing the data in session is a perfectly valid mechanism, and that's actually the most common.
However, managing a session is costly (you need to store it). In App Engine's case the sessions are stored in the Datastore, with probably some caching. So it's still a call to the datastore.
That should be totally acceptable, however if it turns out managing a session really decreases you app's performance, you can always store the data in an encrypted cookie. That way the information is provided by the browser every time it sends an HTTP request. Note that it means you must get encryption right and that HTTP requests will be slightly bigger (the size of the encrypted data).
So in the end it's a tradeoff. I would recommend sticking to sessions unless you experience performance issues. The advantage of sessions (compared to your fist approach) is that if you ever want to store additional data, you will have less code to add.
I'm using the Google Apps Provisioning API to 1) create new users in our domain and 2), immediately after creation, move them into a sub OU which has the Mail service enabled. I would also like to use the Mail Settings API to 3) set a default SendAs for the new users at the same time. However, I don't seem to be able to set the SendAs until a small amount of time has passed. I get an InvalidValue(1801) ErrorCode. If I make the same call to the Mail Settings API a little later, it works fine. So, I'm guessing the problem is when the Mail Settings API call is made, the user hasn't been registered as being in the OU with the Mail service enabled yet.
Is there a way for me to set the SendAs immediately after the user creation and move? As a workaround, I can put a short delay in my code before the setting of the SendAs, but I'd prefer not to have to do this and I'm not sure what amount of delay would consistently be sufficient.
Thanks for any help you may be able to provide.
Sam LaSala
Any reasons you are still using the provisioning APi instead of the new Directory API? (https://developers.google.com/admin-sdk/directory/v1/guides/manage-users). Provisioning API has been deprecated, and it is subjected to the deprecation policy. It is better if you start using the new API instead of developing your code in the old one.
With the new API, you can actually combine step1 and step2 together where you can directly create the user in the OU that has mail enabled. That way it will eliminate the additional call, and the user will inherit the services that have been already turned on in the OU. Hope this will resolve the issue you have.
You can also check out the functionalities of the Directory API in the API explorer:
https://developers.google.com/apis-explorer/#search/directory/admin/directory_v1/
How to know if a user is currently logged-in in your Google App Engine application?
The application allow its users to browse other users' profile. If the viewed profile is also using or logged-in in the application, i want a notification that the viewed profile is online.
How to achieve this requirements?
If you are managing user profiles, you know when a user logs in. At the end of the login process, just save the user's log-in information in the memcache somehow.
You will later be able to check if a user is logged-in just by searching for him in your memcache.
This way is easy to catch and track the connection events, but you also have to react when a user disconnects, to have your list up to date. To achieve this, you can use a Channel. See the google documentation.
You could, as Gaƫl suggests, use the Channel API to track this, but it's probably overkill. If you wanted to go that route, just listen for the connected & disconnected messages, and update a field in the db that indicates that the user is signed in.
A less expensive route might be to just update a field in your user's record that's something like "last time this user requested a page." If it's been more than n minutes since the last time the user requested a page, assume they're signed out. Indeed, you could even do this in memcache with a map from userid to last access time.
It comes down to what you want to do with the "signed in" information: if you just want to give a general sense of whether a user's around, or how many users are online, using the datastore or memcache solution is probably good. On the other hand, if you want to reflect the user's presence so they can respond to eg. IMs, then you'll probably want the Channel API anyway so you can immediately deliver messages to them.
I am using CakePHP for my application and I was able to integrate the Paypal hosted solution. Users are successfully redirected to Paypal to complete their payment. Once they have completed, they are returned to my website.
At first, it was taking the user to the login page (as the session was getting removed). To prevent this, I have opened the Paypal page in a new window. Now they are not being asked to login again and keeping the $this->Session->read('Auth.User') intact. However, it is not remembering any other session data. For example, I had a session variable 'invoice_number' which is not available after they are returning from the Paypal website.
I have noticed that the session id doesn't stay the same before and after they completed the payment.
I have changed the core.php to reduce the session security by setting it to low, increased the session time, and I have also modified so that it will only start the session if no session id was found (saw this on a CakePHP ticket/bug).
Interestingly, no in Chrome, it remembers all the session variable, the session ids are same and works fine. But in Firfox, it's not working!
Is there anyway to keep the session alive with the same id/ session variables alive so that even after the payment when they are returning, my application knows what the invoice number for this payment was.
Any help would be really appreciated.
Kind regards,
Tasin
try turn off referer checks in core.php, that should do the trick.
Try setting Security.level to something other than high in core.php.
As I wasn't able to find a suitable solution for this problem, I had to find a work around for this.
As I mentioned, when redirecting, the 'Auth.User' information was still intact. I used this to retrieve information which I stored into the database before sending the users to the PayPal website.
Once the payment is completed and the user is returned to the confirmation page on my site, I am retrieving the data from the database based on 'Auth.User' session data.
Not the perfect solution, but for the time being, it is kind of working.
If welcome any solution that is better than this. Please let me know.
Many thanks,
Tasin