My camera has a browser control interface. I would like to create a session with node to send commands directly through my service. That is, I want to log in and make the get/post calls using the credentials.
Can anyone help me, where to start?
Related
I'm working on a website where the user needs to log in to view the content. I'm working with react for the frontend and i'm using node to develop the API. I'm trying to protect my pages with a json web token, this way once the user logs into, the server gives a jwt which the frontend asks for to let the user to continue navigating or otherwise redirecting him to the login.
I know the server needs to verify the token, and i know i can create a middleware and implementing it to my API routes to achieve this. But my question is, if in the page i want to display i don't need to call any API route how can i verify the token?
I mean, should i create a route only to verify the token? or there is better way to do it?
Any suggestion or code example is welcome.
I suggest to use backend for token verification it is easier to manage in long run and safer. For example , if you use hmacsha256 signature , you have to leak your private key to client side for token verification. For client side identity verification, i suggest work with server side rendering instead to limit access to the protected part of website.
I created a Chrome extension which is just HTML/CSS/JavaScript. When the user clicks on a button, I have it send a message to me. But the problem is I don't want to include any API keys or server information where the app can POST to as it can be used for abuse if someone was to extract this information from my Chrome app. Is there a method of getting a response from a web app with a public service where anyone can post to? I was thinking pastebin, but even that requires an API key.
You could ask the user to create their own key. For example, many GitHub extensions require an API key to make requests to the GitHub API, so what they do is they send you to a GitHub settings page where you can create a personal API key.
I am creating a google chrome extension. I have a background script from which I want to send and retrieve some data from MongoDB database. How do I do that? I'm new in chrome extension development.
YES. It's possible. But, It's not a good idea to expose a database to the public internet at all. Implement a REST like method in your backend code and authorize calls to it using some web standard auth scheme, such as OAuth or HTTP Basic auth. Hitting the DB directly is way too dangerous. You can receive/send data from DB accordingly. Saying That if you still want to go ahead here's a link to help you with that For full REST capabilities, consider using an external REST Interface such as Sleepy.Mongoose.
I have an idea for a Minecraft plugin which will allow users to log into the website associated with the server without requiring registration, all they would require is their Minecraft username.
I'm trying to find the best way to get Auth0 to authenticate users through a custom passwordless strategy, instead of the default email or SMS which Auth0 provide.
The context which I'll be using this in is as follows:
Minecraft username is entered as their login on the site > Magic link is sent to their text box in-game through a custom plugin and listener > User clicks on the magic link and they are authenticated using Auth0 (JWT token for 30-ish days).
Does this sound possible? or is it wishful thinking.
I know I'll need a custom listener to look for requests from Auth0 and something to return the magic links to the user in-game through a java plugin.
I see no reason that it wouldn't be possible, but there are a few factors to take into consideration:
Minecraft chat cannot be assumed private and direct. There are chat logs and plugins that can intercept your messages. Passwordless auth is like communicating a one-time-use password, so why would you send it via insecure means?
If we assume it's secure, typically it's the responsibility of the user to store the JWTs. If this is a vanilla client, you have no method of storing data on the client, so in the end the server is managing JWTs, which kills the entire reason to use them. Otherwise, why not just have the listener add the player to, say, a cache that expires Players after 30 days of not being accessed?
Other than these two kinks that can be worked out, it sounds like a cool idea. Good luck with it!
I find the documentation provided by microsoft confusing(Link).
How can I for example get an authentication token and where can I download the javascript libraries? I couldn't find any information on this.
Basically I want to know how to get the calendar of an user in my javascript webapp.
I did try sending an request to
"https://outlook.office365.com/api/v1.0/me/calendarview?startDateTime="+begin+"&endDateTime="+end"
This shows me an authentication popup but after submitting the correct username/mail and password, it doesn't do anything. There is no response back.
To get an access token, you need to use the OAuth2 Authorization Code Grant flow. https://dev.outlook.com/RestGettingStarted walks through the process. Basically you need to register your app to get a client ID and secret, then use those to go through the process.