AWS Session/Credentials/Auth - javascript

I'm following an AWS workshop for SaaS Serverless, however they wrote it with python code and i'm not very good at python so i'm trying to rewrite everything in javascript. It was doing ok until i get to the problem in title.
They use this function to get authentication so i can register my tenant.
import boto3
from aws_requests_auth.aws_auth import AWSRequestsAuth
def get_auth(host, region):
session = boto3.Session()
credentials = session.get_credentials()
auth = AWSRequestsAuth(aws_access_key=credentials.access_key,
aws_secret_access_key=credentials.secret_key,
aws_token=credentials.token,
aws_host=host,
aws_region=region,
aws_service='execute-api')
return auth
The problem is I didn't find a way of getting credentials unless i hardcode it.
My question is: How can i make this function work the same way in javascript?
EDIT:
This is the workshop i'm following:
https://catalog.us-east-1.prod.workshops.aws/workshops/b0c6ad36-0a4b-45d8-856b-8a64f0ac76bb/en-US
This is the github repo (I'm currently on Lab 2):
https://github.com/aws-samples/aws-serverless-saas-workshop
This is the source of the function i talked about:
https://github.com/aws-samples/aws-serverless-saas-workshop/blob/main/Lab2/server/layers/utils.py

So I did a bit of digging through the source code and found the place where they declare the AWSRequestsAuth class here. TL;DR - it's a class that helps connect to AWS services via Amazon's signature version 4 signing process.
For your problem of getting credentials without hardcoding, I found this guide for Node.js on setting credentials:
You can supply your credentials in order of recommendation:
Loaded from AWS Identity and Access Management (IAM) roles for Amazon EC2
Loaded from the shared credentials file (~/.aws/credentials)
Loaded from environment variables
Loaded from a JSON file on disk
Other credential-provider classes provided by the JavaScript SDK
It also has further reading to help out with strategies for loading credentials. I know this doesn't directly answer the question, but I hope this helps!

To use any of the AWS SDKs, always refer to the corresponding Developer Guide. YOu can find a list of supported DEV Guides here:
https://docs.aws.amazon.com/code-library/latest/ug/what-is-code-library.html
See:
As you are interested in the AWS SDK for JavaScript, look at the DEV Guide for this SDK. You can find detailed information abut creds in this topic :
Setting credentials

Related

Is there a c# equivalent of the Python id_token.verify_oauth2_token class and methods

I searched all over the web looking for the C# .NET classes and documentation to allow me to code functional equivalent of this Python method and I can't believe it simply doesn't exist but NuGet hasn't helped and the closest Google documentation I can find is here.
What does exist is classes and examples that show how to authenticate a .NET server or Installable with Google so that it can Access various APIs (Drive etc) but I just want the simple client token Authentication that is referred to for most other languages here
As you will see Python has the google.oauth2.id_token class with its verify_oauth2_token() method and NodeJS and PHP have their verifyIdToken() methods.
Java gets a little more complicated with: -
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
// Specify the CLIENT_ID of the app that accesses the backend:
.setAudience(Collections.singletonList(CLIENT_ID))
// Or, if multiple clients access the backend:
//.setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3))
.build();
// (Receive idTokenString by HTTPS POST)
GoogleIdToken idToken = verifier.verify(idTokenString);
But C# has diddly :-( Please advise!
If it helps I'm implementing a Javascript SSO client. (BTW have no interest in the YOLO library)
I finally found Google C# token verification code on the web. It says it is no longer actively maintained. Why is there no MuGet package? Why is Google making this so hard?
Or just call the Google Validator like Python does?
Also see previous answer Here

React JS with laravel, can unauthorize person look at my React JS sourcode at /resources/assets/js/components folder?

I'm learning bulding React JS API with laravel (5.6) passport. To acsess API with fetch, my flow more or less is like this;
first I declare the API credential
(client_id, client_secret, grant_type, username, password, scope)
inside my .js file, in /resources/assets/js/components folder
requesting a token by fetching to /oauth/token using the credential
mention above
after getting the token, lastly I fetch to my API URL using that
token
So far so good and everything works, but my concern is since I declare my credential in .js file, I'm afraid that anybody could access the URL and look the source code that contain my credential, because as we all know client can look for the source code of client side code like js, html, or css.
So my question is;
is there a way to prevent that?
Or
is my method fundamentally wrong to declare a credential in
/resources/assets/js/components/.js file? if so can anybody
enlighten me to the best practice and safe method to do so.

how to setup amazon cognito to create temporary security token for a long term access key in javascript

I read about it on http://docs.aws.amazon.com/ but I am not clear, can anyone summaries the fact with example in javascript or any related link
You are right that you should not hard code your AWS credentials in mobile or javascript app. I would advise you to use Amazon Cognito for such use cases. Please start with reading the documentation.
https://aws.amazon.com/cognito/faqs/
http://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html
http://docs.aws.amazon.com/cognito/latest/developerguide/setting-up-the-javascript-sdk.html
This link is vaery helpfull..got It after a long
https://aws.amazon.com/developers/getting-started/browser/
and some recommendatios:
http://docs.aws.amazon.com/cognito/latest/developerguide/getting-credentials.html

firebase v3 - google auth "internal-error"

I try to migrate my google-auth-only project from firebase 2.x to 3.0 using the web-sdk example from:
https://github.com/firebase/quickstart-js/blob/master/auth/google-redirect.html
After setting up the initialisation-code with apiKey (via Google-Developer-Console - used the server-option) and all the other needed options, i use the "login with google"-button.
After this, an redirect-screen appears, then redirecting back to starting page and getting an "auth/internal-error".
Any suggestions?
I would recommend importing your project in the Firebase Console rather than configuring keys manually if possible, but appreciate there are some cases where that isn't ideal.
For the API key, try switching to the "Browser" type key rather than the "Server" one for anything running in the browser, and make sure it is approved for the domain you are using.
Google Sign In will need a client ID as well. The easiest way to implement is to use the signInWithPopUp method, but there are instructions for manually configuring the Google Sign In lib too.
If you do need to create a client ID, you can see the full instructions in the Google Sign In documentation.

Importing events from MS Office 365 (PHP)

I have an intranet site for a small medical clinic, and on the front page I want to display upcoming events associated with the clinic-wide MS Office 365 email account.
I'm new to APIs, so some resources on how to get started would help.
The site is in PHP, but as I understand it, API functions can be done in JavaScript - either way is fine.
Once I can get an XML or JSON file from Microsoft, I'm pretty sure I can figure out how to format it for the site. The problem is just getting the info.
So far I have:
<script>
var req = new XMLHttpRequest();
req.open("GET", "https://outlook.office365.com/api/v1.0/users/{email address}/events", false);
req.send();
console.log(req.status);
console.log(req.StatusText);
</script>
The console logged:
"NetworkError: 401 Anonymous Request Disallowed
I've also tried the line req.open("GET", "https://outlook.office365.com/api/v1.0/users/me/events", false{or true}/ {username}, {password});, to which the console logged
NS_ERROR_DOM_BAD_URI: Access to restricted URI denied
Almost all the documentation I can find is directed toward individual users (employees of a company) interfacing with their 365 accounts through some web-based interface, so almost all of the urls have /me/ in them, indicating they have authenticated somehow. But I want my PHP or JavaScript script to automatically authenticate a single user and retrieve information. I imagine this requires hard-coding the user and password somewhere, but I've found no examples like that.
I'm obviously in way over my head, but can anyone offer any advice on how I can get this done? Or read more about how APIs work? Most of the documentation out there is directed at people who already have a certain level of knowledge, which I don't have, and don't really know how to get.
Thanks.
Missing part is authentication (OAuth) to connect from your app to O365..
Maybe this helps http://msdn.microsoft.com/library/bde5647a-fff1-4b51-b67b-2139de79ce4a%28Office.15%29.aspx
Yes, you do need to authenticate against the Office 365 APIs as indicated previously. To make calls against Office 365, you must register your app for OAuth against Azure AD.
I'd suggest looking at http://dev.office.com/getting-started/office365apis. It should guide you through setting up authentication and show you how to make the rest call.

Categories

Resources