I'm trying to write E2E tests for my UI. In order to login, I'm using auth0 with social login - Github.
I have tried several ways to get access token for Github:
Using cypress button clicking:
cy.visit("https://myapp.io/login");
cy.get('.auth0-lock-social-button-text').click();
// Redirect me into Github login page.
cy.get('#login_field').type(my_username);
cy.get('#password').type(my_password);
cy.get('.btn').click();
output: url: https://github.com/session
page content: Cookies must be enabled to use GitHub.
Login with cy.request
This is where I'm stuck. I want to mock the flow of the ui by sending the requests by myself, but I'm not sure how to do it. All the examples I found were with users they manually created in auth0 users manager, and they received the data by passing client_secret and some other params. Thats not what I'm looking for. I'm trying to illustrate the flow as a user see it, or at least the requests that happens behind.
Is someone have example that explains how to do it?
Note: I don't want to use cypress-social-logins because I need it to pass CI.
Thanks.
Related
I'm currently working on an application for myself in which I need access to my own photos/albums on Google Photos. I have gotten by using the oauth 2.0 token generated in the playground, but I'd like to get a more permanent solution that does not require me manually regenerating the token. Is this possible with Google Cloud? The app is meant to run in daemon, so this makes any option with consent pages unusable. The scopes I'm using are:
https://www.googleapis.com/auth/photoslibrary.sharing
https://www.googleapis.com/auth/photoslibrary.readonly.appcreateddata
https://www.googleapis.com/auth/photoslibrary.readonly
I have tried using the https://accounts.google.com/o/oauth2/token and https://accounts.google.com/o/oauth2/auth endpoints to generate one programatically, but the only minor success I had was /auth sending me to a consent screen. I've also looked at using the refresh token given by Google Oauth playground with no luck there either.
Just looking to see if there is anything that I am missing.. This is my first post on stackoverflow, so please let me know if you need any more information.
I was unable to make it an internal app as it was for personal use and not for an organization.
Solved this by first using the google api package to create my own access/refresh token for my oauth client, then calling the https://oauth2.googleapis.com/token endpoint each time to generate a valid access token. I hope this can be helpful to someone else!
According to the setup documentation, as long as your app is marked as internal, you should not need to verify the app and can use it without the consent screen.
I do not want to use the form provided by Keycloak (different company reasons), but instead create our own login page in React. I could login with it using the direct access grant flow and get the auth and refresh tokens. However, I would like to use the Keycloak Javascript adapter to check if a user is logged in, and it doesn't provide a function to run the check based on the token (only if it knows that you are already authenticated).
I could make social login work with this adapter and silent check-sso works well with it, I just want it to work with simple logins as well.
Can this be done with the keycloak-js adapter or do I have to implement the token checking myself?
Assume the following RESTful scenario:
service 1 wants to create a new item in the database of service 2. Unfortunately service 2 is behind a login route (npm passport module).
Service 1 needs to pass/hop over the login route to reach the route for creating this item (post /items/).
My question is now:
Do I first need to access the /login/ route with its credentials to then proceed with the routes behind it?
When I use the browser webapp version, the browser stores the cookie after logging in. Then I can click a "create new item" button to store it in the DB.
But how can I tell my javascript code that, after logging in I am still the valid user? This is really not clear to me.
I intentially did not post any code snippets yet, because first I need to understand it.
I hope this is a more usual "problem" others also had before.
Many thanks!
The answer you are looking for is JWT (JSON Web Tokens). when logging in, your REST API should return a JWT. And the frontend should use that JWT to call the other REST API endpoints. For more information on how to use these in a NodeJs environment, you can check the following articles.
https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
https://scotch.io/tutorials/authenticate-a-node-js-api-with-json-web-tokens
The internet is filled with guides about JWT. Just read some of them for the actual implementation details.
I'm newbie to Facebook Graph API and Facebook JavaScript SDK but I'd like to know some things:
Is there any way to put my Access Token in a Open Source application without actually showing it? I'm using GitHub and for security purposes I'd like to make it private.
Can I show my user information without asking the users to Authenticate themselves?
Where in Facebook Developers App can I allow more "scopes" to share publicly? For example, user_photos, user_posts, user_likes, user_status, etc...
These "scopes" that Facebook allows by default are actually the information I'm getting from the user while I'm Authenticating them right?
Just to clarify what I'm trying to do, I want to share things about my Facebook Account through the Facebook Graph API in the gh-pages branch on GitHub, but I don't like the idea of having to authenticate every single user that has access to the page.
I'd like to make my user information public, but don't want to show my access token, because it's Open Source and it can get dangerous eventually.
If you'd like to see my repository and have a better understanding of the project. You can access https://github.com/iszwnc/rye
If I recap:
you don't want to share your app access token (good!),
you don't want your users to authenticate.
Basically, you can't hide your token and let your users query Facebook directly. You need some server-side code on a machine that would be the only one reaching Facebook. Your server would play the role of an interface between Facebook and your users. So you will have to:
do the API calls from a server using server-side code (i.e. Node.js),
save the information you want in a database. This is optional but better to avoid the same information to be retrieved multiple times, thus avoiding your future 100 users to (voluntarily or not) reach your app API limit.
let the users query your server using some client-side code (i.e. AngularJS) in order to retrieve what you and only you know (remember, you own the token).
About Github, don't share your token on it. People can generate their own token if they want to run your app. Here are several suggestions:
Add your token to an environment variable which you can set just before launching the app (don't forget to mention that in your README),
Add your token to a file:
Create a credentials.js file that contains an empty token:
// Please use your own token
var APP_TOKEN = '';
Commit the file to Github,
Have a .gitignore file that contains the credentials.js,
var APP_TOKEN = 'now-you-can-put-your-token-here';
Good luck with your project, it looks exciting :-)
I'm using the facebook JS API to get some information from users when signing in to a product I'm making.
My question is this - how can I perform a function after they have given the application permission to use their data?
I don't see a callback function in their documentation, but figured there's an easy way to do this. Basically, I want to show a loading image until they've authenticated. Then, if they've given me access, I'll do some animation stuff.
Thanks!
Honestly, I'd steer clear of their JS SDK. It's almost as bad as their PHP SDK. What they really want devs to do now is utilize the Open Graph. Then you can use cURL with PHP or Ajax or even simple redirects with URI parameters. That being said, with either application, you should receive an access token after the user accepts permission requests. Once you have the token, you can do whatever actions you need. You can create your own callback to handle this.
Easy Open Graph debugger: http://developers.facebook.com/tools/debug
Graph API Explorer - this helped me a ton when I was first starting with the OG development: http://developers.facebook.com/tools/explorer