I'm fairly new to nativescript-vue dev and I'd like to set authentication for my native app, I have been thinking about using firebase auth but I'd rather go the laravel route (if it's a good choice at all).
How I think I'd handle this is to send a post request to my backend (which is a laravel app) into my custom auth controller, then in the success callback I'd change isLogged in the vuex store to true or false, since I'm suing also vuex-persistedstate to persist some data into my localStorage (actually it's Application Settings in natviescript afaik).
Is my way of doing this okk? has anyone done it?
I was using a Laravel API before, but decided to switch back to Firebase, I think it’s a better choice for mobile.
But if you want to use Laravel, take a look at Laravel Passport (https://laravel.com/docs/6.x/passport).
You can use the Password Grant (https://laravel.com/docs/6.x/passport#password-grant-tokens) to generate a token from your mobile application, by creating a login endpoint that will generate the token for you.
Related
I'm working on my first react-native app, coming from vue-laravel background I was wondering if it's actually possible to use laravel normal auth for my react-native, so far it seems I can succesfully login a user sending their credentials via POST request to my API, however subsequent uses of Auth helper fail, that is I can't get the logged user using Auth::user(), it returns null...
Is this possible to accomplish? I have read about firebase auth but I don't feel like adding another database system to my laravel main Mysql database, truth is I don't know for sure what laravel uses for authentication under the hood so I can't get this to work.
Any help would be appreciated.
You can use tymon/jwt-auth for backend (laravel) and use the token in frontend(react native)
I'm sorry if the title is not very clear.
What I have: ASP.NET application with "embedded" Vue.js 2 from this repo: https://github.com/MarkPieszak/aspnetcore-Vue-starter
I already studied Identity Server 4 manuals so I tried hybrid flow with pure ASP.NET and implicit flow using oidc-client with pure JS. Both flows work for me.
But what I want is using JS page that hosted in ASP.NET to get access token and refresh token and store them in ASP.NET. ASP.NET in this case acts as a backend (but not the Resource API!).
Maybe (optional) there is a way to create custom login form. User fill this form, JS sends login and password to ASP.NET backend and than in turn transmits them to Identity Server and retrieves tokens.
I wonder if it is possible to use such a scenario at all and whether it is viable and sufficiently safe.
Any assumptions are welcome!
EDIT:
What I really want is to use Vue just for display my data while using ASP.NET as a backend-client which gathers information from resource API.
Regarding the Login page - no, you can't. Reason - when using OIDC authentication, you are delegating the login functionality to the provider (in your case Identity Server), and it takes care for the login page and etc.
Now regarding your Vue app. Vue is a SPA. SPA's can only use Implicit grant type and by this - they are not being issued a refresh token.
Your solution here is to use the oidc-client-js library with your Vue app. We have this scenario implemented (Vue on top of aspnet core) and it works perfectly fine.
I have built a react application which has a login page. I am done with the frontend of login page using react. Now the other person from my team has build a backend api on django. I want to call that api from my react code now. How should I do it? Do I need to learn something specific? I have searched in internet and all of the sources we to make serve react and django from same project. I have a React project with me and a separate api developed by someone else. Please guide me through this. I am pretty new to this.
No, you dont have to learn something new. You need to just make an ajax call to the API endpoint from within your react application to fetch or send the data needed and handle the response.
Also keep in mind to setup the ajax to send the CSRF token as shown in the docs.
I have a node server that authenticates with a third party (like stack overflow does) using oauth. When the third party hits my callback and I authorize the request and get the access token and other info, I want to then pass this info to a react app I made, so then the react app can make REST calls to using the access token straight from the provider.
I am new to react and node, but am able to make a node server that can get the access and refresh token info. I am new to 'serving' and serving a react app. I have been serving using
app.use('/client', express.static(__dirname + '/client'));
to serve react apps, and this works great to a limited extent. The situation I am currently in exceeds the extent and I want to learn how to send the oauth info along with my react app back after authorizing in the callback. The flow I am using authorizes the request in the callback and then does a redirect back to the /client route to render the app, which fails to pass any oauth info to the client. Is there any way to set the header before that redirect to have the oauth info, and then some how get that oauth info in the react app?
I am posting here to get some advice on some avenues and resources I should read up on, and maybe some suggestions for my current situation. I am eager to learn more on express and am currently looking to set the header with the info I need and then serving the react app as a file or something, I am not sure yet.
Thanks to all in advanced!
I'll give my best to answer your question. So the problem with SPA(Single Page Application) and OAuth login is that the only way to transfer data with redirects is URL query string. The JWT(JSON Web Token) would allow this, but it's only supported in mobile native SDK-s. Solution for the web, without using the popover flows here:
For Node.js I suggest to use Passport.js OAuth modules, the login flow:
Example /auth/google -> redirect to Google login page.
On success, you get redirected back to callback url /auth/google/callback
You also get back the access_token, refresh_token, basic profile information etc.
No sessions are used so we use the JWT and generate the token on server side.
Redirect back to application with the token: app.example.com?token=JASJKDk..
On client side extract the token from query string.
This is just one possible flow that you might use, instead of JWT you could also use session/cookie solution.
As ionic uses angularjs, for login system there isn't any browser to save cookie or session in order to authenticate for each part of application.
One way is protecting by using this in app.js:
$urlRouterProvider.otherwise('/login');
Because any one doesn't access to other links into application. When returned answer from server (mysql database) is true , we can use this:
$state.go('app.main');
Is this a good idea? Or any other ways?
Since ionic essentially calls to a back end api, you can implement any standard api authentication mechanism.
The most common was would be have a toke based authentication, High level workflow can be as follows
1 - ionic app calls a backend server end point and get a token (by passing some kind of an encrypted key)
2 - Back end server generates a token (ideal for a given time period) and sends back to the ionic app.
3 - There after, in every request ionic sends the token. (ideally in the request header)
To save the token temporary , you can use a simple storage solutions like
ng-storage or sqlite
have a read here
For our company app we use a digest access authentication(https://en.wikipedia.org/wiki/Digest_access_authentication) with our ionic app and our node server that is hooked up to a sql database. Once the user is authenticated we send them a jwt (javascript web token). We can then store that webtoken locally (if they check the option for auto login) or they can re-authenticate whenever the app is reopened and we give them another web token. This has so far proven to be a safe and efficient method of user authentication. Here is a tutorial for using json web tokens and angular. http://www.toptal.com/web/cookie-free-authentication-with-json-web-tokens-an-example-in-laravel-and-angularjs
I would strongly encourage you to checkout John Papa's ng-demoes, especially one with JWT token, because that is what you want to use nowadays. (Those are not specific to ionic, but rather for angular.js apps in general)
basically you have several things you need to do:
handle all the places where you need to check if user is authenticated or not and emit unauthorized event
handle event and redirect to login state/route
In above example you basically add interceptor (https://github.com/johnpapa/ng-demos/blob/master/ng-jwt/src/client/app/services/authInterceptor.js) which looks if any request to the web services failed due to not authorized and rejects the promise returned by $http request
Also
As ionic uses angularjs, for login system there isn't any browser to save cookie or session in order to authenticate for each part of application.
You indeed can use localStorage/sessionStorage to store token and add that token to all requests. That is why you better off having token based auth for your web services, rather than cookie based. (basic auth can do to, just more cumbersome)