I am new to web development. I am writing google chrome extension that connects to some API. I have one page for user's settings with fields like API key, and more stuff that user want's to configure.
My question as a developer where and how should I save this settings, I thought creating a json file that it would be possible to export the file and import settings file.
Should the server save this settings? should I save it on user's machine? any suggestions?
I think it will be better if you allow user to save on their machine, it's safer and your users have to take all responsibility to keep it safe.
You can use Extension Options to provide a UI for your users to save their credentials. And in that option page, you should use chrome.storage API to store the credentials so that whenever user access to option page, their credentials still there. Later on, when you want to use user credentials to send API, just use chrome.storage API to query the credential.
Related
As far as I can see the main issue with GDPR and cookies is that cookies may be tracked and the data may be shared against user’s wishes.
The JavaScript Web Storage API is a useful repository for settings and other user data, but this doesn’t leave the browser.
Would using Web Storage require user permissions?
Any data related to the user is under control by GDPR.
You should ask the user for that.
I want to create a client-side (server-less) application using the AWS SDK for JavaScript in the Browser. All intended users of the tool have individual IAM users and access to the AWS Web Console.
I want all API calls to be executed in the context of individual IAM users, so they are subject to each user's individual permissions, and so that I can see who did what in CloudTrail.
Since no kind of browser local storage should be trusted with persistent credentials, I cannot simply let the user enter his secret access key once and keep it.
However I guess I could request the user's access key id and secret access key on the beginning of each session, then call STS GetSessionToken with it, and only store the resulting temporary security credentials in the session storage and use that for all following SDK usage.
Of course it would be much nicer for users to be able to log in with their IAM user and password instead of their long and cryptic access key (think of mobile devices...).
Is there any kind of federated login option for IAM users (redirecting them to the AWS IAM login page), or a way to call the STS API with username and password?
Ideally, what you want is login via IAM user/password combination. As far as I am aware (and also see this) there is no standard way of doing this.
In one of my projects, I've simulated online login using HTTP client. If you can get the session token with that, that could work for you. But it does not support MFA, and is relying on the internals of the AWS authentication implementation which might change without warnings.
I'm developing Chrome Extension that runs on my_webpage.com and request user to log in to see the web page. So I need to store password somewhere locally, first I used local storage but the problem is that it won't load data on my_webpage.com when data is saved localy in settings. Is there any other option to read/write data locay with Chrome Extension?
chrome.storage API was created specifically for that purpose.
It's available both to extension scripts (e.g. background) and content scripts.
Note though that this storage is not considered secure (not that there are alternatives that are secure, besides using chrome.identity to store OAuth tokens)
for saving the username or password two things can help u
create database and save values in tables.
write data to file in json format and read from file to load data
I have done a bit of research on how to do this but can't find any.I have an app that has a Home page.On this homepage, there is a Register button.I want to implement a system where if the user clicks on this and registers, the app never starts with the Register button displayed again,but rather, a view Profile button.How do i implement such a system? My guess is to store some boolean value in localstorage, and check this value when the app starts?
Update: I just thought i'd add that my jquery mobile app communicates with a Google App Engine (Python) web service which already uses Google's User's Service
I believe you are looking for Local Storage Jquery Mobile.
You have to store data when user click on Register button, and every time when app will open it checks is there is any data in Local Storage. Then you can use your logic.
You can also use HTML5 Local Storage with Jquery Mobile. But some device browser dose not support Local storage if you want to check this you should go for Modernizer.
This is simple code of checking local storage using modernizer:
if (Modernizr.localstorage) {
// Supported
}
else {
// Not Supported
}
If you only store a boolean after the user is logged-in, yes you know that a user is logged in but you don't know which one.
Te best approach is to store the user's token which you will send as a parameter in all requests so that you can validate them.
When entering the website if there is a token you must validate it by querying the server. If it's not valid then you show the register/login page. If the token is valid you could login the user automatically.
Whatever plugin you decide to use be sure to check that if it is a localStorage plugin it also has fallback for cookies. (Maybe some clients will have browsers that don't support localStorage)
On this page there are 3 functions that I personally use when I need access to cookies.
Here you have some details about token authentication.
I would advise you to store the token using cookies.
This answer describes one of the best ways of managing user sessions based on tokens.
I am creating a chrome extension, rather a chrome webapp. This application just contains the html, js, image and css files. The application connects to a server to fetch data. I chose to do this as it would reduce the amount of files downloaded by the user. Using Backbone.js I have an MVC architecture in my application. Thus the application just sends json.
Now having said this, I need a session management. I plan to use Google authentication as the organization has Google Apps. I need a method that once the user has logged in using google auth the server get the user name every time the application makes a request.
Is it a good idea to add the user name in request header, if possible. Or should I use cookies? Can any one tell me how I could go about using cookies in this case?
This might be a late response but I want to present a more elegant solution to you given that the user has cookies enabled in their browser.
First read my answer on another question.
Now that you can send cross origin xhr from your content scripts all you need to do is store all your authentication and session management at server only. That is right, you just need to display whether the user is logged in or not and a logout button at client based on server response.
Just follow these steps.
At client Whenever user accesses your chrome web app, blindly make XmlHttpRequests to your server without worrying about authentication, just keep a tab on response from server which I describe below.
At server whenever you receive a request check for valid sessions or session cookie. If session is valid send proper response, if not send error, 401 or any other response to communicate to your client that session is not valid. It is better if you send an error code like 401 since then you can put a generic script at client to inform them that they are not logged in.
At Client If response from server is proper, display it, else display login link to your website.
IMPORTANT: Display logout button if user is logged in.
Check out my implementation of this in my extension
For help using Google authentication in your app take a look at Google's OAuth tutorial which comes with all you need (took me no time to set it up using this).
As for session management. The implementation of OAuth used by Google stores the tokens in localStorage. Also, as briefly mentioned in the extensions overview we are expected to use localStorage to store data. Thus, I suggest you store the users name here as it will be accessible throughout the app's lifetime (until it is uninstalled). However, you may need to manage the name stored here and consider what should happen when users log in and out. That said; I'm not sure if sessionStorage would be a better option as I've never used it before, let alone in an extension.
Note
localStorage and its counterparts only store strings so I suggest using a wrapper which uses JSON to parse and stringify to get and set your values respectively.