I am using JavaScript SDK for group chat. I have registered users into QuickBlox with whom a user can chat.I have created session and token using API calls and referred the JavaScript SDK sample chat demo. There was no feature of user login. It asked directly username and group name to log in on landing page. So when I only pass the username, it is creating a new user with random login instead of authenticating existing user,and the created dialog is different and it wouldn't create a group chat.
I have utilized following Javascript SDK
https://github.com/QuickBlox/quickblox-javascript-sdk
Looking forward for appropriate solution
We have used special logic for our samples: one browser can create only one user, by the next steps just the user's full_name will be updated. If log out is be, the user will be deleted. And then a next one user can be creating.
It helps us to not creating too much users on backend side.
Related
I made a one to one chat app for a website using firebase and firestore. Now I want to write the firebase firestore rules for the same. The app works this way ...first if the user is sandeyshc#gmail.com then the user gets the chatids and friends gmails...then the user checks in the messages tab with chatids and get all the chat related details. Now I want to implement firestore rules for this app. How to implement it?
The best way to solve that is to use a combination of firestore rules and cloud functions.
First of all both users should have the same chat stored on different locations.
With the firestore rules you should restrict for each user to only change his own chat and only to be able to write his own messages in that chat.
When he writes his own message a cloud function should be triggered that sends a push notification to the other user and also writes that message to the chat of the other user by using admin rights in the cloud function.
That way both users have the same chat in different locations. You could do it also by giving them access to a single chat but consider in future the use case that one user can delete chats or messages. You probably don't want that one user can delete the messages from the other one.
Also one importand note: awoid saving users under they're email. You should store them always under the Application Auth User Uid. Emails can have chars that are not supported as database keys and you can get in other different bugs in future by using the email.
Here is an example of a open source chat app made in react and firebase. It uses the realtime database but you can easyly reuse the concept. You can see there how the functions are written and how to use it on the frontend.
I'm new to NodeJS and any help will really be appreciated.
I am currently making an application to access a user’s Google Calendar.
Right now I am using the code snippet for NodeJS from the following link, using my project's credentials.
https://developers.google.com/calendar/quickstart/nodejs
After running the script there is a link which directs the user to the Google Login page, where the user can login from a chosen account and then authorize Full Calendar access to the app.
Upon authorizing Calendar access to the application, the user is presented with a Unique code which must be copied into the terminal (prompted by the script) which then generates a token and stores it in token.json.
I want to automate the retrieval of the unique code (generated for the user upon granting access) without the user having to copy the code and paste it in the terminal.
Any help on this would be greatly appreciated!
Also, the page that shows the unique token to be copied and the steps preceding have been shown in the attached screenshots.
Step 1
Step 2
Step 3
Step 4
You need to use a Service Account. They are like "dummy users" which don't require user interaction to be authorized. You will have to grant your users access to the Service Account.
You can follow this guide to set it up:
Open the Service accounts page.
If prompted, select a project, or create a new one.
Click + Create service account.
Under Service account details, type a name, ID, and description for the service account, then click Create.
Optional: Under Service account permissions, select the IAM roles to grant to the service account, then click Continue.
Optional: Under Grant users access to this service account, add the users or groups that are allowed to use and manage the service account.
Click + Create key, then click Create.
Then, use the NodeJS Service Account guide to use the new Credentials.
Instead of Service Accounts, you can also do it by saving the Refresh Token to request new Access Tokens programatically, without user interaction. See this documentation.
I am trying to add Stripe Connect to my app, but I do not want to create users using Stripe Connect integration. I have my own user sign up process, because not every user will need the payment option provided by Stripe so I do not want to force everyone signing up to Stripe if they do not need it. That is where my problem is. I follow Stripe's quite nice and straight forward documentation here: (https://stripe.com/docs/connect/enable-payment-acceptance-guide).
My problem is that I do not know how to save the user's stripe_account_id which the oauth return s to the /connect/oauth path so it is saved to appropriate user since there is no id of the user passed. How can I find out, which user is connecting to Stripe and save the id to his account in database? I feel like I am missing something here. I understand this would work if I would create a user but I cannot do it that way.
Thank you for help.
When you create the OAuth link that connects your users to your platform, you can pass in an arbitrary state string which Stripe will then pass back to you after the link is completed. If you put your user's unique ID in there, you'll be able to link the completed connection back to your user in your database.
I am trying to use a 6 digit code to log-in a user.
The code is available for 20 seconds and is unique to every user.
Briefly explained:
User is already logged in on a mobile app
User press the button "Get Unique Code"
Then, user enter the code on a WebPage on his PC
If the code is correct, show data for that user
What am I asking is if there is way to properly authenticate the user who introduces that code correctly given that I have the userID and all the informations about the user?
I can try and "fake log-in" (display all the information for that user when the code is correct) but there are some issues with this and I would like to avoid it.
I am using Firebase Authentication and Firebase Firestore. JavaScript is used for Web.
You can implement any authentication scheme you want by creating a custom provider for Firebase Authentication.
See Authenticate with Firebase in JavaScript Using a Custom Authentication System and Creating Custom Tokens with the Admin SDK.
In this flow you:
Sign in the users yourself.
Create a custom token for those users in a trusted environment, such as a server you control, or Cloud Functions.
Pass that custom token to Firebase Authentication, which can then use it to identify the user, and secure access to Firestore, Storage, and Realtime Database.
I've a requirement to integrate Auth0 in our project (Reactjs/Hapijs/MySQL). I checked the documentation and they have many examples and that is great, however, I can't find any related to how exactly do I use my existing user database.
In my application I have users and those users can have one or more projects. With the authorization that we currently use, a user logs in, I check what projects does he own and send it to the React application.
I am missing a document that explains me how to use Auth0 and still be able to check in my database what projects user owns.
My idea on how that should work (I might be wrong):
User sends username and password to our server
Our server makes request to Auth0 (with provided credentials)
Auth0 replies back to our server with some token
We look in users table in our database and try to verify the existence of that user
If it is a match then we simply look (as we already do) for user projects.
Is this how it is supposed to work?
There are a few options available for scenarios where you want to integrate Auth0 with applications that already have existing user databases. You can either:
continue to use your existing store
progressively migrate your users from your custom store to the Auth0 store
You don't mention it explicitly, but judging from your expected flow it seems you would be wanting to implement the first option. There is specific documentation that you can follow that explain how you can setup your custom database connection, see Authenticate Users with Username and Password using a Custom Database. It mentions MySQL, but others database servers are supported and there are many templates that will allow you to quickly setup things.
When you complete this the final flow will be the following:
Using either Auth0 authentication libraries (Lock) or your custom UI you'll ask the user for their credentials
Either Lock or your custom UI submits the credentials to Auth0 authentication API
Auth0 authentication API validates the credentials by calling scripts that execute against your custom database (these scripts were provided by you when you configured the database connection)
If the credentials are valid the Authentication API will return a token to the calling application that will have user information and proves the users is who he say he is.
The scripts you need to provide are the following, but only one is mandatory:
Login script (executed each time a user attempts to login) (mandatory)
Create user script
Verify email script
Change password script
Delete user script
The optional scripts are only required when you want to provide the associated functionality through Auth0 libraries, if only need the login to work then you can skip them. The login script, in the case of a valid user, is also where you return the profile information of the user, for example, you could in theory include their owned projects in the user profile.