Iam building a School Management web application and wanted to include multiple authentication.
My idea is first to authenticate the school and then the users such as admin,teacher and staff of that particular school.
Is there any way to implement this using nodejs and express. By the way I have used passport to authenticate a user already (without school authentication) and want to build upon that.
Am I wrong to think of having multiple nested authentication?
And how would I go about implementing if possible?
Multiple authentication is redundant. You can use single authentication and role based access to ensure right resources are accessed by right person.
In your case no need to authenticate a school. Just authenticate the user, check which school the user belongs and allow access to those resources.
Related
I am trying to implement sso with firebase authentication and i am trying to use without using third party like okta and wanted to know is it any workaround with this.basically the use case like this
A client wanted to build a custom SSO solution and had already chosen Firebase, based on Google’s promise to rollout SSO support in the future. The client did not want migration to any other SSO provider like Auth0 or Identity Server, or to deal with user-password migration and potential related issues. They preferred instead to use a temporary, custom solution that would store user’s passwords in Firebase Authentication.
The client had several customer portals based on WordPress Customer Relationship Management (CRM) and an existing list of users in Firebase Authentication. Each time users visited a new portal, credentials were required, and again when users followed a link from one portal to another. It was not always obvious for users that the same credentials should be used for different portals.
By default, Firebase keeps authentication context for one domain but doesn’t provide seamless SSO integration between different domains. To provide this functionality, SoftServe determined that a new Firebase service should be implemented.
I've taken over an existing project and in charge of creating a new frontend from scratch; I've decided to go with a simple Vue/Node.JS project.
There is an existing Postgres DB that contains the users with all their encrypted passwords and salts. I am extremely unfamiliar with user authentication, but I need to implement it into our new project.
The previous developer used Ruby on Rails to create the existing project, and used something called OmniAuth, and also the basic Ruby on Rails authentication (https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html).
My question is: is there a Node.JS equivalent library in which I can use to authenticate the existing users?
Try to have a look at Passport.js, it's a well-known package to deal with an authentication. It has so-called strategies to work with different kinds of authentication mechanisms (for instance to authenticate in Facebook, Google and so on).
I'm newbie to Facebook Graph API and Facebook JavaScript SDK but I'd like to know some things:
Is there any way to put my Access Token in a Open Source application without actually showing it? I'm using GitHub and for security purposes I'd like to make it private.
Can I show my user information without asking the users to Authenticate themselves?
Where in Facebook Developers App can I allow more "scopes" to share publicly? For example, user_photos, user_posts, user_likes, user_status, etc...
These "scopes" that Facebook allows by default are actually the information I'm getting from the user while I'm Authenticating them right?
Just to clarify what I'm trying to do, I want to share things about my Facebook Account through the Facebook Graph API in the gh-pages branch on GitHub, but I don't like the idea of having to authenticate every single user that has access to the page.
I'd like to make my user information public, but don't want to show my access token, because it's Open Source and it can get dangerous eventually.
If you'd like to see my repository and have a better understanding of the project. You can access https://github.com/iszwnc/rye
If I recap:
you don't want to share your app access token (good!),
you don't want your users to authenticate.
Basically, you can't hide your token and let your users query Facebook directly. You need some server-side code on a machine that would be the only one reaching Facebook. Your server would play the role of an interface between Facebook and your users. So you will have to:
do the API calls from a server using server-side code (i.e. Node.js),
save the information you want in a database. This is optional but better to avoid the same information to be retrieved multiple times, thus avoiding your future 100 users to (voluntarily or not) reach your app API limit.
let the users query your server using some client-side code (i.e. AngularJS) in order to retrieve what you and only you know (remember, you own the token).
About Github, don't share your token on it. People can generate their own token if they want to run your app. Here are several suggestions:
Add your token to an environment variable which you can set just before launching the app (don't forget to mention that in your README),
Add your token to a file:
Create a credentials.js file that contains an empty token:
// Please use your own token
var APP_TOKEN = '';
Commit the file to Github,
Have a .gitignore file that contains the credentials.js,
var APP_TOKEN = 'now-you-can-put-your-token-here';
Good luck with your project, it looks exciting :-)
I'm trying to use Trello API to create cards on our boards. But i cannot really bypass authentication programmatically, because a user prompt always appears asking for authentication in trello.
The idea is i create a system user on trello, add it to the boards, then use its API key to create the cards. I'm following this approach because I used Zapier to generate cards from Freshdesk, and wondering how Zapier bypass OAuth to do this.
You simply cannot bypass the authentication of the API, however what you can do is to generate the valid oAuth tokens for your "System User" and use them for authentication.
I'm not aware of the complete Auth process of trello, but most oAuth providers give you the possiblity to create tokens which last quite long (refresh tokens). You could use these in your code to call the api without any additional auth process.
You could also store the normal auth tokens and re-validate them from time to time using the prompt.
Best solution depends on what you are trying to achieve...
A very simple question which I've seen kinda answers to.
Can you do a facebook login with PHP to authenticate a user and grab information?
Why then is there a JS version?
I just don't understand the difference between the two above options.
My web app will need to gleen the users email address as there will be a mailing list component to signing up for our service.
How do you manage this local information and uniquely identify the user each time they log in from facebook? Do you store their facebook ID?
Thanks
1- Yes - https://developers.facebook.com/docs/reference/php/
2- So you can do it on the client side.
You can get user's email address if you have appropriate permissions.
Yes you store their facebook id and associate users with it.
They both do the same thing, just on different sides: on the server or on the client.
If your authentication process relies heavily on server interaction and you have your server side code ready, use the PHP SDK. It provids you with methods to get the ID from the user. This will be unique so you can store them.
If you want to manage an application flow, say the user needs to give your website certain permissions in order to view something, it can be easy done with the Javascript SDK.