I am trying to make an angular app. I am using rails with devise_token_auth in backend. I am trying to setup the angular app with ng-token-auth.
I have read up everything I can find online for past whole week but still couldn't figure out how to get the user currently signed in.
I understand that auth:login-success event returns a user object.
I understand there is validateUser method which validates if auth token is present and is valid, and it is run on page load.
How do I retrieve the user whose token is present in storage or cookie on page load or at any other time, kind of similar to current_user in rails.
There dosen't seem to be any such thing in built in ng-token-auth.
How do I accomplish this.
Is there any flaw in my approach or assumption ?
I am learning angular by building an app and am REALLY stuck at this point.
Have you tried storing the user object in ngStorage and then doing calls with the auth token for that user?
Related
I'm working on my first react-native app, coming from vue-laravel background I was wondering if it's actually possible to use laravel normal auth for my react-native, so far it seems I can succesfully login a user sending their credentials via POST request to my API, however subsequent uses of Auth helper fail, that is I can't get the logged user using Auth::user(), it returns null...
Is this possible to accomplish? I have read about firebase auth but I don't feel like adding another database system to my laravel main Mysql database, truth is I don't know for sure what laravel uses for authentication under the hood so I can't get this to work.
Any help would be appreciated.
You can use tymon/jwt-auth for backend (laravel) and use the token in frontend(react native)
I'm building a website using ruby on rails which is hosted separately which makes requests to another backend api rails app which is again hosted separately. Obviously i've setup the backend api with token based oauth authentication.
Now since im not dealing with sessions, and it being stateless n all, How can I stop users from accessing certain view pages in my front end web app? For example, I have a consumer/booking page. I don't want the user to access this page without being logged in. But anyone can just enter the url and open any page they want right now.
On user login (ajax call from .js.erb files), im getting the token and storing it in localStorage variable for every future request to the api. I know I should use this token somehow to stop users from access restricted pages. But I just dont know how.
Now as you have stored the token in the localStorage, you will need to pass this token with the request to the page where you want to restrict access and check if the user is authorized to access the page or not.
TL;DR: there is no standard method or library for this; you must implement such functionality as you see fit.
I'm assuming you're using some sort of front end framework like react; if so, then any request to change the current view should be terminated if there is no valid token in localStorage. Check out this post regarding conditional rendering in React; if you're using something else, the methodology is still pretty much the same.
Otherwise, I would build a small script to include in the beginning of every page that checks whether or not there is a valid token and if there isn't, calls window.history.back() to return the user to the previous page.
(Another way of doing it is to intercept every call to a static HTML file on the server, check if there's a token, and send the file if there is. Otherwise, you can send a custom error page or whatever).
I have an Angular2 application and NodeJS server. I got stuck on implementing logout.
If I simply use req.session.destroy(), it does not have any effect on the Angular2 side. Angular2 still thinks that user is logged in. (because when I call a method which returns data about logged in user, it still returns it - even though it needs req.session.user to return this data).
I saw some solutions for this problem, but all I saw was using localStorage (saving user in localStorage and then deleting it after clicking logout).
Is there any other more efficient way to tell Angular2 from NodeJS that the user has logged out and that the session has ended?
If you use web token for user validation for instance then it should be possible to reset the token to null once the user has logged out.
You could have a look at User Authentication using JWT for ideas on implementation
I have been doing some research on this topic but can never find anything super relevant. I am looking to create a single page application using Polymer. I am building this around a REST API that requires authentication to view is resources.
I have all the details with API worked out but I can't seem to figure out how to handle a login page. Basically what is the best way to keep a user from seeing content without being logged into the application?
Obviously the REST API won't allow data to return to the client but how do I go about preventing a user from going into DevTools and changing some boolean values and being able to navigate through all of the pages, and receiving the 401 errors from all of the Ajax requests trying to fire?
I appreciate any help that I can get! Thanks!
You can't prevent users from changing stuff in DevTools. Just ensure on the server that the user doesn't get data or isn't able to pass data without being authenticated.
Issue a token when the user passes username and password and on the server allow only what the user assigned to this token is allowed to do.
See for example https://stormpath.com/blog/build-secure-user-interfaces-using-jwts/
First of all, I'm not sure whether this is a Dropbox API or an OAuth question, but maybe some of you can give me some insight of my problem.
I'll explain my scenario.
My application is written in Javascript, and its purpose is to run seamlessly on a screen (fullscreen/browser), fetching some pictures of my account and "slideshowing" them. Nothing too difficult at a first glance. I've managed to authorize my application, store the access token and secret on localstorage for later use. It is working so far.
However, this application will run on lots of screens. This means that on each first run of the app I must be there to enter me credentials in order for that particular application instance to have access to the API. Well, this isn't possible.
After the first run, and after my interaction by entering the credentials, the application would get an access token and then would be able to access the API.
Hard-coding the access token in all instances is possible, but I'm sure this isn't recommended as it poses some threat to my own account.
How can I give authentication to my every application instance (screen) without requiring the owner to interact once for each instance?
Am I missing something?
Thank you.