We do a custom authentication against Cognito and we get the AccessToken and RefreshToken in the client.
How can we pass these tokens to Amplify Auth Android SDK to set the session there?
Similar to this question, but for Android: https://stackoverflow.com/a/67872625/18770645
Related
I have stored JWT token in the cookie. How to use nuxt js authentication. Should I use cookie authentication ??
I'm searching for simple tutorials or examples for Flutter authentication using, authentication token and refresh token workflow using JWT. (How to make Login with auth token and refresh token)
I'm using Node.js for the backend and JWT.
You have to just generate the token using the jsonwebtoken npm library. You can also adjust the expiry time of the token (refer to the documentation of the library). After the token is generated persist the token to the client (in your case flutter app) then save the token in the local device, you can use shared preference library of flutter to store key value pairs in local storage of device.Using this token you can make simpe login and logout system and also authentcate all your requesta to server.
I am developing a mobile with react-native (react-native-firebase/auth) and using Firebase Auth to manage user login. In the beginning, I only use the email/password to auth users and work nice.
Now I would like to let users use Azure AD. Since react-native-firebase/auth does not support Microsoft account at this moment, so I use react-native-app-auth. Afterwards, use the Microsoft credential to auth the Firebase user and link them together.
const result = await authorize(config);
const credential = auth.OAuthProvider.credential(
result.idToken,
result.accessToken,
);
const userCredential = await auth().signInWithCredential(credential);
When calling the signInWithCredential, it throw an error : [auth/internal-error].
Currently, I have backend user profile like to a Firebase user account. I don't want to complicate the backend to have multiple auth methods. Ideally, it can be done at the Firebase would be great.
Thanks.
Seems like you have to use a custom token.
Unlike other OAuth providers supported by Firebase such as Google, Facebook, and Twitter, where sign-in can directly be achieved with OAuth access token based credentials, Firebase Auth does not support the same capability for providers such as Microsoft due to the inability of the Firebase Auth server to verify the audience of Microsoft OAuth access tokens.
If these providers are required to be used in unsupported environments, a third party OAuth library and Firebase custom authentication would need to be used.
source: Firebase doc
I updated my mobile app to request an Azure AD B2C token using the ROPC policy. When I send the token as a Bearer token, same as I did with the Sign Up Sign In policy, I get an unauthorized error.
One thing I had to do was request the token via HttpClient because the new Microsoft.Identity.Client package does not have the AcquireTokenByUsernamePasswordAsync() function.
In the Web Api, I updated the TokenValidationParameters to have the new ROPC policy as the new AuthenticationType but that does not work either.
What updates do I need to make so that I can use the access token I receive back to authorize on my api?
What I did to solve this is set the API ClientId to be the same as the mobile app ClientId which solved the issue for me.
This seems like it is not the correct way to solve this issue, but I could not find another solution at this time.
I have a .net web api app with owin security. The security middleware is configured with Google authentication (no local username/password authentication) and Oauth bearer token.
In startup:
public void ConfigureAuth(IAppBuilder app)
{
...
app.UseOAuthBearerTokens(new OAuthAuthnorizationServerOptions {
TokenEndpointPath = new PathString("/token"),
AuthorizeEndpointPath = new PathString("/account/authorize"),
Provider = new ApplicationOAuthProvider("web"),
...
});
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions {
ClientID = "...",
ClientSecret = "..."
});
}
From my client applications I go to
http://myapp.com/account/authorize?client_id=web&response_type=token&redirect_uri=...
This redirects to a google login that the user fills in, then back to my app with a bearer token that I peel off and add to request headers for my api.
I would like to write some integration tests where my tests call the API. The tests have the google credentials of a test user, but I am not sure how to have the test authenticate without bringing up a browser and a google login screen. I could drive that with Selenium but that seems heavy-handed.
How do I programmatically get a bearer token to use with my API such that I can impersonate my test user?
Normally you would use the OAuth2 resource owner password credentials grant in this case, but Google does not seem to support that.
So your best option seems to be to use the authorization code grant to authenticate the test user, extract the refresh token from the token endpoint response. Then use the refresh token and client ID and secret to get an access token from your integration test.
See this for more information:
https://developers.google.com/identity/protocols/OAuth2InstalledApp