I am creating a webhook handler (within aws lambda) for my shopify app.
Note: I'm using eventbridge to receive webhooks, but i believe the concept is the same.
When a customer creates a new order this webhook will be called, and from within my webhook handler i would like to make an authenticated request to the Nodejs #shopify/shopify-api Admin API.
My question is, what is the best way to do this?
For example, how do i use the details from the webhook event to create a session which i can then use to make requests to the Admin API?
eg;
const product = await shopify.rest.Product.find({session, id: '7504536535062'});
product.title = 'A new title';
await product.save({
update: true,
});
the webhook comes from a store! So you know the *.myshopify.com
you saved an access token with the same store name in your DB
So now you can use the access token against the store, to make API calls within the scope of permissions granted when the store installed the App.
Related
Can't seem to find anything that makes FusionAuth send a signal to applications to terminate a user's session upon signout.
FusionAuth provides an API at /api/logout that might work. This API will revoke any refresh tokens that the user has. When refresh tokens are revoked, FusionAuth will send an event out to any configured Webhooks.
Here is the documentation on this API, Webhooks and the event that is fired:
https://fusionauth.io/docs/v1/tech/apis/login#logout-a-user
https://fusionauth.io/docs/v1/tech/events-webhooks/events#jwt-refresh-token-revoke
https://fusionauth.io/docs/v1/tech/events-webhooks/writing-a-webhook
Here are the rough steps you can take to get this working:
Create a logout endpoint in your application or in a new microservice (https://example.com/global-logout)
This endpoint calls the /api/logout endpoint in FusionAuth
Each application that wants to be notified then writes a Webhook and handles the jwt.refresh-token.revoke event
You can see an example Webhook in the documentation link about. A Webhook that handles the jwt.refresh-token.revoke event might look like this in Node/JavaScript:
router.route('/fusionauth-webhook').post((req, res) => {
const request = req.body;
if (request.event.type === 'jwt.refresh-token.revoke') {
// Clean up all the user's stuff here
}
});
I am building my site with NextJs. I have a social login component where users can login via e.g. facebook Login. From the social login component (e.g. Facebook login) I get back user data (name, email) into my custom _app . So far so good.
With this user data, I want to create (or identify) an user on my headless wordpress backend. I want to use the Wordpress REST API for that. So I created an wordpress API restpoint which recieves user data, creates the user in wordpress if he is not existing yet, and then returns a JWT access token for calling other wordpress API restpoints where the user then can create some user specific data in my wordpress DB via my website.
What is the best approach to do this with Nextjs and a custom express server? My first idea was to use the new API Route feature and created a pages/api/test.js page like the example in the doc shows.
export default function handle(req, res) {
res.send({some:'json'})
}
So the whole flow starts in _app when getting the user data from the social login component. My first approach:
handleFBSocialLogin = (user) => {
//pesudo code:
//fetch("/api/test") with user data
}
When doing this my api/test.js is called and inside that i could then call my Wordpress API to get the token back, right?
But then i want to store the token server-side in my custom express server session, but how do i do that now?
And how do i read it from there in later requests to other wordpress API restpoints?
And - does that approach makes sense at all ?
Appreciate any input!
I am creating api using cakePHP. I have created an api for user log in. This log in functionality is working fine.
Here is the log in function -
public function login(){
if ($this->request->is('post')) {
$user = $this->Auth->identify();
}
}
Now, the I am facing problem is, how I can test from other api that is the user is logged in or not? In web application it can be done by default auth system ($this->Auth->user()). But I am not getting how I can check is this user logged in or not from another api. Do I need to send api parameter to each api request ? or any other suggestion ?
Note : I can't send any token in header. Because in header I am sending jwt token. Because in my application there are two kind of authentication. One is log in or not? and another one is depending some other input from user. That is handling by jwt. So jwt token I am already sending by header. So header is already used.
A couple of things to clarify.
In a regular app, the user logs in with a post request and on successful authentication a session is created. This session is a bit of information that the user supplies in each of the following requests and the server then recognises the user. This accomplished by the Auth component in it's default settings.
In an API you could do the same: the user logs in, receives the session and attaches the session cookie-like object on each following requests. (Example of such a Python client.) However, this is not considered good practice as APIs should be stateless (so without requiring something like cookies). The solution of working with tokens, for instance hashes of some secret token together with a timestamp. The Auth component also supports this pretty well. After setting it up, you can simply call $this->Auth->user(), like you would normally and it returns either false or an array of user information. See link below.
Note that by default this authentication type will block unauthenticated users, so you will never see ->user() return false unless you make pages as public.
See also:
(Cookbook > Authentication > Creating stateless authentication systems)
I would like to let my users sign up for my laravelbased application using facebook or similar through socialite.
My users use a mobile app on their smartphones, which accesses the API of my app. Those API-routes are currently secured through the auth.basic middelware
Route::group(['prefix' => 'api/v1', 'middleware' => 'auth.basic'], function()
{
// ...
});
The app interacts with the api restfully through basic protected urls..
https://user:pass#myapp.com/api/v1/item/1
Now, how can i enable my users to access my protected api-routes, when they have registered through socialite? Is there a Package or a predefined middelware? Also, how would the URLs look like? Is it even possible to allow API calls with both, normally registered users and those being registered through socialite at the same time?
I see 2 best options in here.
Easiest is to use simple auth middleware in combination of logging in to the API at first before any other API calls
Secondly you can create custom middleware and include a token in your API call that authenticates the user. Example of such call after logging and getting token is below. Middleware gets the url param and checks if this is correct.
https://myapp.com/api/v1/item/1?token=123456
I have an application that uses google's oauth system to authorize with youtube's api. The code for this is done on our server and we receive tokens without any problem. We'd like to move some of the api calls to the client using their javascript api.
Since we've already authorized the user with the correct scopes required for the youtube api (https://www.googleapis.com/auth/youtube) I assumed when I called authorize on the client it would know that my application was already authorized and allow auto login. Instead I receive a "immediate_failed" response. Does anyone know why? Thanks!
gapi.auth.authorize({
client_id: OAUTH2_CLIENT_ID,
scope: OAUTH2_SCOPES,
immediate: true
}, handleAuthResult);
If you have the token, you can just use setToken instead of going through OAuth2 again.