What is the right pattern for integrating Pocketbase Authentication into NextJs 13 with the App directory?
I would like credential login using the functions from the Pocketbase NPM library. If you have gotten it to work, how did you do it? The authentication does not have to be very sophisticated.
I tried NextAuth with Credentials, did not work. I am not sure how to integrate NextAuth into the App directory either.
Related
I'm currently working on a nuxt.js project than has a login with an auth0 server
I've used the nuxtjs-auth package with the auth0 package and is working fine
The problem I'm currently having is than my project is in a language not currently supported by Auth0 Universal Login and in this cases the recommendation is to do the login with the Lock.js library from Auth0
My question is: It is possible to use Lock.js library with Nuxt Auth Library as a custom scheme? Or it is better to remove the Nuxt Auth plugin and do all the logic by myself?
I've found a project in Github with a basic implementation of Lock in nuxt.js but it's not using Nuxt Auth
Thanks!
Here is what I'm trying to achieve:
Right now, the Desktop App, Auth server and API are working correctly, I can get my JWT and use it to call the API.
Both web apps are already in use, subdomain1.domain.com use NGINX auth_request, cookie and sessions on an old auth server to get access.
Web app in subdomain2.domain.com use session, and connect to the API with an app token.
And, all these servers are part of the same domain.
So, is it possible to share the JWT from my Desktop app with browsers? We generally use Chrome.
The desktop app use Python 3, and most of the user will be using Windows.
If I can't, and I'm pretty too stupid to do this working, my other concern is, can my browser use that JWT on all web app once it connected get it from auth server? All servers shares the same main domain.
Our web server can be using Apache2, Nginx, Nodejs or Flask (python), which is kind of annoying when trying to make things like that works.
I could use cookie for .domain.com, and store the jwt inside, am I right?
If yes, is this really the best idea?
The idea behind it is:
User log in the app or browser
JWT is generated
JWT is shared between app and browser (not sure about this one)
JWT is used on all subdomain by the browser
What is your advice on this?
I think you can use a cookie in that case with no regrets. Just configure it correctly that every domains you need to have an access to this token.
Please I'm not able to wrap my head around how I can extent the Nuxt auth module to implement 2FA like google authenticator or sms and phone authentication. I would really appreciate a code example as well. thank you.
I have only been able to implement the local strategy
I have to replace a backend api from netcore to flask python.
The backend is serving apis for a single page application that's autenticate to Azure Active Directory via oauth 2 implicit flow.
Both application (Single Page and Backend) are separately registered on Azure Active Directory and this article is a good description of my scenario.
https://devblogs.microsoft.com/premier-developer/using-adal-js-with-angular4/
Actually I'm trying to implement oauth api protection by flask backend, but the documentation and resources that i found starts always from a login.
In my case, login is performed by an angular app (with adal.js) via implicit flow, than all protected apis requests has bearer token that backend should manage.
I've tried authlib, flask-dance libs but I'm missing something and I cannot perform a working scheleton.
Does anyone can helps?
I’d like to use the Google Cloud App Engine to serve a SPA and a REST API, both secured behind an authentication wall.
Is there any recommended way of doing this?
So far, I’ve found tutorials on how to secure an API, but not an SPA. Both ends are served from different projects, but I’d like to have a unique authentication step.
Typical flow would be:
Before serving the SPA source code, ask for authentication
Once authenticated, serve the SPA and allow the SPA to access the API resources
Thank you!
So far I’ve reviewed the documentation, it doesn't seem like there is any specific recommended way to authenticate an SPA within Google Cloud.
However, I think a pretty secure way would be to authenticate your application using the Toolkit Identity API of Google. The procedure would be to call this API from App Engine as the first necessary requirement.
This method works with Oauth2 access tokens. I think you could request for authentication credentials to your users before launching your application and granting access to the other resources/APIs.