I have an app with express backend and vue frontend, I have implemented use authentication.
Now I want to restrict certain users from access certain routes when registering the user.
I have created a default user with admin email as the only person allow to make crud operations, but I don’t think that’s the best way to go about it.
Related
I am building a website using .net. The plan is to use the strava api to get activity data of the user.
Currently the user will need to accept this strava prompt every time he reloads my site:
I got the auth flow working but my question is how to keep the user logged in. If I only store the tokens on my server I won't recognize the user on reload (or I have to use separate authentication). However if I store the tokens on the client the user will be able to make requests to the strava api on behalf on my application.
I tried to add custom jwt authentication to my server but don't like the complexity this is adding. I want to avoid it if possible.
Which of these is the standard way of doing it? Or is there a different strategy I am not seeing?
My app is using email addresses as unique identifiers for users. It also allows users to log in via social connections, i.e. Google Oauth. I want to disable password-based login when a user logs in with Google. Is it possible to somehow configure this in Auth0? I'd need to do it on both the login page, as well as on Auth0's authorization server.
(Note that I want to do this dynamically, on a per-user basis, rather than globally disable database connections.)
Or, more generally, is there a generalized way to control "which methods of auth should be available for a specific user"?
I'm doing the first step into Nextjs and I'm stacked in defining the authentication part. I understand that Nextjs tipically rely on NextAuth for authentication. My first thogth was to enable provider like google but I don't understand how to avoid new user registration. The application I'm thinking need to have a login to protect routes but not the registration part. Basically I need to decide on my own who can access.
In realty I started working on an express backend that rely on session cookie and MongoDb (no jwt involved) but now I'm a bit confused on how to proceed.
Is there a way to avoid registering new user with providers?
What is your suggestions?
Many thanks
Authentication in a Nextjs application is just like any another react application.
Although NextAuth is great, but you don't have to rely on it if you don't want to.
Picture a Nextjs app like a basic react application. Same goes for authentication. Nothing specific to Nextjs in this one.
You can keep auth related data in cookies/headers and write a middleware, use it getServerSideProps call for all the pages you want to protect, to redirect the user to login page if the session has expired/or is invalid.
You can create custom integrations with identity platforms which would allow you to have an option to whether or not create an account for a user once you have received the data from the particular identity platform.
I am using Keycloak 11.0.0 to secure my Asp.Net Core 3.1 Application.
I am looking for a way to allow users to access certain resources without the need of an own account.
Which resources can be accessed without an account should be configured in Keycloak. Currently we are using a simple role based system.
My idea was to add an Login with Anonymous User Button next to the Login Form in Keycloak. This anonymous user is a normal Keycloak user to which i can assign roles.
How can this be done in Keycloak? I think I might need to write an extension, but I do not know which interface i need to implement for this functionality.
Or is there even a better way to accomplish my goal?
I want to setup a user registration system in my app, but for this I am using Lumen as a backend. However, I am unsure, how to proceed with it.
I have got a multiple options available for authentication like jwt, or oauth, but I am unsure how to get users registered in first place.