I have a website that uses firebase firestore and recently activated AppCheck, it seems to be working okay when I just activated but now I am getting heaps of invalid requests.
This appCheck is only used for the website so I am a bit concerned if this simply means somebody tries to access firestore not in a proper way or if this is something common issue.
Is there any options I can try reduce the invalid requests?
Thank you
Related
I'm building an application with Vue and Electron, and I'm wondering what the best approach is for authenticating users.
I'm using JSStore as a wrapper for IndexedDB as my database. I'm familiar with using bcryptjs as a means for authenticating users when I create Node backend and have traditional /login or /signup routes.
But this is where I'm starting to get confused. Do I need to set up a Node server to start up when my application starts up? Because given that I'm using IndexedDB, I don't know that it makes sense to have a process of Sign Up --> Request to Node Server --> Send data back to browser
Would I be better served using a different type of database? Could I do something such as adding bcryptjs to the Vue prototype, so that's it's accessible where I need it to work with JS Store? Are there security concerns that I should be aware of with an approach like that?
At this point I'm stuck, and have more questions than answers. I've done some looking around for articles, and I find a lot of content about setting up authentication with Vue, but not within the context of an Electron application. I'm not sure how that variable changes things.
Any advice or direction would be greatly appreciated.
JsStore is client side technology, which means if you are setting up authentication in client side, it will be available only to that device.
Let's understand it more by use case -
Say your application named My Awesome app has authenticaion implemented. User register it and then they are able to use it after registration. They are logging out and signing in again with registration data and everything is working normal.
Here is what wrong with this approach -
User buys another pc and installed application My Awesome app, he tries to login but unable to login because registration data does not exist on their new PC.
Due to some issue, user hard disk crashed & he installed new hard disk. Same thing as above he is not able to log in.
So it is recommended to implement the signin on some server & keep data there.
We noticed a white page blink when page refresh happens on site when the user is logged in.
Also, we know that transfer state is not happening when the user has logged in and this is implemented intentionally since user data will be loaded again anyway.
Then we enabled transfer state for the logged-in users and there is one issue regarding acces_token.
Problem happens when acces_token becomes invalid and the page refreshed, so too many requests are made with the old acces_token (not an endless loop), and it's noticeable that acces_token changes more than a couple of times at that moment.
We assume that cms components make additional requests with the old token and we want to fix this somehow.
We are using Spartacus version 2.1.4
Any ideas on how to fix this?
Let me know if any more info is needed on this.
Thanks in advance.
This shows what is happening after you refresh the page when access_token is expired.
Network tab
I believe it's possible to face such issue when enabling transfer state for logged-in users. If you think it might be a bug or at least good candidate for a feature request please create a ticket: https://github.com/SAP/spartacus/issues/new/choose so the info for reproducing the issue will be provided.
Can you share what's the use case for enabling transfer state for authenticated users?
It might not be exactly the same case but some people deal with similar problem (flickering with SSR enabled for authenticated requests) using cookies:
send token to server in angular universal
Angular universal flickring with Transfer state
I'm using https://github.com/devfd/react-native-google-signin to get OAuth2 into my application. From this, i'm requesting a server token for "offline" access.
In testing this, I didn't have my server fully put together to save access tokens/refresh tokens etc. The second time of trying to claim the token I (of course) got an error saying the serverAuthCode was already claimed. Now when I re-authorize google sign-in it does not return a serverAuthCode.
Is there a way to force google to give a new serverAuthCode?
Could it be that the google sign-in library i'm using just isn't requesting/returning it?
I realized that this was the library caching my user data. I simply revoked my app in the google connected apps management console and called the .signOut() method of my lib which seemed to fix it.
I have a GAE app in which I would like to implement geocoding. I'm trying to do so with the google maps javascript api, but I'm having trouble loading it into my application. I keep getting the following error:
"XMLHttpRequest cannot load http://maps.google.com/maps/api/js. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin localhost:8081 is therefore not allowed access."
I already found a couple of similar issues online, but none of the proposed solutions have worked for me so far. Any help would be much appreciated.
It will be great if you can list the trouble shooting steps you took. One fix will be to use the provided client Lib rather using Ajax
Im using the Google PHP API Client http://code.google.com/p/google-api-php-client/ to retrieve data from the google API.
Logging in thru OAuth2 and fetch user information works like a charm, but when I'm attempting to access the goole analytics api i get this 403 code error every time. Hundreds of users with the same problem forgot to activate the Google Analytics API in the service settings, or simply provided incorrect credentials (client_id & client_secret). I've tried to enable/disable the Google Analytics multiple times, and logging in/out from my google accounts, but no result.
Anyone that has any pointers for me?
(Remember, the OAuth procedure works, since I'm getting both an access_token and refresh_token)
I'm using the simple.php example in the class examples folder...
I'm working on Drive myself and understand the issue. I've been having some troubles understanding Google and their PHP api somewhat. I've finally got it to work with some clarification of examples found around the internet.
Your problem sounds like you didn't set your scope to Google analytics but, please be clear in the steps you've taken as well as the code you've tried using.
The error could be as simple as forgetting this line in your oAuth callback file:
$client->addScope(Google_Service_Analytics::ANALYTICS);
To something complex as understanding if you need a full paid account to access information from Google about your Analytics (not included as free like Google+ and Google drive).