I'm looking at sample code for configuring an StsAssumeRoleCredentialsProvider, but I don't see any stsClient method on the builder.
Has there been a change to the API? How should an StsClient be passed to the assume role credential provider?
Related
I am currently building an OAuth 2.0 endpoint with authlib.
At the stage of creating a token introspection endpoint, the official documentation suggests a function get_token_user_sub(token) in the method introspect_token(). What is it supposed to return? What is a "sub" in this context?
sub is subject in userinfo, usually it is the user ID.
I am looking for days for the right solution. I am have user name and password stored in my DB.
I want only specific users to get access to some controller methods. How can I implement it, checking by User Id if he has permission or not?
Thanks!
You can implement basic authentication in web api , adding [Authorize] attribute on specific controllers which need provider user's credential . Please refer to below article for code samples :
https://codeburst.io/adding-basic-authentication-to-an-asp-net-core-web-api-project-5439c4cf78ee
https://beetechnical.com/rest-api/how-to-validate-rest-api-using-basic-authentication-in-web-api-net-core/
https://jasonwatmore.com/post/2019/10/21/aspnet-core-3-basic-authentication-tutorial-with-example-api
I am implementing Rest API in yii2. I want to authenticate the user using access token. I have referred various SO answers as follows
Rest api bearer authentication
Rest api bearer auth
Yii2 Rest api authentication
But I m not clear, which authentication method I should use and how I will get user identity.
I have created findIdentityByAccessToken() method in my user identity class as suggested in Yii2 Rest guide .
Below is the behaviour implemented in my controller
public function behaviors() {
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpBasicAuth::className(),
'except' => ['login','forgot-password']
];
return $behaviors;
}
now, how I will get the user identity inside my controller action? As far as i know, access token will be set from the web service inside request header.
Note : I am using Yii2 advanced app
please help me.
Simple answer there's more than one possibility to implement this behavior.
Both HttpBearerAuth and HttpBasicAuth can use the findIdentityByAccessToken() methode when configured correctly. the behavior you should use depends on the way you want users to authenticate themselves.
if you read the documentation of HttpBasisAuth HttpBasicAuth you'll see
The default implementation of HttpBasicAuth uses the loginByAccessToken() method of the user application component and only passes the user name. This implementation is used for authenticating API clients.
loginByAccesToken will invoke the findIdentityByAccesToken methode
You can manipulate this behavior by defining a closure in the auth attribute see auth attribute.
HttpBeareAuth almost does the same. it also implements the loginByAccessToken
So what make the two different from each other? simple the location where the get the data from. where HttpBasicAuth expects that client has set the basic header example header('Authorization: Basic '. base64_encode("user:password")); (PHP has build in support for this see: http://php.net/manual/en/features.http-auth.php)
the HttpBearerAuth expects that the header is defined as the following header('Authorization: Bearer '. $token);
So the solution you should use depends on the way you want users/clients to authenticate themselves. you could also use the QueryParamAuth which gives the users the possibility to authenticate themselves whit a GET param see queryparamauth
And if you want to use a custom header let's say X-API-Token create your own custom class that implements the AuthMethod interface see AuthMethod
Hope this helps
I'm new to playframework and trying to use securesocial for authentication & authorization in my web app.
I need to add custom authorization to my controller, that checks if current user is creator of entity, that he is trying to view or edit.
#SecureSocial.SecuredAction(authorization = OwnerCanEdit.class, params = {"id"})
routes:
GET /projects/edit/:id #controllers.ProjectsController.edit(id)
To make this I need to pass entity id from request path.
Is there some way to get/pass path parameter in class implementing Authorization interface?
There's currently no way to do it. This is a valid use case and should be covered. I'll keep this in mind to improve the API.
Our system uses a custom roles, and authentication system to Authenticate users.
I am now looking into the service side validation/security.
I want implement our custom Authentication, Authorization on the wcf too.
I have done some investigation, it looks like I could use the PrinciplePermission attribute on the contracts to allow/deny access. The default just calls the IsInRole method on the IPrinciple and the IsAuthenticated on the IIdentity.
So I have 2 questions:
How do implement my own custom principle which has additional data/methods?
How do I add addition checks to the PrinciplePermissions? e.g (IsExternal which will check if they are accessing the service from the intranet or internet [have a mechanism to monitor this already])
Thanks
After some experimenting I came up with a custom written solution:
I based my solution in Kyle McClellan's Authorisation Sample. I adapted the attributes to look at a custom class to retrieve the user.
To get around the async problem I loaded the user and his relevant data in the App.xaml prior to instantiating the MainPage, I then make use of a global singleton, which I called SecurityContext, to access user data.
The SecurityContext is an in-memory store of the user data that can be accessed clientside.