I'm using Strapi 3.6.10.
When I create user via http://host:1337/auth/local/register, I'm not able to achieve desirable user's role. It's always Authenticated, even if I directly set it to another in my request
{
"username": "user",
"email": "user#mail.com",
"password": "123456789",
"role": {
"_id": "626eacea45f0a420ccb35094"
}
}
I've also tried using API documented in generated by Documentation plugin Swagger - PUT /users/{id}. But if I send request with new role nothing happens to my user's entry
Related
So I know there's several SDK packages for many languages available for nHost, however I need to create my own interface to the system since the language I'll be using isn't typical.
I basically just need to know how to interact with authentication endpoints, send a users un/pw and recieve a JWT token. I've been successfully able to do this with aws Cognito, but I'd like to explore this instead.
I'm also not sure if I'm using the right base url, here's my thought so far:
https://kbvlufgpikkxbfkzkbeg.nhost.run/auth/login
So I would POST to there with some json in the body with the un/pw stuff, and the response should be the jwt token right?
I get a "resource does not exist" response from the above, however, so obviously I'm not forming the url correctly in the first place.
Thanks for the help!
Nhost supports multiple sign-on methods.
For example, using the email+password method, you would send:
POST https://xxxxxxxxxxxxx.nhost.run/v1/auth/signin/email-password
{"email":"foo#example.com","password":"bar"}
and the response:
{
"session": {
"accessToken": "somejwt....",
"accessTokenExpiresIn": 900,
"refreshToken": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"user": {
"id": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"createdAt": "2022-09-17T19:13:15.440221+00:00",
"displayName": "foo#example.com",
"avatarUrl": "",
"locale": "en",
"email": "foo#example.com",
"isAnonymous": false,
"defaultRole": "user",
"metadata": {},
"emailVerified": true,
"phoneNumber": null,
"phoneNumberVerified": false,
"activeMfaType": null,
"roles": [
"user",
"me"
]
}
},
"mfa": null
}
The JWT is short-term, when it expires, the refresh token is used to get a new one.
The Nhost JavaScript SDK handles it automatically for you, that's a big benefit to the platform (in addition to being integrated with Hasura). If you are trying to port it to another unsupported language, you'd have to reimplement it. Probably by reading the library and/or running one of their sample client application and reverse-engineering the HTTP over the wire.
Recently I had configure to use amplify with #aws-amplify/ui-react library to login Federated users.
Once login, for google user, I would get payload like
{
"id": "",
"email": "",
"name": "",
"picture": "",
"token": ""
}
Yet for facebbook user, I get similar stuff but no picture info
{
"id": "",
"email": "",
"name": "",
"token": ""
}
I had tried to update config in my Cognito for Facebook provider. However, this failed to get picture info for me.
Is it possible to make amplify's federated login through Facebook to pass me back picture info as well? I know I could just call another Facebook api to retrieve picture, but I wish this could be avoided, since Google login would return picture info automatically.
P.S.
Here's my Facebook identity providers config:
PPS.
Here's my recent Cognito attribute mapping config:
For Facebook:
and in CognitoUserSession's idToken's payload:
the picture field would include a JSON object about profile picture's information
For Google, much simpler:
and the payload:
the picture field is simply the image link
Assuming you're requesting public_profile, use "picture" from Facebook Attribute is actually correct, I do face similar problems that I couldn't receive it until i delete the userpool, and creating a new one.
The value you will get from picture should be something like this
{
"data": {
"height": 50,
"is_silhouette": false,
"url": "https://platform-lookaside.fbsbx.com/platform/profilepic/?etcetcetcetc",
"width": 50
}
}
For my React Native app I am using Parse JS SDK and hosted Parse Server on Back4app.
When I try to register a new user, the user is not authenticated because the response does not return a sessionToken.
However, once the user is in the db and signs in a sessionToken is returned and the user is authenticated successfully.
Request
The request is the same for sign in/up.
await Parse.User.logInWith('google', {
// auth data received from #react-native-community/google-signin
authData: {
id,
id_token: token
}
})
Response on initial Sign Up
The response is supposed to return a sessionToken which is missing. So the user is not authenticated and modifications on the user object are not possible.
{
"authData": {...},
"createdAt": "...",
"objectId": "...",
"updatedAt": "...",
"username": "..."
}
Response on sign in after user was created
{
"ACL": {...},
"authData": {...},
"createdAt": "...",
"objectId": "...",
"sessionToken": "...",
"updatedAt": "...",
"username": "..."
}
I don't use any cloud code. Just a simple auth flow with Google oAuth.
Any help is highly appreciated.
Edit: same issue for 'sign in with Apple'
As far as I know, according to the Official Documentation, Parse will respond 200 (HTTP OK) and include the Session Token only when it verifies the user is already associated with the OAuth authentication data.
So, again, as far as I know, the very first request when you create the user, will not contain the sessionToken.
Take a look to this tutorial https://www.thinkertwin.com/how-to-setup-google-oauth2-login-with-parse-server-in-react/
Here there is an explanation on how to setup your Cloud Code. It's for React, but with small adjustments it will work for React Native.
You also need Cloud Code as you need to store your Client ID and Secret. You don't want to have those on your public application
I have a instance of User and instance of Role attached to it. Both are basic models provided from Loopback and they show up in RoleMapping and they work in ACL fine.
So, lets say I logg user in from my Vue client, then I get the response containing the access token in id field so I can make further auth requests, how do I then retrieve basic user info from that access token. Is there a way of parsing it or should I somehow modify the /login remote hook?
Any thoughts?
you need to call the login api with "include" option
/api/users/login?include=User
in response you will get something like this
{
"id": "CZY4lbJbJ2J6DrEIAjYAHfTEZbLMC2tWpyM7sZaKs7rZ1PhIY3mycua0kOHlDXfR",
"ttl": 1209600,
"created": "2018-01-21T17:01:20.183Z",
"userId": "5a3e614339e67f0e580642af",
"user": {
"createdAt": "2017-12-23T13:59:31.314Z",
"email": "dummy#dummy.co",
"id": "5a3e614339e67f0e580642af",
"name": "dummy",
}
you can try it in explorer
I can request a token for a user by visiting the following url:
https://trello.com/1/connect?key=<key>&name=appName&response_type=token&scope=read,write&expiration=never
However, when I request the token's info through the API, I get a response that looks like this:
{
"id": "...",
"identifier": "appName",
"idMember": "...",
"dateCreated": "2015-10-15T05:21:19.886Z",
"dateExpires": null,
"permissions": [
{
"idModel": "*",
"modelType": "Board",
"read": true,
"write": true
},
{
"idModel": "*",
"modelType": "Organization",
"read": true,
"write": true
}
]
}
I'd like to be able to request a token only grant privileges to a specific organization. But I can't seem to find clear documentation on what kinds of options the /1/connect endpoint accepts, or what other method I can use to obtain a token for a specific organization that does not expire.
I could make a machine user with access only to the organization, but it would be a shame to pay for another user account when I only want a subset of the permissions I already have.
I don't think that would be possible as you just authenticate against the API as that user and therefore have the ability to see everything that user can. The only way I'm aware of would be (as you suggested) to create a new user and limit what they can see.