TLDR: Is there a way to dynamically set the login URL during app
runtime for either Auth0, Okta, or some other authentication service?
I am developing a capacitor application that uses Salesforce data. My app users will need to authenticate to Salesforce to retrieve permission (access token, refresh token, etc) for the app to grab their Salesforce data. The catch is the user can customize their login url based on the Salesforce sandbox they wish to hook my app up too during app run time. For instance they can use the choose to access a
prod sandbox via https://login.salesforce.com/.well-known/openid-configuration
development sandbox via https://test.salesforce.com/.well-known/openid-configuration
specific sandbox via https://${customSandboxDomain}.my.salesforce.com/.well-known/openid-configuration
Due to the user being able to determine which sandbox/domain they would like to authenticate to the app needs to be able to dynamically declare the authentication login url. Is there a way to dynamically set the login URL during app runtime for either Auth0, Okta, or some other authentication service?
Related
I am trying to bypass Cognito's hosted UI and have my custom UI for social login, I used Amplify for creating user with username and password, but for user creation using social login documentation says to use Cognito Hosted UI, is there a way to create user pool without using Cognito's Hosted UI.
I tried to build my own but after receiving code from google on redirect I don't know how to create data in Cognito's user pool
I am building an SSO system for android where I am the identity provider. And I want users to sign in from my app that will automatically log them in to google workspace (or any other enterprise application e.g salesforce). I cannot figure out what and how to send identity values from my Idp to Google workspace.
This can't be done this way round. When a user signs in to your app she can't be automatically signed in to any other application. The options that you have are:
When a user signs in to your application you can ask Google for an access token. As part of your sign-in process, you can run an OAuth flow against Google Authorization Servers and ask for proper permissions. This will allow the user to additionally log in to their Google account, consent to release information to your app and you will then get an access token that will enable you to call Google's APIs. This way your users will have to log in twice (both to your app and to Google).
You can rely on Google to log users into your app. So, Google will be the OIDC Provider and your app will only be the client. People will log in to their Google account, and you will get an ID token in return. You can use the data from the ID token to create user accounts and sessions in your app.
In the first case, you will want to have a look at OAuth flows, like the code flow. In the latter, you will need OIDC flow, e.g. the OIDC code flow.
I have a SaaS application using Vue.JS as frontend and Django Rest Framework as backend. I use JWT tokens for authorizing between frontend and backend.
Now I want to add support for our customers to be able to sign in with their Microsoft accounts. So if the signed in user matches a user in our database, it is logged in to our application.
I've set up Azure B2C and can successfully log in and acquire a token in the Vue.JS application using msal library.
Then I send the token to backend server for verification. I use azure_ad_verify_token to verify the token, but I get an InvalidAuthorizationToken exception.
It seems to be working when the user is added to my organization's AD directory. But I would like to verify the token for any Microsoft user, then match it to users in our database. It would be too much work to manually add our customer's users to our AD directory. If it would be possible to add another organization/domain I guess that would be ok.
There's a lot of documentation regarding this but I always end up in examples for separate applications. Just to clearify flow I try to achieve.
The user clicks on login with microsoft
The user is redirected to Microsofts login page, approves my application for their organization
On requests sent to our backend, the token should be verified against Azure Active Directory using authorization class.
If the user's email exists in our database, the request is successful
I am providing an integration to BigCommerce from our website.
I see that the auth url is called with the authorization code when app is first installed. I need to know how I can generate the authorization code with an app already installed.
I need it because there's a case where the user removes the integration from our website but our app is still installed in his store in BigCommerce. I want to show something like a 'connect' button which the user can click to generate a new access token and connect his store to our website.
I understand that I can reuse the same access token that he had before he removed the integration, but then what if the user connects a second account in our website to his BigCommerce store. In this case the access token will need to be passed between two different accounts in our website and will be an issue.
An app should only connect to a store actively, in a process that will install the app. If you're offering the ability to disable the integration outside of BigCommerce, the app should be uninstalled at the same time from the store. The same OAuth token is required to authorize any API requests for the app, which is why it needs to be stored after installation.
I need to login users via Instagram for my mobile application so I can make calls to Instagram API and get some information from the Instagram. Simply, my application will ask user to authorize Instagram access and able to get access token for API calls. Application should not ask user to login again once the user is authorized. I already setup my Instagram client-app to implement server-side authentication flow.
My challenge is I want to do this on by using AWS mobile services. I already setup custom authentication from MobileHub and came to point where I need to define my custom authentication flow (in this case it is Instagram authentication flow). Under AWS Cognito app when I go to Triggers tab, I see different options for defining lambda functions associated with my authentication (such as pre/post auth or define / create / verify auth challenge). I am not sure how to align Instagram Authentication flow with these functions. Or should I use something else. Also I am not clear how does AWS Cognito manages authentication flow: I don't want my users to go through authorization process every time they start my application. I believe AWS Cognito link users from my custom flow to some Cognito identity and able to authenticate when they use my application. I really appreciate any suggestions, or even code sample (if available).
Check this Document for Cognito Identity. Instagram is not there by default. So you have to use External Identity Provider, most probably using Open ID Connect Providers.