I want to secure my electron app with firebase auth. The idea is that the user has to click on a button in the renderer process to "Sign up/ Login" and then a new browser window opens in his default browser (not in electron), the user signs up or in and returns back to electron app which automatically signs the user in.
I'm using the following:
Electron: 13.6.9
Angular: 12.1.2
I tried the Electron Firebase repo but to be completely honest I was totally overwhelmed. It's well documented on how to setup but not on how to implement it to an existing app.
I also found this but this seems to be highly insecure to have an auth token exposed: https://pesto.app/blog/how-to-authenticate-with-google-in-electron
Could you guys help me to figure this out in a conceptual way (if you have code examples even better)?
Thanks in advance!
Related
I have a web app that uses Firebase for authentication, more specifically it uses the signInWithPopup(provider) method. There is also a desktop client based on Electron which simply loads the same web app. With recent updates this method of authentication stopped working as Electron is regarded as unsecure environment.
Is there a way to open the login popup in the default browser (i.e. Chrome) which is secure, complete the login process there, and return to the Electron app with the login information?
If login popup in default browser, the same issue can happen with security. It needs both ends to be secure.
Can you try to generate certificate and use it in your electron ? Instead of self signed certificate, you can generate through Let’s Encrypt (Authorised CA). Hope this solves your issue.
when login using Auth0 Webauth in React-Native it opens the browser for login.
I want to create a smooth login so that the user should not able to experienced whether I logged in using App or Browser jut like a webview anyone any idea?
Just to be clear are you asking if Auth0 supports doing this without a browser? Given that it's likely using OAuth2 or OpenID Connect then the short answer is no.
Further to that WebAuthn is a browser-based Javascript API so by definition would require a browser with these features to be available.
That said, there's probably nothing preventing you from implementing a native WebAuthn-like experience using CTAP2 (the protocol that sits underneath WebAuthn) directly or a platform-specific wrapper around the same.
I have multiple ember apps, but just one of them has the login page. I want to authenticate all of them with this unique page. How can I redirect other apps to an external login page using ember-simple-auth and redirect to the corresponding app after the authentication?
You need to write custom authenticator. In it's authenticate method I suggest to not redirect, but open a child window with login page. And that login page should be able to communicate with your ember app in some way (window.postMessage for example) in order to give your app auth token. Authenticator must wait until it receive answer (promise and timer will help with waiting). I used such method with google's oauth in node-webkit application (my authenticator opens google's oauth page where user prompted to give my app an access). I don't want to share a code because its too big, complex and have code specific to nw.js but I hope my answer will help. I used code of oauth2 authenticator to develop my own, it helped me a lot.
I'm creating a app in Ionic 2, wich consumes a web api from an existing site. To use this API i have to make athenticate in it in the following way (Similar to facebook login):
I call the api login page in a InAppBrowser component, sending the proper keys and a return URL.
the user types the login and password in the form displayed, the API will validate it and authenticate it.
The API calls the return URL passing the authorization token.
I 'hijack' this redirect to the return url in the InAppBrowser 'loadstart' event, and extract and store the authorization token.
In the following calls to the API, i send the authorization token in the header.
This is all working fine in the emulator, but it doesn't work in the browser (with ionic serve), because when i call InAppBrowser it actually calls window.open, and the events doesnt work. I can't detect the redirect action made in the opened window.
I'd like to make this work in the browser since its better to debug the application there. My first thought was to send "http://localhost:8001" as the return url, but I couldn't find a way to catch the token parameter in the ionic application.
Does anyone know how I can catch this parameter or any other way to make this login work in the browser? It is for development and debug purposes only, so strict security is not a issue (I can comment out any unsecure code in the production version).
Edit: Hayden Braxton answer didn't solve my problem, but since it was because of something exclusively to my app, and it could really help someone who wants to make plugins work, I'll keep it as the selected answer.
Besides that, I'll share the solution I found to my problem in case it could help anyone. It was simple, actually:
I pass "http://localhost:8001" as the api return_uri parameter
the api will, after checking the login and password, redirect to http://localhost:8001?token=MY_AUTH_TOKEN.
This will reload the application and call login page again.
In the login page i call this.platform.getQueryParam("token"); to get the token.
Add
"browser": "ionic-app-scripts serve --iscordovaserve --sourceMap source-map --wwwDir platforms/browser/www/ --buildDir platforms/browser/www/build",
to the script section of your package.json. Then instead of doing ionic serve, instead run
npm run browser
We use ionic2 to develop our apps where I work, and this is what we figured out after some research.
Before using this, you need to have the browser platform added. You can accomplish this with the following:
ionic add platform browser
If the browser platform is already added, delete the browser directory from your platforms directory and then run the add platform command, just to be on the safe side.
I asked a question earlier about if it was possible to use Firebase in a Windows 8/WinJS app. #MichaelLehenbauer told me that I just needed to add the following line to my code in order to fix a bug in firebase.js:
Firebase.INTERNAL.forceWebSockets()
This worked great and allowed me to read and write to my Firebase. However, now I am trying to get auth working in Windows 8 and running into many issues. I am trying to use the Facebook login but when I call auth.login("facebook"), my app loses focus and a new tab in the modern Internet Explorer app (not the desktop app) is opened with the typical Facebook login prompt. If I put in my credentials and hit login, nothing happens. I need to go back to my app but then it fires up a new IE tab and the process starts again. Instead of opening a new IE tab, Firebase should internally be opening an in-app dialog like seen in the top image here.
So, since I couldn't get the Firebase Facebook login working in WinJS, I tried doing the Facebook login myself and then create Firebase users using the email/password auth. However, when I run:
auth.login("password", {
email: "me#example.com",
password: "password"
});
I get the following warning (which is the same warning I received from firebase.js befoore Michael suggested to me to force web sockets):
APPHOST9601: Can’t load <https://auth.firebase.com/auth/firebase?&firebase=[my_firebase]&transport=jsonp&email=me%40example.com&password=password&callback=FirebaseSimpleLogin._callbacks._firebaseXDR13889674277557>. An app can’t load remote web content in the local context.
I'm not sure if this is another web sockets issue or not, but it looks like FirebaseSimpleLogin is just not working very well in Windows 8 apps. Are there any workarounds to these problems? Even better, is there any plan to provide full support out of the box with Windows 8?
Windows 8 is now supported out of the box with Firebase Simple Login.