I'm using Doxygen to generate documentation on a C++ project. I want to share this documentation with various team members without them having to build the docs themselves. In an ideal world, there's a service to privately host the static HTML that's generated from Doxygen, and gate it behind some sort of login. I think literally all this service needs to do is have some authentication middleware before serving the HTML. Just password protecting a directory is not good enough for what I'd like to do.
Does anyone know of a service like this that already exists? Am I taking the wrong approach?
What you are asking for is a service that host static pages but provide the authentication functionality. I don't know if something like that exists and I have not found anything in a quick search.
However, there's another approach, much more simple. Just generate the documentation and upload it wherever you want that requires authentication (Google Drive, a private repository in GitHub or Bitbucket, etc). Give access to your team members and they will just have to keep it up to date with the remote one and open the index.html locally in their browsers.
Azure has a static web app host available.
You can configure it so users must log in before anything is served up.
This is a bare bones config that will require people log into an app reg I made available to them, otherwise it will redirect to the azure ad login page.
We are already using Azure for our cloud needs, so this wasn't much to stand up for the documentation host.
Custom authentication in Azure Static Web Apps
Authentication and authorization for Azure Static Web Apps
{
"auth": {
"identityProviders": {
"azureActiveDirectory": {
"userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/TENANT_ID",
"clientIdSettingName": "AZURE_CLIENT_ID",
"clientSecretSettingName": "AZURE_CLIENT_SECRET"
}
}
}
},
"routes": [
{
"route": "/*",
"allowedRoles": [
"authenticated"
]
}
],
"responseOverrides": {
"401": {
"statusCode": 302,
"redirect": "/.auth/login/aad"
}
}
}
Related
I've been at this for days and the documentation just isn't clear to me, maybe I'm just not reading it correctly.
I have a blazor WASM app (https://localhost:5001) that pulls data from an api. The api needs to be authenticated so I want to just pass the access token inside the header.
Inside the OneLogin admin dashboard I've created an OIDC app called "testApp", the Token Endpoint is None (PKCE).
Setting up oidcauthentication on blazor was super simple. I originall just used the
builder.Services.AddOidcAuthentication(options =>
{
builder.Configuration.Bind("OneLogin", options.ProviderOptions);
})
However I quickly realized I had no way to add an audience. So I followed this guide ..
auth0 oidc for blazor
and this github for the actual code I modified to create a custom provideroptions that has an audience string
github repo
And I also had no issues setting it up. However, where I get stuck is how seemingly complicated OneLogin's side of the setup is.
Reading their docs onelogin api auth docs, there are no modern examples of setting it up past the postman import. Downloading the import file offers a fairly organized set of apis however I can't figure out what needs to go where.
First I created an Api Auth Server
{
"description": "API",
"configuration": {
"access_token_expiration_minutes": 20,
"refresh_token_expiration_minutes": 20,
"resource_identifier": "https://localhost:5005",
"audiences": [
"https://localhost:5005/worker",
"https://localhost:5005/user"
]
},
"name": "API"
}
then I created a scope
{ "value": "custom:scope",
"description": "A custom scope" }
then I added api auth server client. I went to the admin panel and grabbed the app id from the url. https://{domain}.onelogin.com/apps/{appId}/edit/#configuration
and added an api auth server
which gave me this back from the postman api
[
{
"name": "TestApp",
"app_id": 1111111,
"scopes": [
{
"id": 172,
"description": "A custom scope",
"value": "custom:scope"
}
],
"api_auth_id": 1246001
}]
So from this point it looks like I have everything I need? Except I still can't get it to create an access token. I go back to my application and use the modified service and add my audience to my appsettings.json
"OneLogin": {
"Authority": "https://{domain}.onelogin.com/oidc/2/",
"ClientId": "{clientId from onelogin}",
"ResponseType": "code",
"DefaultScopes": "openid profile groups",
"Audience": "https://localhost:5005"
Except it still doesn't add the extra audience to the access token causing my api calls to fail when I add the access token inside the header. If anyone can figure out where I've gone wrong I'd be incredibly grateful.
woot. Figured it out myself. I had everything right but I had the audience wrong. In their docs they discuss having multiple audiences like example.com/blah and example.com/bleh but having the audience as just example.com and then having different scopes PER web service actually is working fine.
So when I create example2.com and add it to the audience both my api's will be able to be accessed.
I am using Fusion Auth as an auth backend for my project.
After starting up the container as shown here(https://fusionauth.io/docs/v1/tech/installation-guide/docker), if we open the URL(Ex: http://localhost:9011) we need to create an admin user and then we will be able to create Application, API Key, Lambda.
As my project doesn't involve UI interaction, I wanted to create Application without involving UI interaction(i.e., setup-wizard).
I was unable to find an API that relates to setup-wizard.
As I saw Since this is your own private instance of FusionAuth, you need to create a new administrator account that you will use to log in to the FusionAuth web interface. in setup-wizard I thought this is required only for UI, So I tried to create Application using this(https://fusionauth.io/docs/v1/tech/apis/applications#create-an-application) API, but it is returning a 401(Unauthorized).
Can someone help me to either create an application without authentication or bypass setup-wizard?
The FusionAuth Kickstart does exactly what you need. It will allow you to pre-define the configuration that you require in a JSON file and then the system will bootstrap itself automatically.
The base use case it to provision an API key which would allow you to programmatically configure the rest of the system by using APIs after an API key has been created.
{
"apiKeys": [{
"key": "a super secret API key that nobody knows"
}]
}
You also have the option of building your entire configuration in the Kickstart definition. There are a bunch of examples and walk throughs on the Kickstart installation guide.
Good luck!
We've built a SMAPI implementation that is serving up audiobooks. We're able to browse books and play them, but we're running into problems getting reporting to work correctly. We saw that the reporting endpoints for SMAPI have been deprecated, so we're attempting to follow the directions from the "Add reporting" page.
We added a reporting path at https://<our_service>/v1/reporting and added endpoints for requests to /context and /timePlayed off of that base path. We're able to hit them directly ourselves, so they're running.
We also created and hosted a manifest file at https://<our_service>/v1/files/manifest.json, which we're also able to hit directly and get the JSON file.
{
"schemaVersion": "1.0",
"endpoints": [
{
"type": "reporting",
"uri": "https://<our_service>/v1/reporting"
}
],
"strings": {
"uri": "https://<our_service>/v1/files/strings.xml",
"version": 1
}
}
After that we added our service for testing using the customsd page. We're still able to navigate the menus and play audiobooks, but Sonos appears to be sending the deprecated reporting requests to our SOAP service instead of the new reporting endpoints.
We found this question where someone appeared to be using a SMAPI implementation along with the new endpoints, but we haven't been able to figure out what we're doing differently that's causing the problem. Any ideas or suggestions would be much appreciated.
It looks like you have unsupported version numbers for the reporting endpoint and the Manifest Uri. v1 is not supported. Acceptable version numbers are v1.0, v2.0 or later. For reference, see:
The example under Add a manifest file with an endpoint in Add reporting.
POST /timePlayed for a list of features for each version.
Cloud queue base URL and API version in Play audio (cloud queue) for details about the URL and API version format.
Updated with more details:
The endpoint doesn’t have to have report at the end, it can be called anything.
The order doesn’t matter. Both /v2.1/reporting and /stuff/report/v2.3 are valid.
The reporting endpoint doesn’t have to be HTTPS, it can be insecure HTTP.
The manifest URL cannot be insecure, it must use HTTPS.
Implementing a PHP Bitbucket API service for a website. One thing I need to do is give a bitbucket user (could be anyone at all as long as they have a bitbucket account) access to a private repository and be able to pull the repo down via composer.
Is this possible by the Bitbucket API?
Should I be giving the user just standard read access to the repo?
If thats the case what happens with SSH keys? How would I handle that?
OR should I use the deployment keys feature? Is this available via the API?
If you know of any documentation apart from the official ones that might highlight some of these features slightly better, it would be greatly appreciated.
Thankyou
To give a user access to a repository through the API: https://confluence.atlassian.com/display/BITBUCKET/privileges+Endpoint#privilegesEndpoint-PUTanewprivilege
If all you need is the ability to clone, then "read" permission is sufficient.
HTTPS vs SSH is orthogonal. Once a user has access, it is up to them to choose the protocol.
Deploy keys are another option is all you need to the ability to clone a repo over SSH (not HTTPS), but it sounds like that may not be a very good fit for what you're trying to do.
The user would need access to the repository... read access is fine
now since your repository is a private one, it's not hosted on packagist, i'm assuming...
so your composer config, well at least the way we do it in our workspace could be as follows:
{
"name" : "bitbucket-users-project-name",
"author" : "bitbucket-users-name",
"repositories": [
{
"type": "git",
"url": "git#bitbucket.org:your-username/your-repo-name.git"
}
],
"require" : {
"your-repo-composer--name" : "version.number.here"
}
}
for testing purposes you could use dev-master instead of version.number.here
now since you're using the ssh git url, that user would require their ssh key added to their own account
I'm attempting to setup a prototype API using nodejs that uses 3Scale's API management.
I've been able to find their plugin intergration code, which is as follows:
var ThreeScale = require('3scale').Client;
// keep your provider key secret
var client = new ThreeScale("X");
// you will usually obtain app_id and app_key from request params
client.authrep({ app_id: "Y",
app_key: "Z" }, function(response){
if(response.is_success()) {
// continue
} else {
throw new Error("not authorized " + response.error_message);
}
});
Which makes some sense to me as part of a server module. But, I'm not sure where the client's credentials are in that equation....
I see it as the client is pointing to your app, and here's the password for the app...but what about the username/password for the actual client!? where does that get checked?
I feel like I'm not grasping their architecture (possible because it's my first real node project and definitely my first time using 3Scale)...
Further, what's a client's request then look like?
in 3scale system app_id and app_key (in this authentication method) kind of represent the user's (i.e. developer's) credentials. This is due to the fact that every user can have more than one application and one application belongs just to one user, so you don't need user credentials. The credentials are checked on the 3scale system side and if authorized, they report the usage and forward the call to your API.
provider_key identifies your account (API owner) and you have to keep it secret (if someone gets it, they can impersonate you).
Did you already check the 3scale's support site? There are many useful information on the system architecture, some tutorials on integration, etc.
You can check them here: http://support.3scale.net
btw. the node.js plugin is a community plugin. You can also try integration via nginx reverse proxy.