I am using the Auth0 webauth.authorize() pop up to log in to my react native app.
I receive the refreshToken back after log in but how do I use this refresh token to get a new access token? Is it possible with webauth or do I need to use the sdk?
It looks like you are already using the SDK if you are using webauth.authorize(). Using the react-native-auth0 package, you can use the following code to exchange a refresh token for an access token:
auth0.auth
.refreshToken({refreshToken: 'the user refresh_token'})
.then(console.log)
.catch(console.error);
Related
I have an SPA that uses B2C as its certification.
not AD, im using B2C.
Now I want to display user information on the SPA,
so I want to use MsGraphAPI to get data from B2C.
Therefore, we are trying to obtain an access token using credential flow.
The code is as follows
requestUri = "https://login.microsoftonline.com/{tenandId}/oauth2/v2.0/token";
var params = new URLSearchParams();
params.append("grant_type","client_credentials");
params.append("client_id","XXXX");
params.append("client_secret","ZZZZ");
params.append("scope","https://graph.microsoft.com/.default");
const response = fetch(requestUri, {
method:"POST",
body:params
});
At this time, the developer tool shows a corrs error.
The following error.
access to fetch "https://login.microsoftonline.com/{tenandId}/oauth2/v2.0/token" from origin "http://localhost:3000" has been blocked by CORS policy.
How can I resolve this?
SPA is available at http://localhost:3000.
Is the localhost no good?
The purpose of authenticating is to get user information. You can insert any attribute into the token, and then parse the id_token to display the users profile information in your application. Calling MS Graph API for this seems counter intuitive.
Next, you shouldnt be using client_credentials in your SPA, those are secret credentails, and should only be used by your server. By exposing those credentials in your SPA, any user could extract them and use them to read your entire directroy store. This is why you are getting a CORS error, it's never supposed to be running on the client browser.
I am using dropbox javascript sdk for file uploads using following end points.
For file below 150MB
/upload
For file above 150MB
/files/upload_session/start
/files/upload_session/append_v2
For Authorization, I am using the following code for now.
const ACCESS_TOKEN = 'my_access_token_created_manualy_from_app_console';
var dbx = new Dropbox.Dropbox({ accessToken: ACCESS_TOKEN, refresh_token });
Now I don't want to go to the app console every now and then to get access token.
Is there any way I could handle it in my code? Any API/ajax request to get access token in response to app_key and app_secret?
Getting a Dropbox access token for a user's account always requires some initial manual interaction from the user to authorize the app in some way. This cannot be done entirely programmatically. For the developer's own account, such as in your case, you can generate an access token on the App Console. For arbitrary end-users, this is instead processed via the OAuth app authorization flow.
You can refer to the OAuth Guide and authorization documentation for more information. For the Dropbox JavaScript SDK in particular, there's an example of processing the OAuth flow here.
I'm building my first app using react-native and expo.
When I log in into my app using Facebook Auth and my personal account, I receive an access token; then I save it locally in the device using SecureStore, provided by expo.
If I try to log out, and then log in another time, I receive a new access token, different from the first one.
But if I try to make a get request, for example just to obtain the name of my facebook account, using the old access token...I can do it!
I wrongly thought that every time the same user try to access into the app using facebook auth, facebook gives the same access token given in the previous session (if it isn't expired or invalidated yet).
So... What I have to do? Just locally override the old token with the new token? Or should I invalidate the old token because of it is still valid (and if so, how could I do this)?
Access Tokens are not valid forever: Basic User and Page Tokens are valid for 2 hours so you do not have to invalidate them on your own. Extended Tokens are valid for 60 days but I assume you do not use those. Just override the Token with the new one, you do not need to worry about old Tokens.
Source: https://developers.facebook.com/docs/facebook-login/access-tokens/#termtokens
I'd like to stop receiving notifications to the app once the user logs out.
I guess I'd have to remove the device token generated by react-native-firebase but I can't find any functionality to do this.
Does anyone know how to do this?
🔥 messaging().deleteToken()
You could achieve like this:
import auth from '#react-native-firebase/auth';
import messaging from '#react-native-firebase/messaging';
auth().onAuthStateChanged(user => {
if (!user) // Signed out
messaging().deleteToken();
});
The documentation isn't great, but I have found a working solution in v4.3.x
// login
const authorizedEntity = firebase.iid().app.options.messagingSenderId;
firebase.iid().getToken(authorizedEntity).then(token => token);
// logout
const authorizedEntity = firebase.iid().app.options.messagingSenderId;
firebase.iid().deleteToken(authorizedEntity, '*').then(nullToken => nullToken);
First of all, you shouldn't store Firebase token inside the app, you should store it in the database.
Firebase token is a device identifier for notifications, if someone steals it they could bomb someone with notifications.
Create a API route that handles logout (ex. POST /user/logout) on your backend, and on that request remove the firebase token from the database.
The firebase token is per app instance. The token will remain the same as long as the app is installed on the device. To remove the token you will have to uninstall the app.
To solve your problem, you should disocciate the token from the logged-in user when they log out. You can do this by sending a request to you server on user logout in order to update your database record where the token is associated with the user. Then, when a new user logs in, you should send another request to the server to associate the token with that user.
I am developing a react native mobile app using auth0 and graph.cool. I've configured the client credentials properly within graphcool. When I try to create a new user by calling the createUser mutation with the id_token received back from auth0 I keep getting GraphQL Error: The provided idToken is invalid. Please see https://auth0.com/docs/tokens/id_token for how to obtain a valid idToken.
I have also changed the JsonWebToken Signature Algorithm from RS256 to HS256 but that is not working either. I am using the id_token generated from the authentication API after logging in a user by using the /oauth/token endpoint. I would greatly appreciate any help on this topic. Thanks in advance.