The company I work for has an web application built with Angular, that has user authentication.
We also have a blog built with Webflow for simplicity.
The thing is, we want to create special pages on our blog only for premium users. For that, a user would need to sign in on the blog (webflow) using the same account they use on the main web application. After that, the blog would also need to know if they should have access to said pages (is a premium user), and then allow them to access such areas.
I've been looking for information about this, but I've been unable to locate a clear answer. I tried following this, but the GET request for https://webflow.com/oauth/authorize (using my own clientID) returns their home page. This can be seen on the printscreen below:
The request has the following format: https://webflow.com/oauth/authorize/?client_id=<CLIENT_ID>&response_type=code. It redirects twice (code 301 and 302), then just returns me their homepage.
In fact, I'm not even sure this oauth integration would solve my problem. Is this even achievable using webflow?
Related
What is the best way to password-protect a folder on IIS with a single set of credentials to be shared by a group of users?
Our hosting service offers Plesk, which in turn offers a "password-protected directory" function, but some of our clients have HTTP authorization disabled, so they get an automatic 401.4 error with no prompt for credentials.
I've looked into Forms authentication but this seems cumbersome to set up for the numerous separate domains at issue.
The protected content is not super sensitive, we just don't want it easily accessible to the public. Many of our users do not use the site frequently and we don't want to implement individual credentialing for everyone (we do have that in place for more sensitive sections) just so they can view current project reports or meeting minutes.
On sites I don't control, but am just a user, that do the same things as mine, it is a big pain to have to look up a username and password twice per year just to view a meeting agenda (yes, browser could remember but they also have a 4-month expiration and lots of us are on different devices all the time).
Is Forms authentication the way to go? Took a several hours for me to get it set up and working, with all sorts of settings not well documented in a single place.
(I had previously asked about how to disable Basic Auth on the client side, was told more than once it's not possible - but it is, via client/browser registry keys)
Thanks.
It's perfectly fine to use forms authentication. All you need to do is navigate to the folder or file you want to protect, then go to Authorization Rules. Add a deny rule for anonymous users, when users who are not logged in try to click on any file in that folder, they will be redirected to your login page. You can find a lot of guides on forms authentication in Google, you can refer to the following:
https://learn.microsoft.com/zh-CN/troubleshoot/developer/webapps/aspnet/development/forms-based-authentication
https://learn.microsoft.com/en-us/iis/application-frameworks/building-and-running-aspnet-applications/how-to-take-advantage-of-the-iis-integrated-pipeline
I am attempting to build a webapp using Vue for the frontend and Flask for the backend that reads in the users Gmail emails.
Desired functionality:
User clicks a button to "Link Gmail Account" on the frontend
User is authenticated with gmail Oauth2 and confirms. Once confirmed, they redirect back to the page they were on
Once the user confirms, the backend queries gmail to get all of the users emails and returns the data to the frontend
I have been trying to use https://developers.google.com/gmail/api/quickstart/python as a starting point, but I cannot authenticate the user -- I keep getting a redirect uri mistmatch error with a random port (I am doing this locally so have set the redirect uri to be the localhost port where I access my project).
I think I am doing something fundamentally wrong or not using the Gmail API in the correct way, but have searched all over google and youtube to no avail.
Specific things that I think could be causing an issue:
What is the best overall strategy to implement this? Should I use the Gmail API in Python or Javascript? Right now, the use clicks the "Link Account" button which calls an API in my backend which then runs the code in the Python Quickstart guide.
What kind of google project should I set up? I currently have my credentials configured for a "web application"
What should I put as the redirect uri? I am using localhost but am unsure exactly what to put here (I have tried http://localhost, http://localhost:5000, http://localhost:5000/, http://localhost:5000/emails [this is the url I want them to return to]). No matter what I put, I keep getting a redirect uri mismatch and it says the uri it is looking for is http://localhost:[random port]/
I would appreciate any help on how to approach achieving this. Thank you!
Depending on what you are going to use Gmail API for, you must select the device or category. In your case, as it is a website it should be set to "Web Application".
Also, you should be using the following redirect URI: http://localhost/emails/. You should not include the port number and you should be using trailing slashes (adding the last / at the end). Note that the redirect URI you set up in your backend must be an exact match of the one you have set up in your Credentials Page. Also please note that it might take some minutes to update this URI.
Moreover, this is a guide on how to create a Sign In button that will authorise your users that I believe will be useful for you.
hello all i havent managed to find this elsewhere here nor in the old GAS product forum so here goes:
i am writing a simple client javascript which queries various APIs. when it comes to querying a certain GAS script i have set up to access gmail, i understand i am supposed to serve its data through JSONP. the client script dynamically injects a SCRIPT tag and should normally handle this "response" as script. except whenever the response contains html, requesting the user to grant permissions. in this case this HTML goes into the SCRIPT raising syntax error with MIME type mismatch.
researching this problem i was led to believe the solution lies somewhere around redirecting the user to this page always before every call. so my question is, where can i find best practice regarding this issue?
Unfortunately there isn't a full solution for detecting and granting authorizations to scripts used in JSONP requests. I've seen workarounds where an application first prompts the users to visit the web app's URL, so that they can grant authorization, before allowing them to use the JSONP portion of the application.
Okay I'm a little confused on how to do this due to the fact that I'm new to Joomla.
I have a site where users need to be logged in to view certain articles. I want restricted articles to basically pick up weather or not the user is logged in, if so proceed as normal, else display a login/registration form.
I looked at the plugins section and found a "Joomla-Authentication" plugin. Now, how do I use that in an article in the same fashion I use other plugins in article? i.E {plugin_name}params{/plugin_name}
NO... You do not need plugin for this AT ALL.
In Joomla you have "Access Type" for modules/articles/pretty much everything.
Public - Visitors
Registered - logged in users
Special - back-end users
In Back-End go to Modules and create new Log-In module. In the access type selected "Public".
When you create articles select "Registered Access" this way only signed-in users will see the article.
This will help you. Log-In the admin Back-End (Administrator Screen), go to Help->Joomla Help. In the Alphabetical Index find following topics:
Module Manager (it explains access types)
Module - New
Article Manager (it explains access types)
Article Manager - New/Edit
I found a solution that works for me. I downloaded and installed JUMI. Jumi is a Joomla extension that allows you to include files such as php and then executes the code in those files. Through PHP I check user access and do redirects accordingly.
JUMI can be downloaded here
I was googling for tools for checking broken links in a remote web page. The w3c validator seemed a good one. But I am still unsure as how to check for pages which are restricted, i.e. the pages which I can only access by logging in to the site. Can we do that using the w3c validator? If not than is there any other tool for the same?
For basic authentication the online validator will proxy it and prompt you to logon, alternatively see this post.
Sometimes you can specify the login details in the URL: username:password#url.to.the.site. This I believe only will work if you are using a .htaccess file for logins.