I am working on a react native app that has a PHP backend. I am getting an issue with OAuth2. Following is the scenario.
User enters the login screen, he will get an access token. Which is
saving in async storage.
Whenever the user is successfully identified, the auth service provider issues an access_token and refresh_token
The app uses the access token to fetch more user information.
access token is expired. Then I got into the app and closed sooner(which will send a request for a new access token but upon closing the app, the response won't be stored in the device, rather it will update the backend refresh token). This causes refresh token mismatch and lead to app log out.
When I'm trying to open the app I get thrown out and I need to log in again due to the mismatch of refresh token at backend and async storage.
Any ideas are welcome!
Related
Good morning.
I use google calendar API.
My program create a connection with the google calendar of multiple users.
From each user, i have their credential.json, but when the app start the first time show the browser quickstart confirm. How i can skip this step?
Thanks anticipated
I think you have seriously misunderstood how Oauth2 works.
You the developer goes to Google developer console and registers your application. If you will be requesting data from other users you will need to create Oauth2 credentials this will give you credeitnals.json file used by your application to request authorization of a user.
When each of your users runs your application they will be requested to consent to your application authorizing their data. If they do you will be granted an access token which gives you access to their data, this access token will expire after one hour. If you have also request offline access then you will also have a refresh token. If you store this refresh token some place then you will be able to access the users data when ever you need to by using it to request a new access token.
As for the unverified app screen, when you create your application it is basically in developer state, this is so that you can build and test your application. When you are ready to go to production you can request that your application be verified by google
Once your app has been verified the unverified app screen will stop showing up.
I'm using IdentityServer4 with Asp.Net Core Identity. In Identity Server I enabled GOOGLE as external provider. I'm able to LOGIN with GOOGLE. The first time I try to LOG IN with GOOGLE the Identity Server shows to me the pages of the GOOGLE where I can choose the account or insert my credentials.
When I LOGOUT I receive the message that I'm logged out but when I try to LOGIN again with GOOGLE I'm directly logged in without to enter my credentials and if I have more than 1 GOOGLE account I'm not able to choose a different one.
This happens both if I connect directly to the server from the Login screen and if I do it via AuthRequest in Expo native app calling endsession endpoint with id_token_hint enhanced.
Why? I'm getting crazy.
I found this solution:
await WebBrowser.openAuthSessionAsync("https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://myIdentityServerEndSessionEndpoint", "exp://myReactNativeApp");
I've implemented embed app installation process and got access token for shop on backend. How do i supposed to authenticate user when he open the app now? There is no shop name and hmac in query string when user open my app.
When you get a token back, for a shop, you are supposed to store that token in your persistence layer so you can re-use it, and to start a session. Whenever Shopify sends a request to your app they include the shop name so you can look it up and get the token and start a session. Requests without a shop name and no session spell re-authentication time.
Are you missing the part about starting a session? If someone is trying to access your App without authenticating, you need to block that access obviously. The tricky thing is ensuring all requests from your App to your App include the shop name so that if the session you started expires, you have a chance of re-authenticating one.
As the title suggests, how to manage the user state in Firebase authentication within an SSR Nuxt.js application? The following conditions should be met after a successful login:
Users should be able to visit protected resources when navigating
between pages
Users should be able to reload browser and still be signed into the
application. They shouldn't be redirected to the login screen
Firebase's default behaviour is to persist the user's session
even after the user closes the browser. Users should not have to
login to the application again if they close their browser and reopen
it and when there is still a valid Firebase user available
I was able to solve this problem by using the following:
Express server - using axios posts to manage the login on receiving
the request save the user ID in the session and save the access token
in a cookie
Vuex - store user state so easily accessible within my Nuxt application
Nuxt server middleware - used to check the authentication status of
the user on the server. Looking for user ID in the session or the
access token in a cookie that would have been created on login
Access to the code containing a working, running example of this scenario can be found in this GitHub repository.
I have also written a more detailed blog entry regarding all the important files used in the project.
I am trying to build an SSO login flow on a React Native app using Okta's oauth 2.0 api.
Here is the flow that I am trying to achieve:
(1) webview renders login page from /oauth2/:authorizationServerId/v1/authorize?response_type=code&response_mode=query&client_id=&scope=&redirect_uri=___.
(2) user logs in.
(3) webview renders redirect_uri with authorization code in url.
(4) I extract authorization code and send it along with client id, client secret, and other necessary params to /oauth2/:authorizationServerId/v1/token.
(5) endpoint responds with accessToken.
I am able to get the accessToken through this process using postman and curl so I know that this works. I have also verified that this exact flow works on a Xamarin app.
However, when trying to hit the /oauth2/:authorizationServerId/v1/token route from my React Native app after getting the authorization code, I always get a 403 without an error message.
I am using fetch for my api calls and used the not-CRNA way of creating my app.
Has anyone ever come across this issue before? In general, has anyone been able to get this type of Okta flow to work with React Native?
At first I thought it was a CORS issue but followed the CORS test here and verified that this was not the case.
I also thought it was an issue with making a fetch request and rendering a webview at the same time. I built my own Okta sign-in page so I wouldn't have to use a webview and used this flow but got the same 403.
Any and all help on this would be greatly appreciated.
Thanks!