As I am new to mobile development and I am using react native. I am trying to implement external login(Facebook/Google) login, I got libraries using which I am able to get the details of user profile such as firstName, lastName, email from both Facebook and Google. Here my question is, is it right and safe to get details of the user profile, and calling register api to register/login and get the JWT token to land the application to home screen? Or is there any way that we can just click on Facebook/Google button by passing just provider name we can get all details from web api itself.
I feel, fetching the user profile details from web api is safer than getting user profile using react native library/sdk and then calling register api to register/login the same.
If there any link or Github reference please share the same for better and in details understanding.
Thanks In Advance.
You seems to have it figured out yourself. Call Google or other third party to retrieve user details such as email and name. Then call your own backend to register that user to your platform.
The next time user login using social login do a similar call to your backend to check if user with the details exist in your database and send a corresponding response back.
Check this link Google Login React Native. This reference is a little old one but might give you a heads up.
Note: You will need to have corresponding permissions enabled in providers developer console. Some cases you will get an access token after login/signup using social media. You will then need to fetch user data from corresponding provider using their api or SDK.
Related
I am working on creating an mobile app using Expo (managed workflow). I have a backend server which this app will connect to. The backend server has its own authentication with username and password and all other endpoints are protected based on a token that you would receive by signing in to the API using a /authenticate endpoint.
Now, I would like to add a 'Sign in with Google' feature to my app. From the Expo's AuthSession documentations, it looks like somehow the app can authenticate with Google. I want to use this identity to authenticate with my backend API.
I created a /api/auth/google endpoint in my API that uses passport google-oauth, redirects user to google and get authorization code sent to /api/auth/google/callback. I then use the authorization code to access Google's people API, to get the email to validate the user and respond back with a access token for my API if the Google sign in was successful. This works fine when using in a browser.
I want to do something similar for the react-native app. When I use the Google example in Expo's AuthSession, it gives me back a access_token. I have no idea how it gets an access_token because the app does not know my client secret. But still, I don't know how to use it to login to my API and get my API's token.
I have thought about using AuthSession to directly open my API's /api/auth/google, so it would redirect correctly and my backend can then send my API's token to the app. The problem with this is, when someone clicks on the 'Sign in with Google' button in the app, apple will tell you 'App name wants to use myapi.com to sign in' or something along those lines instead of Google.com. Additionally when I add more sign in options like Sign in with Facebook and Sign in with Something else, the user's phone will always say that the app wants to use myapi.com to sign in and then in turn be redirected to Google/Facebook or something else. I am not sure if this is allowed and would count as misleading the user and get rejected form the app store. I tried logging into some of the apps on my phone and clicking on 'Sign in with Google' tells the app is trying to sign in with Google.com and 'Sign in with Facebook' tells that the app is trying to sign in with Facebook.com correctly. But then I also know that the app eventually authenticates with its own API somehow. I don't know what is the right way to do that.
Can someone help? Thanks.
I am currently developing a mobile app in react native and using Auth0 for user management. I am using my own login, signup and forgot password screens instead of their lock widget. I was able to implement passwordless sms and email by calling their authentication api as well as account linking by using their management api. However, I am having difficulty authenticating in a user with their email and password through the api once they already have an account. It seems to me that there should be a single endpoint for this in which you include the email and password in the body of the request. I was wondering if anyone could help me understand how to simply login users using auth0's api. Thanks in advance.
Take a look at this react native (embedded login custom UI) sample (slightly dated) - wrote it around 6 months ago, but it should offer you good insights - https://github.com/auth0-samples/react-native-embedded-login
Sign in logic is here
Feel free to leave questions below.
For anyone who is still looking there is this step by step on their website on how to login with password via API: https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-resource-owner-password-flow
And with this endpoint you can register a new account: https://auth0.com/docs/api/authentication#signup
I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.
I followed the Firebase documentation to implement multiple authentication providers (Google and Facebook), and I am with the problem that I do not know how to solve.
Assuming my new User has Google providers and facebook with different emails is possible to perform the following login flow ?.
User enters the first app and resolves login with your Google account
Firebase create an account and link Google her provider.
The user exits the application.
User again performs login to the app, however this time he chooses the Facebook provider (which has different email Google).
firebase links the Facebook provider the account that is already linked to Google provider.
The Firebase documentation has a complete page dedicated to account linking. The samples in the page link to a Github repo where you can see the code in the context of an entire app that demonstrates it.
There's little use in use replicating the documentation here. If you're having trouble making a specific step work, share what you've done and the minimal code that shows where you are stuck.
Twitter API allows to update "the authenticating user’s current status", as explained in the documentation page.
What I'd like to achieve instead is to update another user's current status. Consider a magazine's twitter account. I'd like different people to be able to update the magazine's status. Tweetdeck allows this, but it also allows a whole lot of other things like access to Direct Messages. I only want to provide certain authenticated users an interface (similar to Twitter's post-a-tweet interface) to post status and images to the shared account.
I could not find a simple explanation of how to use Twitter API to achieve the above functionality. Could someone please help?
If you have an app that implements the status update API and it is delivered to different people and they authorize the app with the magazine's twitter account, then the app will update that status. I can show an example also with code if this is what you're asking. However the main point is that, once a user has authorized the app, she/he doesn't need to be connected with the shared login any longer because the app will do that on the magazine's behalf.
BTW, similar question here: Twitter API: post on behalf of whom?
Edit
Just to summarize the comments:
The standard OAuth authentication requires the following main steps
1) to develop an app (registered with OAuth consumer key and secret) that implements the API update status 2) to install and authorize the app: during this step the onwer will be requested to enter the credentials of the passive account in a Twitter link opened with the browser, 3) then - after a fallback - the app will store the access token and any user of the app will be able to update the status without login
Once you have developed an app that can post tweets on behalf of a passive twitter account using the standard OAuth, you could make that functionality available to the authenticated users of a website.