I am in the middle of developing an app in React Native. What I am going to do is to encrypt Token coming from the third party using AWS Encryption and send encrypted Token to the server using the HTTP POST method.
Given details for encryption are KeyID, Access Key, and Secret Key.
KeyID: ARN: arn:aws:kms:us-west-1:188480393...:key/8rda...
aws_access_key_id: AKIA...
aws_secret_access_key: 17qKv...
I've tested the encryption process using AWS Encryption SDK CLI and it worked well. But I am not sure how to get started encryption with the above details in React Native.
Could someone recommend me any good example?
Thanks
Have you taken a look at the aws-encryption-sdk-javascript browser example code?
The browser example produces lots of error for me, like there is no crypto module in react native, which causes it to crash with client-browser package.
You can use aws-kms sdk inside react-native app as it supports react-native. It will be very similar to how you use it in your backend.
import AWS from 'aws-sdk';
// Create a new KMS client
const kms = new AWS.KMS();
// Encrypted text to decrypt
const encryptedText = 'ENCRYPTED_TEXT';
// Decrypt the text
kms.decrypt({ CiphertextBlob: Buffer.from(encryptedText, 'base64') }, (err, data) => {
if (err) {
console.log(err);
} else {
console.log(data.Plaintext.toString('utf8'));
}
});
You can find more this here
Related
I have a Firebase functions project with dev and prod versions. There I'm using auth.generateEmailVerificationLink() to send email verification for a newly created user. Everything works well except in prod environment (testing locally or hosted) the apiKey in the link generated by auth.generateEmailVerificationLink() is not same as Firebase's default apiKey. And clicking that link I get the page with error code:
Try verifying your email again
Your request to verify your email has expired or the link has already been used
Note that when I get the link with the wrong apiKey, if I change it to the right apiKey. the verification works. So it seems the whole problem is related to the wrong apiKey in generated email verification link.
Also to note that the wrong apiKey is not random key but used in project front end for Google Maps apis.
The code itself is simple. (I'm leaving out code which creates user etc as those parts all work perfectly)
-Initializing Admin SDK:
import { initializeApp } from 'firebase-admin/app';
import { getAuth } from 'firebase-admin/auth';
initializeApp();
const auth = getAuth();
export { auth };
-Generating email verification email
const sendEmail = async () => {
const actionCodeSettings = {
// This url is working correctly, it is the same as in Firebase console
// and when changing the wrong apiKey to correct redirecting works correctly
url: process.env.DOMAIN as string,
};
await auth
.generateEmailVerificationLink(email, actionCodeSettings) // email is the email of newly created user
.then((link) => {
// generate email message with link
// generate mailOptions
// use transporter to send email
});
};
Thank you for any help
EDIT
I tested deleting that "wrong" apiKey from GCP credentials page and replaced it with another. Then running the function locally everything worked normally but the "wrong" is still in the verification email link even tho it doesn't exist anymore.
Firebase strongly recommends that if Admin SDK is used in Cloud Functions, among others, initializing the app should be done without parameters.
https://firebase.google.com/docs/admin/setup#initialize-without-parameters
For me it seems something is for some reason pulling that "wrong" and now even deleted apiKey from somewhere to usage.
I solved this by noticing that, unlike in dev project, Web Api Key (Project Settings>General) is different than Web App's firebaseConfig apiKey.
So I added correct permission to this Web Api Key (Identity Toolkit API is required for email verification email) found in GCP credentials and now the cloud function sends email verification emails with correct and working apiKey.
I'm new in React native developpement, i'm working on an app for packages inventory with Front-End React native and Backend-end DOT NET Core API.
I use Axios to call the APIs, my backend is set up to run with HTTPS on an IIS server.
when i test in local every thing works perfectly but when i test with the Back-End published the Axios return [Network Error].
i suspect the problem is from the HTTPS protocol but i'm n ot sure.
this is my Axis call:
axios.post(`https://company-soft.com/api/login`,
{
username:username,
password:password
})
.then((e)=>
{
console.log(e.data);
})
.catch((err)=>
{
console.log(`login error: ${e}`);
});
PS:i tested the API with Postman and it is responding fine.
i already tried some codes to override the SSL verifivation like the httpsAgent but i'v been told that it dosen't work with react Native.
is there a way to do it with Ract Native and Axios ??
Thanks a lot.
I followed this tutorial to get started using the AWS SDK for JavaScript (version 3) within React Native apps, in order to, say, create and delete buckets stored in Amazon S3. I completed all the steps in the tutorial, but ran into an issue on Step 6: running the example React Native app. The app does run in my browser, fortunately. The problem is, the app keeps giving me the error message in the question title, whenever I type a bucket name into the text input field and subsequently press the button that calls this asynchronous JavaScript function for creating buckets:
const createBucket = async () => {
setSuccessMsg('');
setErrorMsg('');
try {
await client.send(new CreateBucketCommand({ Bucket: bucketName }));
setSuccessMsg(`Bucket '${bucketName}' created.`);
} catch (e) {
setErrorMsg(e);
}
};
What gives? I successfully created a Cognito Identity pool and attached the AmazonS3FullAccess policy to the unauthenticated identities IAM role. And I am positive that I provided the correct credentials—region and identity pool ID—within the React Native code.
If it matters, I used Expo, not the React Native CLI, to create and run the app.
In my react native app, I want to pass along a user’s AWS cognito credentials to a WebView inside the app so that it can be used to access files which are stored on a private S3 bucket.
So basically I have the following working:
- log into Cognito (via aws-amplify’s Auth class)
- Security on the S3 bucket allowing only logged in users to have access to its content.
I have tried to send the headers to the Webview
<WebView
source={{
uri: source,
headers: {
Authorization:
"AWS4-HMAC-SHA256 …”
}
}}
But that does not seem to work. Does anyone know how to do this?
Ok, after many emails to AWS entreprise support team members, and many hours of hair pulling; I have found out that S3 does not currently support passing along credentials from Cognito.
What we can do is:
Place CloudFront in front of S3, and use Origin Access Identity (OAI) to protect the data. This works well to securitize the access, HOWEVER it does not allow me to pass along the credentials to S3. This is because the communication between CloudFront and S3 now pas the OAI which means a single identity for all users.
Sign each of the S3 access URLs that you need to access.
I used the latter as I need to restrict user access. The code to sign the URLs that I used was:
In react-native:
import AWS, { Auth, Storage } from "aws-amplify";
Storage.get("image.jpg").then(result => {
console.log(result);
}).catch(err => {
console.log(err);
});
In node.js:
import AWS from "aws-sdk";
AWS.config.update({ accessKeyId, secretAccessKey, region });
const s3 = new AWS.S3();
s3.getSignedUrl("getObject", {
Bucket: "s3-bucket-name",
Key: "my/path/image.jpg",
Expires: 60 * 5 * 1000, // 5 Minutes
});
I hope it can help others.
I try to understand how I can store secrets in a xamarin forms project.
I have a web api core as a backend and a xamarin forms app as a frontend.
I am trying to code facebook authentication with Xamarin.Auth and I need to pass secret key to my app..
My thinking:
Store in the frontend: I could create a config file and encrypt it but the decryption will be in my source code and by decompiling and reflexion the hacker could retrieve the decryption source code and decrypt the secret key.
2: Store in the backend: I could store the keys in the backend but by sniffing requests sent a hacker could retrieve my secret keys.
Then what is the solution? How can I do it?
Thanks,
You could store your secret using Xamarin.Essentials. For Android your secret will be stored in the Androids KeyStore and within the Keychain in the case of iOS. Even if you decide to go with an encrypted config file I would strongly recommend storing your keys and IV in the SecureStorage instead of hard coding it in your source code. It is extremely easy to use and, well, as secure as it gets on a mobile device.
try
{
// write secret
await SecureStorage.SetAsync("oauth_token", "secret-oauth-token-value");
// read secret
var token = await SecureStorage.GetAsync("oauth_token");
}
catch(Exception ex)
{
}