Parse: no sessionToken retrieved after initial sign up using Google oAuth - react-native

For my React Native app I am using Parse JS SDK and hosted Parse Server on Back4app.
When I try to register a new user, the user is not authenticated because the response does not return a sessionToken.
However, once the user is in the db and signs in a sessionToken is returned and the user is authenticated successfully.
Request
The request is the same for sign in/up.
await Parse.User.logInWith('google', {
// auth data received from #react-native-community/google-signin
authData: {
id,
id_token: token
}
})
Response on initial Sign Up
The response is supposed to return a sessionToken which is missing. So the user is not authenticated and modifications on the user object are not possible.
{
"authData": {...},
"createdAt": "...",
"objectId": "...",
"updatedAt": "...",
"username": "..."
}
Response on sign in after user was created
{
"ACL": {...},
"authData": {...},
"createdAt": "...",
"objectId": "...",
"sessionToken": "...",
"updatedAt": "...",
"username": "..."
}
I don't use any cloud code. Just a simple auth flow with Google oAuth.
Any help is highly appreciated.
Edit: same issue for 'sign in with Apple'

As far as I know, according to the Official Documentation, Parse will respond 200 (HTTP OK) and include the Session Token only when it verifies the user is already associated with the OAuth authentication data.
So, again, as far as I know, the very first request when you create the user, will not contain the sessionToken.

Take a look to this tutorial https://www.thinkertwin.com/how-to-setup-google-oauth2-login-with-parse-server-in-react/
Here there is an explanation on how to setup your Cloud Code. It's for React, but with small adjustments it will work for React Native.
You also need Cloud Code as you need to store your Client ID and Secret. You don't want to have those on your public application

Related

Rest API for Authentication with nHost

So I know there's several SDK packages for many languages available for nHost, however I need to create my own interface to the system since the language I'll be using isn't typical.
I basically just need to know how to interact with authentication endpoints, send a users un/pw and recieve a JWT token. I've been successfully able to do this with aws Cognito, but I'd like to explore this instead.
I'm also not sure if I'm using the right base url, here's my thought so far:
https://kbvlufgpikkxbfkzkbeg.nhost.run/auth/login
So I would POST to there with some json in the body with the un/pw stuff, and the response should be the jwt token right?
I get a "resource does not exist" response from the above, however, so obviously I'm not forming the url correctly in the first place.
Thanks for the help!
Nhost supports multiple sign-on methods.
For example, using the email+password method, you would send:
POST https://xxxxxxxxxxxxx.nhost.run/v1/auth/signin/email-password
{"email":"foo#example.com","password":"bar"}
and the response:
{
"session": {
"accessToken": "somejwt....",
"accessTokenExpiresIn": 900,
"refreshToken": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"user": {
"id": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"createdAt": "2022-09-17T19:13:15.440221+00:00",
"displayName": "foo#example.com",
"avatarUrl": "",
"locale": "en",
"email": "foo#example.com",
"isAnonymous": false,
"defaultRole": "user",
"metadata": {},
"emailVerified": true,
"phoneNumber": null,
"phoneNumberVerified": false,
"activeMfaType": null,
"roles": [
"user",
"me"
]
}
},
"mfa": null
}
The JWT is short-term, when it expires, the refresh token is used to get a new one.
The Nhost JavaScript SDK handles it automatically for you, that's a big benefit to the platform (in addition to being integrated with Hasura). If you are trying to port it to another unsupported language, you'd have to reimplement it. Probably by reading the library and/or running one of their sample client application and reverse-engineering the HTTP over the wire.

kucoin websocket api, how to "subscribe" to their public channel, they say no authorization required, but they ask for a token :(

The question is about kucoin websocket public channel (not trades) just last trades
I just want a live feed of trades like other crypto exchanges...
but when I want to connect to "wss://ws-api-futures.kucoin.com/endpoint" I get WebSocketError: Received unexpected status code (401 Unauthorized)
the documentation https://docs.kucoin.com/futures/#create-connection lack explications :(
normally with other exchanges I can just do this in javascript
bybit_market_ws = new WebSocket("wss://stream.bybit.com/spot/quote/ws/v2");
bybit_market_ws.onmessage = event => bybit_trades(event.data);
bybit_market_ws.onopen = event => bybit_market_ws.send(JSON.stringify({"topic":"trade","params":{"symbol":"BTCUSDT","binary":false},"event":"sub"}));
function bybit_trades (jsonx) { console.log(JSON.parse(jsonx)); }
so how can I do that with kucoin websocket ?
according to the documentation i would need a "public token"...
but there is no explication on how to get that token :(
does someone knows how I would retrieve the last trades via websocket (public) channel ?
Note that the following steps may be changed when the API is updated.
All information can be found at https://docs.kucoin.com/#apply-connect-token
Get the public token
Send a empty http POST (GET will not work) message to https://api.kucoin.com/api/v1/bullet-public.
Response:
{
"code": "200000",
"data": {
"token": "2neAiuYvAU61ZD...",
"instanceServers": [
{
"endpoint": "wss://ws-api.kucoin.com/endpoint",
"encrypt": true,
"protocol": "websocket",
"pingInterval": 18000,
"pingTimeout": 10000
}
]
}
}
Connect to the Websocket
With the data of the repsonse above:
websocket: endpoint + "?token=" + token
Example: wss://ws-api.kucoin.com/endpoint?token=2neAiu....
Get all supported trading pairs
send a http GET message to https://api.kucoin.com/api/v1/symbols
{
"code": "200000",
"data": [
{
"symbol": "REQ-ETH",
"name": "REQ-ETH",
"baseCurrency": "REQ",
"quoteCurrency": "ETH",
...
},
{
"symbol": "BTC-USDC",
"name": "BTC-USDC",
"baseCurrency": "BTC",
"quoteCurrency": "USDC",
...
},
...
Get trading data
When the websocket connection is established send a http POST message:
{
"type": "subscribe", //subscribe or unsubscribe
"topic": "/market/ticker:BTC-USDT,BTC-USDC"
}
maybe this answer will not please you at all, but i will try, most of the people who work from the API in KuCoin do it with python, in fact the SDK for Nodejs is out of date, your best bet is to ask in the telegram channel https://t.me/KuCoin_API, there are KuCoin engineers who always help, although most of them use python, there is also the academy channel https://t.me/kucoin_learning, where there are examples, in short I can only mention references because I was also where you are, and the best I could do was that and review the SDk code and from there intuit and create my own adjustments
PD: the datafeed.js file is your best option, check it out https://github.com/Kucoin/kucoin-futures-node-sdk/blob/master/src/lib/datafeed.js

BigCommerce StoreFront API SSO - Invalid login. Please attempt to log in again

Been at this for a few days. I am making a login form on my angular/nodejs app. The bc-api is able to verify the user/password. Now with that i need to allow the customer to enter the store with sso but the generated jwt is not working. My attempt below... I am looking for troubleshooting tips.
Generate JWT / sso_url
var jwt = require('jwt-simple');
function decode_utf8(s) {
return decodeURIComponent(escape(s));
}
function get_token(req, data) {
let uid = req.id;
let time = Math.round((new Date()).getTime() / 1000);
let payload = {
"iss": app.clientId,
// "iat": Math.floor(new Date() / 1000),
"iat": time,
"jti": uid+"-"+time,
"operation": "customer_login",
"store_hash": app.storeHash,
"customer_id": uid,
"redirect_to": app.entry_url
}
let token = jwt.encode(payload, app.secret, 'HS512');
token = decode_utf8(token);
let sso_url = {sso_url: `${app.entry_url}/login/token/${token}`}
return sso_url
}
payload resolves to
{
"iss": "hm6ntr11uikz****l3j2o662eurac9w",
"iat": 1529512418,
"jti": "1-1529512418",
"operation": "customer_login",
"store_hash": "2bihpr2wvz",
"customer_id": "1",
"redirect_to": "https://store-2bihpr2wvz.mybigcommerce.com"
}
generated sso_url
https://store-2bihpr2wvz.mybigcommerce.com/login/token/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJobTZudHIxMXVpa3oxMXpkbDNqMm82NjJldXJhYzl3IiwiaWF0IjoxNTI5NTEyNDE4LCJqdGkiOiIxLTE1Mjk1MTI0MTgiLCJvcGVyYXRpb24iOiJjdXN0b21lcl9sb2dpbiIsInN0b3JlX2hhc2giOiIyYmlocHIyd3Z6IiwiY3VzdG9tZXJfaWQiOiIxIiwicmVkaXJlY3RfdG8iOiJodHRwczovL3N0b3JlLTJiaWhwcjJ3dnoubXliaWdjb21tZXJjZS5jb20ifQ.vaeVTw4NjvX6AAPChgdXgMhm9b1W5B2QEwi4sJ6jz9KsKalqTqleijjRKs8jZP8jdQxC4ofYX5W0wYPMTquxQQ
result
about my env
I am using nodejs express... my bc app's secret & clientId are being used above and they work for several other bc-api tasks. My app is installed and authenticated on bc admin. The app being used to do the above is running on localhost but i also tried online https (same result).
I am thinking that there might be some incorrect configuration in my stores admin but havent found anything to change.
I decoded your JWT on jwt.io and I get this:
Header:
{
"typ": "JWT",
"alg": "HS512"
}
There's at least one problem here
BC requires HS256 as the algorithm according to docs
https://developer.bigcommerce.com/api/v3/storefront.html#/introduction/customer-login-api
Body:
{
"iss": "hm6ntr11uikz11zdl3j2o662eurac9w",
"iat": 1529512418,
"jti": "1-1529512418",
"operation": "customer_login",
"store_hash": "2bihpr2wvz",
"customer_id": "1",
"redirect_to": "https://store-2bihpr2wvz.mybigcommerce.com"
}
Problems here:
JTI should be a totally random string, using something containing the time could result in duplicates which will be rejected. Try using a UUID
Customer ID should be an int, not a string
The redirect_to parameter accepts relative URLs only. So try "redirect_to": "/" if your goal is to redirect to the home page.
Another potential problem is system time - if your JWT was created in the "future" according to BC's server time, your JWT also won't work. You can use the /v2/time endpoint response to specify the IAT, or to keep your own clock in sync.

How to get user info (role) from loopback token from client after login

I have a instance of User and instance of Role attached to it. Both are basic models provided from Loopback and they show up in RoleMapping and they work in ACL fine.
So, lets say I logg user in from my Vue client, then I get the response containing the access token in id field so I can make further auth requests, how do I then retrieve basic user info from that access token. Is there a way of parsing it or should I somehow modify the /login remote hook?
Any thoughts?
you need to call the login api with "include" option
/api/users/login?include=User
in response you will get something like this
{
"id": "CZY4lbJbJ2J6DrEIAjYAHfTEZbLMC2tWpyM7sZaKs7rZ1PhIY3mycua0kOHlDXfR",
"ttl": 1209600,
"created": "2018-01-21T17:01:20.183Z",
"userId": "5a3e614339e67f0e580642af",
"user": {
"createdAt": "2017-12-23T13:59:31.314Z",
"email": "dummy#dummy.co",
"id": "5a3e614339e67f0e580642af",
"name": "dummy",
}
you can try it in explorer

call Google auth API using Apache HttpClient

I would like to know if it is possible to call a Google API that requires auth such as the Google Calendar API using the Apache HttpClient, and no Google code or libraries. (and need the code to do it)
This is the code I have so far, its gets an auth error,
What do you use for the user/password?
HttpPost request = new HttpPost("https://www.googleapis.com/calendar/v3/users/me/calendarList/primary?key=mykey");
DefaultHttpClient client = new DefaultHttpClient();
client.getCredentialsProvider().setCredentials(
new AuthScope(AuthScope.ANY),
new UsernamePasswordCredentials(user, password));
HttpResponse response = client.execute(request);
Error:
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
You don't use Login and password you need to be authenticated once you are you will have an access token then you can call something like this.
https://www.googleapis.com/calendar/v3/users/me/calendarList/primary?access_token={tokenFromAuth}
You can authenticate to Google with any language that is capable of a HTTP POST and a HTTP GET. Here is my walk though of the Auth flow to Google http://www.daimto.com/google-3-legged-oauth2-flow/ you will need to create a Oauth2 credentials on Google Developer console to start. Then its just a matter of asking the user for permission to access their data and requesting the access.