I am trying to create a custom controller with user authentication.
Here is what i did.
class GetUserDetails(http.Controller):
#http.route('/web/getUserDetail',auth='user',type='json')
def getChit(self,**kw):
print('Inside getUser detail',kw)
Issue 1: When i call this controller from an API client (ARC) its directly get into that function, without any authentication.???
Issue 2: If we solved the above issue, how can i authenticate a user via API call/client.
Actually i want to get user details in android app.
AFAIK, Odoo controller using cookie for authentication. So if you call API from other apps/device, better to use Odoo webservice API https://www.odoo.com/documentation/13.0/webservices/odoo
Odoo webservice API already integrated with "Access Rights" or "Record Rule", so IMO this is the best way to connecting Odoo with other apps.
You can use REST Framework for Odoo to create your API and do the authentication (see #13 for more details), or you can use JWT
Related
I'm facing the same issue as the one posted at (How to get authorize code to dismiss login page with oauth2 wso2 identity server)
I tried to follow the solution instructions, but in my case, the drop-down menu under "Request Path Authentication Configuration" is empty; no options listed.
I checked the application-authentication.xml file under /opt/wso2am-4.1.0/repository/conf/identity and I have this:
I'll apprecitate any support you can provide. Thanks. Daniel
Just to close this thread, and as I was not able to get a solution, I solved it by running an instnace of the WSO2 Identity Server and handle the security through this product, instead of using the IS features the API manager has embedded. cheers!
I am using Laravel 6 and in the controller store method, Auth::user() returns null even when the user is logged in but works in blade template. I have gone through similar questions but nothing is working.
I am posting to an API route and I am not sure whether this is the reason. Kindly assist.
If you have not adjusted the api web group or the RouteServiceProvider that comes with the default application you will not have any session support in your API routes (routes/api.php). The APIs are usually stateless so no session support. If you want to deal with authentication using the built in authentication system you would want to deal with a token based system. The default api guard that is setup for you will use the TokenGuard which will look in the request for a token being passed to authenticate the user against. You would need to assign the middleware auth with the parameter api, to specify the api guard, auth:api.
If you send a request correctly to one of these end points now, including the token, you will have a user returned from Auth::user() or $request->user() etc.
Laravel 6.x Docs - API Authentication - Passing Tokens in Requests
Laravel 6.x Docs - API Authentication - Protected Routes auth:api
Pleease read the whole section for a better understanding of using this type of Guard with the built in Authentication system:
Laravel 6.x Docs - API Authentication
If you don't want to deal with a "stateless" API, and you would rather use sessions you can just move your API routes to the web.php file and prefix them with api.
I am trying to develope a simple hybrid app using an adapter based authentification.
All the examples I have found explain how to do it assuming that firstly we call a secured procedure to fire the authentication process.
I've been trying to develope a login calling directly to a "login adapter" to perform the authentication. I've tried using the "submitAdapterAuthentication" but the challenge handler is creating a infinite loop.
I did manage to make a login invoking the "login adapter" as a common procedure("WL.Client.invokeProcedure(...)"), but then I was not able to subscribe to a event source and I need PUSH notification functionality. I got always the next error:
Can't subscribe, notification token is not updated on the server
Is it posible to authenticate against Worklight Server calling directly to a "login adapter" using Adapter Based Authentificaton? How?
I think the approach of a direct login call makes sense but I haven't found any official solution to it.
If you want to invoke authentication process explicitly, you can use WL.Client.login(realm, options) API provided by Worklight.
http://pic.dhe.ibm.com/infocenter/wrklight/v6r0m0/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fapiref%2Fr_wl_client_login.html
Another option is to add a security test at the application level inside of application-descriptor.xml for each environment.
This will cause the app to ask for authentication immediately.
<iphone securityTest="nameOfMobileTest" bundleId="com.myApp" version="1.0>
....
</iphone>
<android securityTest="nameOfMobileTest" version="1.0">
....
</android>
I've been creating API and consumer by following Simple API Development with Laravel from Aaron Kuzemchak. I got the problem after I success to auth via API from my consumer; I do not know how to check it, if the consummer already success logged in or not at the other pages...
For example, at the first; I show the login page, click the submit button to check the credentials via API. The login attempt is working, success to logged in and redirect to dashboard. But, if I haven't logged in and accessed the dashboard from URL, i got the dashboard :O
The API server and the consumer have separated machine and the database only exists at the API server.
Am I doing this right (with the flow for the API and Consumer) ?
At the consumer, how can I get to know if the user already logged in or not (after success attempt the credential)? (somehow? someidea?)
Thank you before... :)
This question is very confusing, probably because I haven't watched that screencast yet, but shouldn't Auth::check() be what you are looking for? It will return true or false depending on if the user is logged in.
Just to make sure:
You have a back end API built from the tutorial posted here: http://kuzemchak.net/blog/entry/laracon-slides-and-video
You're using HTTP Basic authentication as described in the above tutorial
You're building a (consumer) front end web interface for users on a separate server
Your consumer interface uses forms based authentication (a login form)
The backend API uses HTTP basic authentication (and the consumer sends an API key for the user with each request). As such, the backend won't keep track of a user being logged in. That means your consumer interface will need to do this.
You could use the Laravel Auth class for this normally, but your front end would normally have access to the database and the bundled authentication drivers could just check a username/password.
I'd say your options are:
Store details of the user in a session using the Session class (feels a bit nasty but simple)
Write an authentication driver and then use the Auth class (advanced but cleaner: http://www.karlvalentin.de/1903/write-your-own-auth-driver-for-laravel-4.html)
Just talk straight to the database using the existing Auth class and Eloquent
I'm using Upshotjs and knockout in an MVC4 SPA project to create a simple blog site. I am trying to enable roles based authentication so that only registered users can post a blog.
To do this I have an authorize filter on the DbDataController AddBlog method which passes back a 401 for unathorised users. This works fine and the error callback function in the orginating dataSource.commitChanges call is fired off but how do I get the error details from this function?
I have tried the dataSource.getEntityErrors method but this has nothing in it.
Grateful for any help.