Currently I am running Web app locally and I can access local API request using postman.
I would like to know how can I test my API request from postman to the same Web App running on Heroku cloud.
Especially how to send basic authentication request from postman to Heroku App?
Related
Error when accessing app server from shopify using ngrok address .cors error
is there a way of acessing through the store directly?
You cannot access an App from the front-end because yes CORS. Also, you cannot access your App because SECURITY! You DO NOT call your App from your theme App extension for the simple reason that your App is secure. Without an API secret key to verify, you'd be exposed to the world. On the front-end anyone can see your API key secret. Therefore you do not call your App from the front-end. If you need to make secure callbacks to your App, use the App Proxy.
I have to replace a backend api from netcore to flask python.
The backend is serving apis for a single page application that's autenticate to Azure Active Directory via oauth 2 implicit flow.
Both application (Single Page and Backend) are separately registered on Azure Active Directory and this article is a good description of my scenario.
https://devblogs.microsoft.com/premier-developer/using-adal-js-with-angular4/
Actually I'm trying to implement oauth api protection by flask backend, but the documentation and resources that i found starts always from a login.
In my case, login is performed by an angular app (with adal.js) via implicit flow, than all protected apis requests has bearer token that backend should manage.
I've tried authlib, flask-dance libs but I'm missing something and I cannot perform a working scheleton.
Does anyone can helps?
I have a Web API written using asp.net core. This API will be used to communicate with several other services registered in AAD, which all could be made using different technologies like an MVC application written in asp.net core or a single page application written in Vue.JS. The latter is causing me issues as the SPA won't be run by an application web server and rather something like nginx or apache and therefor won't be able to use a client secret.
I have added API permissions for my API to my apps.
How would I achieve this? I'm currently sending an access token using the Authorization: Bearer access_token header from the client app to the API, but since the client app and the API aren't the same app in the AAD, it's causing issues.
Here's the flow I'm trying to achieve:
All of the requested apps require you to login to the AAD and when requesting data from the API, they'll send the JWT token, which then should validate the token before returning the requested resource back to the client application.
It seems you misunderstand something . You can register your each client as independent application in Azure AD , and assign access permission for your web api .
The latter is causing me issues as the SPA won't be run by an application web server and rather something like nginx or apache and therefor won't be able to use a client secret.
SPA application use Implicit grant flow , so that it doesn't need the client secret when acquiring token .SPA could be independent app , you should provide client id when making authentication with AAD. After getting access token , you could create http request with Authorization: Bearer access_tokenheader for accessing your web api .
Each client(web/spa/native) will acquire access token for accessing web api . On web api side , you just need to validate the token .Validate the claims(issuer,audience) and signature .
I have an Azure Mobile App service that I use with my (Cordova and Xamarin) mobile apps. The URL for the Mobile App service is https://gonzo.azurewebsites.net/ (not the real URL). I want to create a website (ASP.NET Core 2.0 Web App) that connects to my Azure Mobile App service, just like my apps do. I tried publishing it to the gonzo URL but that overwrote my mobile app service and thus I had to restore it. I’d love to know if there is a way to actually make that work.
My next step was to create the website and use a different URL https://kermit.azurewebsites.net/. I use social authentication for my app mobile service. When I debug it locally against localhost, everything works perfectly. The problem that I’m running into is that when I try to login from the published website, regardless of the auth provider (facebook, Microsoft, google), instead of getting to the login UI supplied by the login provider, I get a 403 with the URL looking something like this: https://gonzo.azurewebsites.net/.auth/login/facebook/callback?code=long-code.
I thought this can be fixed by allowing the kermit origin in my Azure Mobile App service in CORS. I even tried setting CORS to allow all hosts (*) but that didn’t make a difference. Any idea how to make this work?
I want to create a website (ASP.NET Core 2.0 Web App) that connects to my Azure Mobile App service, just like my apps do. I tried publishing it to the gonzo URL but that overwrote my mobile app service and thus I had to restore it. I’d love to know if there is a way to actually make that work.
Based on your requirement, I assumed that you could deploy your NET Core 2.0 Web App along with your mobile app, at this point your two applications could share the authentication. For Detailed tutorial, you could follow Deploying multiple virtual directories to a single Azure Website.
The problem that I’m running into is that when I try to login from the published website, regardless of the auth provider (facebook, Microsoft, google), instead of getting to the login UI supplied by the login provider, I get a 403 with the URL looking something like this: https://gonzo.azurewebsites.net/.auth/login/facebook/callback?code=long-code.
According to your description, you are using the App Service Authentication / Authorization. I would recommend you directly access https://<your-mobile-app-name>.azurewebsites.net/.auth/login/<provider-name> via the browser to make sure you have successfully set up the authentication for your mobile app.
If I understand you correctly that you want to create another Azure Web App to hosting your NET Core 2.0 Website, and your website wants to connect with your mobile app. Here are some approaches, you could refer to them:
For accessing mobile app in the front-end of your .Net Core web app
You could leverage the JavaScript SDK for Azure Mobile Apps in your .Net Core web app to access your mobile app. Details you could follow here. Additionally, if your website would also enable the app service authentication, you could just send GET https://<your-netcore-webapp-name>.azurewebsites.net/.auth/me to retrieve the access_token, then use the Client-managed authentication for logging with your mobile app in the front-end of your netcore website.
For accessing mobile app in the back-end of your .Net Core web app
I assume that your .Net Core web app would also need to enable social authentication via using the App Service Authentication / Authorization, and in the backend of your website you could retrieve the access_token for the current logged user, then you could use Client-managed authentication for logging with your mobile app. The logging request would look like this:
POST https://<your-mobile-app-name>.azurewebsites.net/.auth/login/<provider-name>
Payload: {"access_token":"<the-access-token-for-the-specific-social-provider>"}
Moreover, for retrieving the user logged infos (including the access_token,etc.) from App Service Authentication / Authorization (EasyAuth), you could follow this issue.
I have a Drupal deployed on a Bitnami Image containing some content that I use in a mobile application. For that, I sat a Rest API to request Drupal and get the data.
Using Postman and the basic_auth credentials, I am able to get my API response properly with no problems.
After that, I deployed Azure API Management and tried to pass the call of Drupal API through it, I provided the credentials via an authentication-basic policy, everything worked perfectly for a moment then suddenly I now getting a 403 Forbidden Access.
I still can request the Drupal API directly via POSTMAN using the same credentials with no problems.
Thanks
Actually, When I was creating the API on API Management, I used wrong authentication credentials many times for that, Drupal had blocked the API from access to the data.
I fixed that by doing a Truncate on the table flood of my database