In our current B2B project, we need to use the EarlyLogin functionality together with Smartedit.
Unfortunately, the EarlyLogin prevents a smartedit user from accessing the FrontEnd, after Login into smartedit.
Obviously, because the smartedit user does not have an access token to spartacus yet.
Did someone already resolve that issue and how would you do that?
We are thinking about sending two auth requests, one for smartedit and an additional login request for spartacus with maybe a dummy customer.
Or is there a better work around?
Any help is appreciated :)
Many thanks in advance,
Julian
You can register a dummy customer in Spartacus. Then smartedit user can login as this dummy user in Spartacus.
Thank you a lot of for your answer, Weizhang.
Ideally, a smartEdit user should not be forced to login twice.
Plus, we face a lot of issues with smartEdit in combination with an unauthenticated customer in an protected storefront environment.
Anyhow, that will be our work around as well. We do send an authorization request with a dummy customer for the Spartacus storefront, once the SmartEdit user logs in to SmartEdit.
Related
Use case
I am creating a paid blog website, where people can pay to bloggers to see their blogs.
Solution i Chosen
I have chosen NextJS to build static content(SSG). With fallback option, static content can also built after site is deployed.
Problem
Now, the problem is authentication. We can not authenticate any incoming request on server like SSR.
The only way to check authentication is present on client side. Use useEffect hook to check if the current user is authenticated or not.
But, the problem with this approach is that, any user can disable javaScript on client side to view the content.
Is there any way to authenticated SSG page request on server side.
I don't want to use SSR because increased cost.
You can you use a service called Auth0 to implement static site authentication. It is free up to several thousand requests per month and has React components you can use. Make sure to follow the tutorial for auth0-react and NOT nextjs-auth0 (this is for SSR).
Here is the link to Auth0: https://auth0.com/
You could return null if the user is authenticating on SSG. If you're not loading any content via an API, then the user would be able to see it in the code (but not many users would be doing this). There is the option of Vercel Edge Functions now if you haven't managed to fix this issue yet.
We noticed a white page blink when page refresh happens on site when the user is logged in.
Also, we know that transfer state is not happening when the user has logged in and this is implemented intentionally since user data will be loaded again anyway.
Then we enabled transfer state for the logged-in users and there is one issue regarding acces_token.
Problem happens when acces_token becomes invalid and the page refreshed, so too many requests are made with the old acces_token (not an endless loop), and it's noticeable that acces_token changes more than a couple of times at that moment.
We assume that cms components make additional requests with the old token and we want to fix this somehow.
We are using Spartacus version 2.1.4
Any ideas on how to fix this?
Let me know if any more info is needed on this.
Thanks in advance.
This shows what is happening after you refresh the page when access_token is expired.
Network tab
I believe it's possible to face such issue when enabling transfer state for logged-in users. If you think it might be a bug or at least good candidate for a feature request please create a ticket: https://github.com/SAP/spartacus/issues/new/choose so the info for reproducing the issue will be provided.
Can you share what's the use case for enabling transfer state for authenticated users?
It might not be exactly the same case but some people deal with similar problem (flickering with SSR enabled for authenticated requests) using cookies:
send token to server in angular universal
Angular universal flickring with Transfer state
We would like to build an SPA-like login form in Keycloak, which would dynamically show prompts for credential/inputs from the user without having to refresh the page.
From what I can see, each Authenticator in Keycloak is expecting a form-POST on its associated view, from which it extracts the response. So by default, this implies that each implementation of Authenticator SPI we would like to support (e.g. username/password, 2fa, security questions, etc) would require a page refresh to collect the user's input.
Is there any way an SPA-like login experience (with multiple Authenticators) can be achieved with Keycloak? Any thoughts/suggestions would be greatly appreciated. Thanks.
The idea is I want to be able to make requests to jira api to e.g. create new issue, but I don't want to hardcode user credentials in my web app, nor in the request itself.
When a user clicks a button on my page to, for example invoke api call to automatically create 10 issues, I want them to be redirected to jira to enter credentials. Is it possible?
Ok, it seems that it certainly can be done through OAuth, described e.g here:
https://developer.atlassian.com/server/jira/platform/oauth/
After a lot of research, i coudn't find any useful information that could be of use onto my problem.
I am trying to create a login page that redirects to my website. After the user is logged in, that user has access to OpenERP and the whole website.
Any information is useful. I don't understand Python.
Thanks
i think you need top work out on openerp API Configuration
that will help you
You can use ldap kind of things openerp supports oauth2 check here