I wants to authenticate/authorize clients on vernemq broker. This are two hooks I'm interested in:
auth_on_register
auth_on_subscribe
I have setup above hooks and endpoints for them. On new register and subscription, I'm able to log the POST request params.
Related vernemq docs can be found here
Question:
Can we pass some custom variables in client request, so that we can handle auth.
If not, then can ssl be good alternative here, please include procedure for that?
Details:
by enabling auth_on_register we can get POST request to corresponding endpoint, with params:
{
"peer_addr": "127.0.0.1",
"peer_port": 8888,
"username": "username",
"password": "password",
"mountpoint": "",
"client_id": "clientid",
"clean_session": false
}
you can see that it is using username and password for auth purpose, do vernemq or mqqt in general provide facility to send custom params e.g. auth_token?
I have read that we can configure ssl certificates also, so if there's no facility for custom params then I would to go with this, or any other suggestion?
Related
I have a Cognito app client configured to use USER_PASSWORD_AUTH flow. By POSTing this request:
{
"AuthParameters": {
"USERNAME": "{{Username}}",
"PASSWORD": "{{Password}}"
},
"AuthFlow": "USER_PASSWORD_AUTH",
"ClientId": "{{AppClientId}}"
}
to "cognito-idp.us-east-1.amazonaws.com", I am able to successfully authenticate and retrieve JWTs.
I would like to CNAME the URL to be something like "auth.mydomain.com", but when I do that, I get a client certificate validation error. Is there anyway to associate a valid certificate so I can CNAME the URL successfully?
You can configure a custom domain within your Cognito user pool. That's what we had to do to make this work. Check out this Cognito documentation. It discuses using the hosted UI stuff, but it should also apply to your scenario where you provide the login UI.
Reading through vaults documentation for ldap auth method, I am able to successfully login via a postman API call to the vault server.
ldap is currently configured with default-lease of 3600s(1hr) and max-lease 86400(s). In postman calling, I provide password and ttl KVs. however the response, while successful, still comes back with the default 1hr lease for my token.
{
"password": "mypassword",
"lease_duration": "5"
}
I have a working FeathersJS server working with Authentication service.
I can make a POST from the client (browser) like this:
http://localhost:3030/authentication/
POST BODY:
{
"strategy": "local",
"email": "myEmail",
"password": "myPassword"
}
That works and it returns validated accessToken.
I am trying to implement GraphQL (Apollo server v.2). I managed to make it working and I can call any Feathers Services from GraphQL resolver.
The problem is - I need to call Authentication service from the code on Server side and not from the client.
Sure I can just ho ahead and code everything by myself - make a query to Users and validate. But since Authentication service is already in place - can I re-use it?
I can get the service object:
const authService = app.service('authentication');
Can I just call some function to get the validated accessToken, something like:
return authService.someFunction( {"strategy": "local","email": "torodom.canada#gmail.com", "password": "password"} );
There are just 2 methods available
create and remove.
Create does not validate - it just generates JWT based on parameters.
Can someone give me a help or any idea about it?
Appreciate any help.
The method to use is standard Feathers service create method:
return authService.create({
"strategy": "local",
"email": "torodom.canada#gmail.com",
"password": "password"
});
You can learn more about Feathers service in the basics guide and the authentication service in the authentication server API documentation.
I am trying to use Periscope API (https://github.com/gabrielg/periscope_api/blob/master/API.md) in my application. As in the API link I am trying to send POST request to https://api.periscope.tv/api/v2/loginTwitter?build=v1.0.2
with request body as following
{
"bundle_id": "com.bountylabs.periscope",
"phone_number": "",
"session_key": "<twitter_user_oauth_key>",
"session_secret": "<twitter_user_oauth_secret>",
"user_id": "<twitter_user_id>",
"user_name": "<twitter_user_name>",
"vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
}
I already have an application in https://apps.twitter.com/ but I don't know what to use as twitter_user_oauth_key and twitter_user_oauth_secret. Can you help?
I must say https://github.com/gabrielg/periscope_api/ implementation is a bit complicated. Author using 2 sets of keys (IOS_* and PERISCOPE_*) when you actually need only one to access API. I didn't tried to broadcast but in my PHP library all other functions works without troubles with only what he call PERISCOPE_* set of keys.
You will get session_secret and session_key from Twitter after getting access to it as Periscope application.
So Periscope's login via Twitter process looks like
Request OAuth token via https://api.twitter.com/oauth/request_token
Redirect user to https://api.twitter.com/oauth/authorize?oauth_token=[oauth_token]
Wait for user login and get oauth_token and oauth_verifier from redirect url
Get oauth_token, oauth_token_secret, user_id and user_name via request to https://api.twitter.com/oauth/access_token?oauth_verifier=[oauth_verifier]
Send request to https://api.periscope.tv/api/v2/loginTwitter
{
"bundle_id": "com.bountylabs.periscope",
"phone_number": "",
"session_key": "oauth_token",
"session_secret": "oauth_token_secret",
"user_id": "user_id",
"user_name": "user_name",
"vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
}
Save cookie value from last response and add it to all JSON API calls as some kind of authentication token.
Requests in 1 and 4 steps should be signed with proper Authorization header which requires Periscope application's consumer_key and consumer_secret. While consumer_key can be sniffed right in first step (if you are able to bypass certificate pinning) consumer_secret never leaves your device and you can't get it with simple traffic interception.
There is PHP example of login process https://gist.github.com/bearburger/b4d1a058c4f85b75fa83
Periscope's API is not public and the library you are referring to is sort of a hack.
To answer the original question, oauth_key & oauth_secret are keys sent by your actual device to periscope service. You can find them by sniffing network traffic sent by your device.
I have set up a servicestack service with basic authentication using the first example, here:
https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization
This automatically sets up a route: /auth/basic
However, I cannot find any information or examples on how to format a request to this URL (Variables/GET/POST/Auth Header, etc.).
I am able to access a simple service using the basic authentication credentials, so they are active and correct.
I have no custom authentication plugged in, just basic authentication.
I have tried:
Using a JsonServiceClient to send UserName and Password variables by GET or Json POST to /auth/basic, with and without an Auth header also containing the user & pass.
Using a browser to send GET requests with URL parameters of the user/pass, or as http://user:pass#localhost:123/auth/basic
I always just get "HTTP/1.1 401 Invalid BasicAuth credentials".
The only examples I can find involve some kind of custom authentication, and then /auth/credentials is accessed, but I want to use /auth/basic
I have looked at the code and it looks like it reads an Auth header, but the service does not accept one.
I am actually trying to get this working so I can then disable it and verify it is disabled (I want to require basic authentication for every request).
Questions are:
What is the correct way to call the /auth/basic service? I will take a servicestack client API example, specifications or even a raw http request!
How do you disable the /auth services altogether?
Many thanks.
What is the correct way to call the /auth/basic service? I will take a servicestack client API example, specifications or even a raw http request!
var client = new JsonServiceClient("http://localhost:56006/api");
var resp = client.Post(new Auth() { UserName = "TestUser", Password = "Password" });
This assumes you have also registered an ICacheClient and IAuthUserRepository (and added a user account)
The JSON format looks like this if you call into /auth/basic?format=json
{
"UserName": "admin",
"Password": "test"
"RememberMe": true
}
How do you disable the /auth services altogether?
Don't add the AuthFeature plugin to configuration.
You can also remove plugins
Plugins.RemoveAll(x => x is AuthFeature);
Putting the following in apphost config seems to do the trick.
//Disable most things, including SOAP support, /auth and /metadata routes
SetConfig(new EndpointHostConfig()
{
EnableFeatures = Feature.Json | Feature.Xml
});
I am a little suspicious about what this does to /auth however, because it returns an empty response, while most routes return 404.
So, would this truly disable the /auth functionality? As in, if someone formed a correct request to /auth/credentials, will it still return an empty response?