I want to make an app that needs authentication, I want to use Oauth2 and I have my own REST API.
I know this is very brief question so I'm not expecting direct answer.
If you have any links or articles for this it would be helpful!
Using a library such as react-native-app-auth will help you a lot. There's quite a lot of setup to do which is explained in their documentation. Feel free to update if you run into troubles using it.
Go through this blog: https://medium.com/#alexmngn/the-essential-boilerplate-to-authenticate-users-on-your-react-native-app-f7a8e0e04a42
it is very easy to understand and shows basic authentication by OAuth2.
Related
I cannot log in to shopify through an api.
I want to build a private app with a shopify api, and I just created a laravel project and connected it to shopify through an api. I am using 'ohmybrew' and wrote my api credentials in my config. I tried to log in through an api but I get an error as follows.
Oauth error invalid_request: The Shopify API application does not support oauth
I expected to go to my dashboard but it did not work. It's my first time to work with shopify, and I am baffled as to what to do. I would appreciate it if someone could tell me what I am doing wrong.
oAuth is well established. You could probably say almost all systems with a public API support oAuth. Shopify is no different from any of them, and they all follow the same pattern. So it seems your attempt to follow that pattern is incorrect. The best thing you can do then is to look up some tutorials on how to connect to an API using oAuth, with an emphasis on your scripting language so you can have some solid code examples to follow. Once you master oAuth, you'll be able to see your dashboard.
I just watched this video about why JWT's suck. I'm now uncertain what I should use for authentication.
For context: The API I wrote is mainly used by mobile Apps (iOS and Android). In the future it will also be accessed via a React Frontend.
In the past I just used DRF's build in Token authentication. The phone would then just store this token in the storage of the respective app.
Now I've recently been told, that this is not safe and that I should use JWT's. While researching JWT's I found the video above, which elaborates on why JWT's suck and basic session authentication is better. But as far as I know, when used as an API I can't use session authentication with DRF, can I?
So my question is? What tools of DRF would you suggest to use for authentication, so that it's safe?
Thank you in advance if anyone answers this question!
Edit: Someone privately suggested using O-Auth instead of DRF's tokens or JWT's. Would that be better?
Take a look at django-oauth-toolkit for OAuth 2
So here is my duplicate of the question on security stackexchange. The man #rdegges himself has answered it. Enjoy! https://security.stackexchange.com/questions/184855/django-rest-framework-what-should-i-use-for-authentication-how-should-i-use-it/184950#184950
I am new to titanium and am trying to make a directory of contacts using Google Contact API. I have read up on it yet aren't seeing too many helpful examples. I know I need authentication yet I can't seem to figure out where to start. Any help is appreciated.
You may know some of this already but here's the broad strokes overview for others and an answer to your question (Any help is appreciated).
You need to create an (Google) account and register your project/application first in order to make requests for non-public user data. The request must include an access token. The token also identifies your application to Google.
In order to authenticate a user/application: You will need to Use OAuth 2.0 to authorize requests. You must register your project in the Google API Console and enable the Contacts API service in order to use OAuth 2.0.
To implement the OAuth protocol in a Titanium app you can follow along with the sample/tutorial in this blog post:
OAuth Login for Titanium
This is my first question in SO, sorry if it's poorly structured.
I'm a relative noob developer trying to make a REST Api with Token Authentication. I already made one with Flask and I want to make the same one with the help of CherryPy. The problem is that I'm quite lost finding some sort of plugin for CherryPy, I'm either blind or I just can't find examples nor plugins in order to make the token authentication. Could someone help me? Any info or advice will be of great help :)
This is what I achieved with Flask https://github.com/themese/flask-api
Really my problem is that with Flask and Cherrypy i found the same issue with the token auth, but with various SO posts and wiki info, I managed to code the token auth. I just seem not to be able to reporduce it with Cherrypy, perhaps the lack of info :(
I realize this post is a little old, but I would recommend you look at implementing tokens with JWT. You should use the PyJWT package and create a CherryPy Tool for route authentication & authorization checks.
Another method would be to generate a token using something like a uuid4 hex and persisting that token in your db.
I'd recommend you investigate JWT and how to implement it properly - Auth0.com.
I am a noob too. probably more so. Just trying to help.
From the docs:
Authentication
CherryPy provides support for two very simple authentication mechanisms, both described in RFC 2617: Basic and Digest. They are most commonly known to trigger a browser’s popup asking users their name and password.
link: http://docs.cherrypy.org/en/latest/basics.html#authentication
I'm building an app that requires login for Facebook to send the OAuth token to the server.
The Facebook API is a bit bulky and adds a lot that I do not need. I was using share kit, but then realized that it doesn't use OAuth but rather the deprecated session key method.
I poked around github and done some searching but haven't found something the seems to be what I am looking for.
Thanks
You could probably implement your own stripped-down 'SDK' with just the authentication code, but i think it'd be a lot of hassle for not much benefit - the authentication docs are at https://developers.facebook.com/docs/authentication/ and should give enough info to implement login from scratch - not sure it'd be easy to implement the IOS SSO functionality though - this may be tied closely with the Facebook IOS SDK