How to enable Google Authentication in Angular 5 app?
I want to implement to enabled otp setup and when someone login to app whose otp is enabled than they input 6 digit code from Google Authenticator.
As such there is no Google authentication directly provide in angular 5.
Some how you have to write the API in other language like PHP or else which will contain your Google authentication code. And that API will return you the qrcode with the help of that you can simply integrate that along with UI in angular 5. Once user scan the qrcode , in next login just ask for 6 digit and give call to API by passing that 6 digit and get validate the same. I have implemented the same and it worked
For Angular 2+, there is a library that does just that: Speakeasy. Here's the workflow:
1 - Creation:
Speakeasy generates a secret
A QR code is generated based on that secret
The user scans it using Google Authenticator
Now, both the user and the server share a secret that is used to generate time-based one-time passwords (TOTP).
2 - Authentication
The user enter its credentials + the token generated by Google Authenticator for your app at this moment
The server can check the authenticity of the user by comparing the token given by the user and the token generated by the secret he saved for this user
Note there is no communication with Google Authenticator - don't bother looking for an API. Tokens are generated based on the time and the secret.
There are many sample apps on GitHub and articles out there.
- https://github.com/tjoudeh/AngularJSTwoFactorAuthentication
- Use nodes plugin - https://www.npmjs.com/package/angular2-google-login
Related
I'm trying to build a web app using Google App Script which retrieves project data from Zoho projects. Zoho API uses OAuth 2.0 - see here: https://www.zoho.com/projects/help/rest-api/get-tickets-api.html
I'm trying to figure out what the flow of authentication is here, when using App Script.
How do I display the OAuth permissions dialog for the user?
Do I need to redirect (redirect_uri) to another App Script to deal with the ?code= and do the actual API calls? Or should I redirect to same script and have a check for ?code= query string at the start of the script?
How do I deal with the refresh token, when auth needs refreshing?
We're having problem signing in with Apple with our setup.
We have an education platform with 50 or so different apps/product.
All apps have their own separate Firebase project, but they share the same Firebase Project for authentication, so the user can login with the same account on all the apps.
Basic setup:
1 Firebase project for all authentications
Separate Firebase project for all individual apps.
What works
Facebook Auth and Email Auth worked right out of the box, and after putting each separate projects Client Id in the auth project
"Whitelist client IDs from external projects", Google Auth worked too.
The problem
The problem is with Sign In With Apple. We can get one of the projects to work by adding the apps Bundle ID to the
"Service ID (not required for iOS)" in the Auth projects Authentication/Apple section.
But this field only accept one Bundle ID (compared to Google Auth Whitelist, who accept multiple), and we get an error when trying to sign in:
The audience in ID Token [com.BUNDLE.ID.HERE.XXX] does not match the expected audience
Any suggestion on what to do would be very appreciated.
Create a service ID with bundle name com.bundle, and make sure it's associated with a common app ID.
I am currently developing a mobile app in react native and using Auth0 for user management. I am using my own login, signup and forgot password screens instead of their lock widget. I was able to implement passwordless sms and email by calling their authentication api as well as account linking by using their management api. However, I am having difficulty authenticating in a user with their email and password through the api once they already have an account. It seems to me that there should be a single endpoint for this in which you include the email and password in the body of the request. I was wondering if anyone could help me understand how to simply login users using auth0's api. Thanks in advance.
Take a look at this react native (embedded login custom UI) sample (slightly dated) - wrote it around 6 months ago, but it should offer you good insights - https://github.com/auth0-samples/react-native-embedded-login
Sign in logic is here
Feel free to leave questions below.
For anyone who is still looking there is this step by step on their website on how to login with password via API: https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-resource-owner-password-flow
And with this endpoint you can register a new account: https://auth0.com/docs/api/authentication#signup
I have a console application that uses Google's OAuth for devices workflow to authenticate users using their Google accounts (see: https://developers.google.com/identity/protocols/OAuth2ForDevices).
During the authentication process, the user is required to visit https://www.google.com/device and copy-paste a code printed by my app.
Is it possible to include the code as part of the auth url such that the code will already be filled in, and the user only has to click on to authenticate (I'm thinking on opening a browser window programatically)?
Looking for an option like https://www.google.com/device?code=ABCD-EFGH
I am trying to integrate a two factor authentication solution with a mail server that is hosted on Apache Tomcat. Right now the app is using form based authentication and the user enters his user name and password and is authenticated against openLDAP as back end.
What we want is the following -
1). User enters his Un and PWD
2). The request is "intercepted" and put on "hold"
3). A one time pwd (OTP) is generated and sent as SMS to the user.
4). The user sees a new page with a box to enter that OTP.
5). The user enters his/her OTP sent as SMS
6). The OTP is verified and if true the "held" request in step "2" is forwarded for further authentication
The trouble is that I have no access to source code of the mail server app.
I can achieve something very similar in IIS(Microsoft) using an ISAPI filter, but need to know how to achieve this in Apache?
I am looking on the lines of Valve/Filter and SAML, but have no clue how and where to progress.
I contacted the logintc guys for their 2-factor credential and resolved my 2-factor using their apps. Check them out.
https://cloud.logintc.com
The LoginTC platform services are free for under 1,000 users. So that's great.
I followed the instructions from this URL: https://cloud.logintc.com/help/developers
Basically, I created an admin account for my domain in the logintc cloud control panel. Then I used the Server-Side Authentication instructions to enable my Apache website with the logintc button, and added the code snippet in my authentication page.
My users download the logintc app from Appstore, Android or Blackberry marketplaces, I issue them a Confirmation Code and they create their credential token in the app with a PIN (same as ATM cards)
The whole thing takes less than 1 hour to configure. My users get an out-of-band notification to unlock their credential with the PIN, and bingo, they achieve 2FA.
You must check them out
I would suggest using OpenAM former OpenSSO from Sun
It has a filter/agent that can be deployed on apache And it has very good support for multi-factor authentication including SMS authentication module.