How to implement oauth2 to external api in meteor app - api

I'm writing, beacuse i'm having trouble trying to implement a method to auntenticate oauth2 in a meteor APP (using react in view). In this case i have to connect to my own autentication server running in .net. I have read some tutorials with facebook, github, etc, but in my case is different
Anyone have any code, tutorial or know how to implement?.
Thanks
PD: i'm new using Meteor.

There is a meteor package for OAuth2 here
https://atmospherejs.com/meteor/oauth2
It doesn't provide much information, except directing you to the Meteor accounts documentation at https://guide.meteor.com/accounts.html
There is also this page, which provides examples of both client and servers for OAuth2. I haven't explored it myself, but it looks like a good start. I always like to look at examples myself when picking up something new :)
https://github.com/prime-8-consulting/meteor-oauth2

Related

Is it required to migrate to GIS when you're using google-oauth2?

This link https://developers.googleblog.com/2022/03/gis-jsweb-authz-migration.html says
Your full suite of apps and platforms may be using different methods of authentication and authorization from Google. The following are NOT affected by this deprecation announcement:
Android or iOS native app SDKs,
Backend platforms directly calling Google’s OAuth 2.0 or OpenID services.
I'm currently trying to understand our huge legacy code which might be affected by the GIS migration. Currently, we just redirect to https://accounts.google.com/o/oauth2/v2/auth to start the oauth2 process, once the user clicks the "Sign in with google" button. I've seen this link in the example of the old way from the migration document here: https://developers.google.com/identity/oauth2/web/guides/migration-to-gis#oauth-2.0-endpoints however I'm not sure if it is required to migrate to GIS or not.
From what I understand, only the frontend related libraries should be worried, but I'm dumb so maybe I'm misunderstanding. Can anyone help enlighten me?
Thanks.
You do not need to migrate if you are directly making calls to the Google's OAuth 2.0 endpoints.
The guide you reference recommends using the library with the note use the Google Identity Services library to support a less intrusive popup UX mode and to avoid having to manage complex OAuth 2.0 requests and responses. The intent there is to simplify your implementation not to force a migration.

Has anyone successfully implemented Azure AD auth using Server Side Rendering Angular (Angular Universal)?

Currently We have an app that is using Angular Universal for Rendering. We have MSAL auth installed but we get random infinite loops with auth, especially new users.
We have tried catching these events and handling them but it does not seem to work. Looked at some documentation that says, MSAL is still not supported with Node and Server Side Apps.
I cannot use AUTH0. Does anyone have any ideas on how to accomplish the auth against azure ad in this type of app?
MSAL.js at the moment works only with single page applications. Support for Node applications is on the roadmap.
Still, there are a number of 3rd party libraries that you can use for this. I would suggest using passport-azure-ad. You can see a sample application here.

ASP.NET WEB API Authorization or User based Licensing

Have done a lot of search and reading over the WEB but could not come to any conclusion yet.
We are planning to develop a list of API's (planning to use ASP.NET WEB API). One of the business goals is to package the API and selling/licensing the Packages/API to end users.
Some thoughts that came to consideration:
Using Authorisation Filters to do check against database, if the user requesting the API has access to it or not. Not very sure of the implementation details yet even on this approach.
Are there any better suggestions or ideas or any open source libraries that we can go with?
What are the possible recommendation or best practices to achieve this.
Thanks in advance.
Please take a look at the following links. Hopefully, they help.
Web API creating API keys
How to secure an ASP.NET Web API

CakePHP and RESTful with PhoneGap

I have built a cakephp site with RESTFul calls. Happy to say these calls work when using curl from another php site. (This is all testing at the moment)
The next stage is setting up authorization, from my understand I'd be looking at either basic or digest loging to make RESTful calls.
I'd like to build a phonegap app, that requires login. Would RESTful calls to CakePHP be the way to go. i.e making a RESTful API for my site?
I'd like to provide an API key. How would this key be secured in a phonegap app?
How secure is phonegap in general? If the files for an app are css, html, js can't the app be broken into and the files revealed
Just looking for general advice and a direction to continue researching.
I believe what you need would be a stateless authentication system. CakePHP comes with 2 built in. Take a look at this example

Facebook C# authentication example

Authentication examples are missing from the documentation.
Would it be possible to have an authentication example for a desktop application, not a web one?
If you're writing a desktop application, consider using Facebook PowerShell Module. I would be interested to know more about your scenario! Jon