I want to setup a user registration system in my app, but for this I am using Lumen as a backend. However, I am unsure, how to proceed with it.
I have got a multiple options available for authentication like jwt, or oauth, but I am unsure how to get users registered in first place.
Related
I am building a website using .net. The plan is to use the strava api to get activity data of the user.
Currently the user will need to accept this strava prompt every time he reloads my site:
I got the auth flow working but my question is how to keep the user logged in. If I only store the tokens on my server I won't recognize the user on reload (or I have to use separate authentication). However if I store the tokens on the client the user will be able to make requests to the strava api on behalf on my application.
I tried to add custom jwt authentication to my server but don't like the complexity this is adding. I want to avoid it if possible.
Which of these is the standard way of doing it? Or is there a different strategy I am not seeing?
I have a SaaS application using Vue.JS as frontend and Django Rest Framework as backend. I use JWT tokens for authorizing between frontend and backend.
Now I want to add support for our customers to be able to sign in with their Microsoft accounts. So if the signed in user matches a user in our database, it is logged in to our application.
I've set up Azure B2C and can successfully log in and acquire a token in the Vue.JS application using msal library.
Then I send the token to backend server for verification. I use azure_ad_verify_token to verify the token, but I get an InvalidAuthorizationToken exception.
It seems to be working when the user is added to my organization's AD directory. But I would like to verify the token for any Microsoft user, then match it to users in our database. It would be too much work to manually add our customer's users to our AD directory. If it would be possible to add another organization/domain I guess that would be ok.
There's a lot of documentation regarding this but I always end up in examples for separate applications. Just to clearify flow I try to achieve.
The user clicks on login with microsoft
The user is redirected to Microsofts login page, approves my application for their organization
On requests sent to our backend, the token should be verified against Azure Active Directory using authorization class.
If the user's email exists in our database, the request is successful
I'm doing the first step into Nextjs and I'm stacked in defining the authentication part. I understand that Nextjs tipically rely on NextAuth for authentication. My first thogth was to enable provider like google but I don't understand how to avoid new user registration. The application I'm thinking need to have a login to protect routes but not the registration part. Basically I need to decide on my own who can access.
In realty I started working on an express backend that rely on session cookie and MongoDb (no jwt involved) but now I'm a bit confused on how to proceed.
Is there a way to avoid registering new user with providers?
What is your suggestions?
Many thanks
Authentication in a Nextjs application is just like any another react application.
Although NextAuth is great, but you don't have to rely on it if you don't want to.
Picture a Nextjs app like a basic react application. Same goes for authentication. Nothing specific to Nextjs in this one.
You can keep auth related data in cookies/headers and write a middleware, use it getServerSideProps call for all the pages you want to protect, to redirect the user to login page if the session has expired/or is invalid.
You can create custom integrations with identity platforms which would allow you to have an option to whether or not create an account for a user once you have received the data from the particular identity platform.
How to integrate Rocket.Chat authentication with an existing App having users in its own database.
Existing Travel App has all its users in a custom users table, using email/password based authentication. We want to enable chat amongst tourists who register for tour packages on a certain day. How do we authenticate existing tourists to automatically authenticate against Rocket.Chat as well, as we want to use the REST API(s) for a seamless integration.
We don't want to use the iFrame integration as we have an existing Web built using React JS + Mobile Apps built using React Native, what would be the best approach here
I have integrated Rocket.Chat with an existing App and this is how I have achieved it.
I did install Rocket.Chat on a new server. Keep in mind Rocket.Chat is a very resource exhausting app. Hence it is wise to install it on a separate server. You can find the hardware requirements for Rocket.Chat here
Rocket.Chat has sophisticated Rest API. I did register users on Rocket.Chat using create user API with same email id and password through which they were registered on My existing app. Now you can use create token API to get a temporary authorization token of any user registered on your Rocket.Chat instance. This temporary authorization token is called authToken. when you have got authToken all you need to do is launch URL of your installed Rocket.Chat instance with the authToken as resumeToken query parameter. An example URL is https://yourown.rocket.chat/home?resumeToken=abcd123456789
Rocket.Chat will itself do all the task of authorization user based on resumeToken query parameter and create the session for that user.
REST for creating user is here now: https://developer.rocket.chat/reference/api/rest-api/endpoints/core-endpoints/users-endpoints/create-user
REST for creating user authToken: https://developer.rocket.chat/reference/api/rest-api/endpoints/core-endpoints/users-endpoints/create-users-token
I am looking to implement a role based authentication in a Vue/FastApi application. I come from a background of using Web Forms in asp.net and it was fairly simple to hide and show certain forms depending on if the user is an Admin, or a Manager, or Employee etc. Is there a way to do this with Vue/FastApi with JWT?
You will have to split the authentication in two:
Authentication via Vuejs. This is independent from fastapi. The only shared thing will be the fact that upon login, vue will authenticate to fastapi (like a man in the middle that forwards information). Vue will then cache the received JWT token (or whatever token received) and keep it in a session (so that in case of page reload the user does not have to login again). As soon as the user logs out, erase the token from the vue app.
Authentication via FastAPI. Here, you simply authenticate with username and password, get a JWT token as response (or any other token you want) and use such token for the following requests.
Basically, once vue receives user - password, it will authenticate to the fastapi api, get the token and store it somewhere (this depends on how you implement it and on vuejs, I haven't used so I can't say anything).
Connecting to your background, the .net form equivalent would be the vue login form, but I recommend you to first follow some tutorials on vuejs in order to first understand how it works and have a proper understanding of how it works and which are some possibilities for achieving something.