We Keep Coding

Micronaut security with custom authentication with pre-existing cookie

I am trying to create a session using pre-existing cookie. However, dont seem to find any way to configure micronaut application.
Ideal flow
Browser calls a rest API
Server detects no session (Unauthenticated)
Request is intercepted and login is performed thro' a call to an external system using the passed in cookie.
if success, Request continues to rest resource and return the result
if fail, return 401
I dont seem to find a way to intercept the request and authenticate on the fly.
Tried to work with Session and idToken but not sure if those are right options. Also, tried to override SessionSecurityfilterRejectionHandler without any luck.

Sending xAPI statement to a web application instead of LRS

I have an xAPI content made by storyline I want for the statement to be sent to a webapp instead of the LRS.
this webapp is developped using laravel, and user should be authenticated with email and password to use it.
what I did to send the statement to this app:
1.in the webapp I created an API endpoint route that use POST method.
2.in the xAPI wrapper I changed the endpoint in the configuration to the route I made in the webapp.
const conf = {
"endpoint":"here I added my api endpoint route of the webapp",
"auth":"Basic " + toBase64(""),
}
now whith any interaction with the content where a statement should be sent the request making cors error like in the picture down, I think this is authentication error, how can I add my authentication credentials to the xAPI wrapper?

Your non-LRS LRS is probably not handling preflight requests which are necessary for CORS handling. Most common LRSs will handle those requests appropriately since they expect to be accessed from additional origins. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests
Also note that you'll likely run into issues unless you also handle state requests.
Additionally unless you are requesting the credentials from the user during runtime then hard coding the credentials into the package isn't a great idea from a security perspective.

.netcore session variables always null

I have a .netcore 5.0 web api. And I want to implement session variables for users when logged in.
I believe I followed all the steps on multiple tutorials.
Here is what I've done so far
Startup.c:
My controller class
I have a vuejs app, when I refresh the page I call "OnLoadPage", and when I click a button I call "OnPageGet".
Session variable seems to be set in the scope of the http call, but when I make another http request the session ID fully changes and all my variables are null.
What am I missing please help. Thank you.

I realized it's necessary to setup some cookie parameters to make it work.
In my developper tools I noticed an error on the response of my "PageLoad" request, where it said "samesite error" I just had to add this configuration parameter to my startup and it fixed it.

Dummy Rest API not working on phone React Native

I am using http://dummy.restapiexample.com/ API .While using POSTMAN and creating a new employee using POST ,it seems to work .But when I use axios in React Native and do the same thing the POST is returning success response but when I try GET method to get all the new employees I'm not seeing the newly created employee which worked on POSTMAN
This is my POST method
create(){
axios.post('http://dummy.restapiexample.com/api/v1/create',{
"name":this.state.name,
"salary":this.state.sal,
"age":this.state.age
}).then((res)=>console.log(res.data)).then(()=>this.setState({createModal:false})).catch(err=>console.log(err))
}
and this is my GET method
async getData(){
await axios.get('http://dummy.restapiexample.com/api/v1/employees').then((res)=>this.setState({employees:res.data.data},()=>console.log(res.data.data))).catch((err)=>console.log(err))
}

From your example code it seems that you are making a call over http. Note that such calls are blocked by iOS and Android unless you explicitely specify a domain that is allowed to be reached over http.
More information about networking can be found here:
https://reactnative.dev/docs/network
By default, iOS will block any request that's not encrypted using SSL.
If you need to fetch from a cleartext URL (one that begins with http)
you will first need to add an App Transport Security exception. If you
know ahead of time what domains you will need access to, it is more
secure to add exceptions only for those domains; if the domains are
not known until runtime you can disable ATS completely. Note however
that from January 2017, Apple's App Store review will require
reasonable justification for disabling ATS. See Apple's documentation
for more information.
Either allow the domain for non-secure request or use https.

The problem had something to do with running on Android device. Once run on the emulator it seemed to work fine

React Native - Logout user when api status code is 401 ( Unauthorized )

When user login or register it will generate a token by our web server and store in user mobile. Every time an API is call, the token is required to verify by our web server to see whether the user is authorized.
Now if the token is expired, it will return status code 401. I wonder how i should handle it?
Our apps is using redux and redux action, it can be very easily doable in the reducers, but the reducers are divided up into different modules, which means i have to do it all over the place.
If you all need any info i will update my post.

This depends on what you are using to make API calls in your app. If you are using GraphQL/Apollo, for example, you can use apollo-link-error to check if the error's status code is 401 and log the user out if it is. If you are using Axios, you can either specify the same kind of thing when you create the instance, or use something like axios interceptors to do it.
If you include what you are using to make requests in your app, I can give a more specific answer as far as the actual configuration goes.