How can I access external system values from within an ExtJS application? One of the main reasons I need to do this is that instead of doing authentication from my ExtJS application, I am using Apache to provide this to protected directories on my server, so I want to be able to pass some of the information about the user to the application, once authenticated and the app opened. It is far easier to use LDAP authentication in this manner...
Pass those values through:
Apache → Backend App → Generated HTML → Frontend App (Ext JS)
Your backend application, whatever technology it is built on, will see authentication information from Apache in environment variables. The actual variable names will depend on your setup. This is easily googlable as:
apache auth user environment variable <YOUR_BACKEND_TECHNOLOGY>
Then, the information obtained from Apache will need to be inserted in the HTML as JavaScript/JSON bit like this:
<script type="text/javascript">
var AUTH_INFO = {
"username": "John Smith"
// other information
};
</script>
Note that it needs to be inserted before Ext JS code.
Finally, in your Ext JS app, just access that info as a global variable:
AUTH_INFO.username
Related
I am currently trying to add chat functionality with MongooseIM to an app that already comes with users/accounts.
The idea was to add a mongooseIM chat server and register all existing (and future) users with their user ID in mongooseIM.
Setup
I am working with the mongooseIM docker container and have set up a docker compose that loads custom configuration.
In the custom configuration, I have added the admin REST API and can do requests like listing all registered users or the available commands.
Problem
Whenever a new user should be registered through the API, I get the response:
Can't register user at node: not_allowed and a 500 status code.
Trying to register a user through mongooseimctl returns Error: account_unprivileged.
What I tried
I think I have been reading through the documentation and google results for about 6 hours by now.
Testing with the standard docker container (and no extra configuration) works from the command line, but I failed testing the API because I do not know how to access the API then (or if it is enabled at all). Maybe someone has a hint on this for me?
One idea was that the action really is not allowed, but the /commands route of the admin interface contains the register_user action in the results, so I think its enabled/allowed:
%{
"action" => "create",
"category" => "users",
"desc" => "Register a user",
"name" => "register_user"
},
When using the default docker container and trying to register a user for a non-existent domain also results in "not_allowed", so this could be a configuration problem. I have a host name configured in my mongooseim.toml config file:
[general]
loglevel = "warning"
hosts = ["myhost"]
default_server_domain = "myhost"
language = "en"
I am quite positive I am missing some configuration/setup somewhere and would appreciate any hints/help.
Edit 1
I added dummy authorization (== no authorization) to the config file:
[auth]
methods = ["dummy"]
Now, I no longer get a "not_allowed" error.
Instead, the response always states the user already exists, while requesting the user list always returns an empty list.
I tried sending messages between made-up user jids, i get no errors, but also no messages are returned for any users.
"dummy" method is for testing only. It makes any user to exist (check ejabberd_auth_dummy.erl code, it is really just a dummy without any implementation).
You should use internal or rdbms auth_methods instead.
rdbms method would need an rdbms connection configured.
internal method is used to store users in Mnesia (but Mnesia backends are not recommended because RDBMS just works more reliably and efficiently).
I'm using Auth0 to manage authentication in a web app.
Since it took me a while to get it working, I'd like to export the application and API settings like for example:
the application name
the client id
the supported auth methods
the allowed callback URLs
basically everything else relevant to reproduce the application configuration
I found a lot of documentation about exporting user data but nothing about exporting application or API settings.
Generally, the steps described here are just a quick&dirty workaround to read data from the Auth0 Management API without leaving your browser. I wonder why there is no "export" button for this directly in the UI. In both cases (application and API settings), open the network monitoring tab of your browser (usually F12); Then...
Exporting Application Settings
Load the "settings" page of the application you'd like to export (e.g. https://manage.auth0.com/dashboard/eu/<your_auth0_tenant_name_here>/applications/<your_application_client_id_here>/settings)
You'll see a GET request to manage.auth0.com/api/clients/<your_application_client_id_here>.
The response to this GET request is a JSON containing everything you need to reproduce the application settings; also sensitive data like the client secret and signing keys.
Exporting API Settings
Load the "settings" page of the API you'd like to export (e.g. https://manage.auth0.com/dashboard/eu/<your_auth0_tenant_name_here>/apis/<your_api_id_here>/settings)
You'll see a GET request to manage.auth0.com/api/resource-servers/<your_api_id_here>.
The response to this GET request is a JSON containing everything you need to reproduce the API settings.
I am want to build an app which has a static frontend ( target: 'static' in nuxt.config.js ), and a backend using ktor. The app will need to authenticate users but I do not want to manage passwords and things myself, so I would like to integrate with AWS Cognito. Based on my understanding, I think this is the workflow I want:
User is browsing the site anonymously (no login)
They do some action which requires login or explicitly click on login button.
User gets redirected to AWS Cognito ui for login. They may register for new account, login with their existing, or login using another provider (after configuring cognito for it).
Cognito ui redirects user back to the app ui but with JWT tokens in query params (I think this is just how cognito does it)
The JWT token (s?) get stored in vuex store / nuxt auth
The token is used when making requests to the backend. As well as showing some additional components / actions if the user is authenticated and their basic info like username (part of jwt?)
I think I have cognito and the ktor backend setup correctly but I don't know how to get started for the frontend.
The nuxt auth module guide says to set up middleware, but afaik middleware is only for server side rendered apps.
I need to activate the vuex store but I don't know what to put there. Are there some specific things the auth module expects or do I just create an empty file in the directory?
How do I tell it when to redirect or read the token from query param?
How to parse the JWT token (if it doesn't automatically) and get some payload info like username from it?
Does the axios module get configured automatically to make use of this?
I found this old github issue 195 in the auth module repo, but I believe that's for when the "login form"/ui is part of the nuxt app and client is making use of the cognito api without 'redirect'.
Unfortunately everything in this stack is new for me so any help is appreciated. If there is already a project doing something similar, I look at the code and try to figure it out but right now I'm lost.
update 2020-12-31, mainly so that I can put a bounty on this soon: The live demo at https://auth0.nuxtjs.org/ seems to be doing what i'm looking for but then the github page read me shows something else https://github.com/nuxt/example-auth0. Also i don't see middleware / plugins used anywhere. it's all mostly configured through nuxt config, so it only works for the auth0 custom provider?
I was having the same issue as you:
How do I tell it when to redirect or read the token from query param?
I solved this by configuring auth.redirect.callback to match the endpoint that cognito will callback with the token. I believe this will tell the middleware when to look for a new token in the query param.
nuxt.config.js:
auth: {
redirect: {
callback: '/signin',
...
},
strategies: {
awsCognito: {
redirectUri: "http://localhost:8080/signin",
...
}
}
}
And to answer your other questions:
The nuxt auth module guide says to set up middleware, but afaik middleware is only for server side rendered apps.
I tried this setup with ssr: false and it still works fine.
I need to activate the vuex store but I don't know what to put there. Are there some specific things the auth module expects or do I just create an empty file in the directory?
An empty index.js file is fine.
How do I tell it when to redirect or read the token from query param?
See first answer above.
How to parse the JWT token (if it doesn't automatically) and get some payload info like username from it?
From my initial testing I found that the middleware will automatically call the userInfo endpoint when user data is requested e.g. this.$auth.user.email
strategies: {
awsCognito: {
scheme: "oauth2",
endpoints: {
userInfo: "https://x.amazoncognito.com/oauth2/userInfo",
ref: https://docs.aws.amazon.com/cognito/latest/developerguide/userinfo-endpoint.html
Does the axios module get configured automatically to make use of this?
Yes.
I am using Fusion Auth as an auth backend for my project.
After starting up the container as shown here(https://fusionauth.io/docs/v1/tech/installation-guide/docker), if we open the URL(Ex: http://localhost:9011) we need to create an admin user and then we will be able to create Application, API Key, Lambda.
As my project doesn't involve UI interaction, I wanted to create Application without involving UI interaction(i.e., setup-wizard).
I was unable to find an API that relates to setup-wizard.
As I saw Since this is your own private instance of FusionAuth, you need to create a new administrator account that you will use to log in to the FusionAuth web interface. in setup-wizard I thought this is required only for UI, So I tried to create Application using this(https://fusionauth.io/docs/v1/tech/apis/applications#create-an-application) API, but it is returning a 401(Unauthorized).
Can someone help me to either create an application without authentication or bypass setup-wizard?
The FusionAuth Kickstart does exactly what you need. It will allow you to pre-define the configuration that you require in a JSON file and then the system will bootstrap itself automatically.
The base use case it to provision an API key which would allow you to programmatically configure the rest of the system by using APIs after an API key has been created.
{
"apiKeys": [{
"key": "a super secret API key that nobody knows"
}]
}
You also have the option of building your entire configuration in the Kickstart definition. There are a bunch of examples and walk throughs on the Kickstart installation guide.
Good luck!
I'm just trying to make a little, simple application (that i already made two years ago in Objective-C with api V1) that presents a screen with time of event and description and a button : "insert event in your calendar".
Every user has, obviously, to configure the application with his google username and password.
The app simplifies some process using the first calendar available.
I had infinite problem trying to do it with javascript (this app will be made in html5), so, looking at docs, I ended up trying to make a back-end on my server in php5 (thought it could be easier...ohohoho).
So, i read docs from here : https://developers.google.com/google-apps/calendar/
What i did :
1)
Get to the Google Developers Console.
Created a project.
I now have this (not real keys):
OAuth 2.0
Client ID 352xxxyy9.apps.googleusercontent.com
Email address 3527xxxy#developer.gserviceaccount.com
Service Account
Client ID 3523xxxyy419-vpfgdfg9u77s0.apps.googleusercontent.com
Email address 35ssss9-zzzzsnhavna78ea0b9gvn6a9u77s0#developer.gserviceaccount.com
Public key fingerprints :ac15ddfxdffrtg5565fgfg545r
2)
I installed Google APIs Client Library for PHP (beta) in my server.
doc says:
Using the Google APIs Client Library for PHP requires that you download the PHP source. In the future, packages will be provided. Refer to the project page for more details.
Run the following commands to download and install the source: svn blaj blah blah.
I copied the entire source in my server. Easy :)
Then..
3) You can now import the classes you will need using the following statements:
require_once "../src/apiClient.php";
require_once "../src/contrib/apiCalendarService.php";
Ok, i'll insert them in my php script !
4)" Configure your app"
You must instantiate a client to make requests to the API. All requests to the Google Calendar API require authorization.
The following code demonstrates how to configure an authorized service object using OAuth 2.0 for native applications. For more information, see Authorize Requests.
To find your project's client ID and client secret, do the following:
Go to the Google Developers Console.
Select a project.
In the sidebar on the left, select APIs & auth. In the displayed list of APIs, make sure the Google Calendar API status is set to ON.
In the sidebar on the left, select Credentials.
Find the lines labeled Client ID and Client secret. Note that there may be a client ID without a client secret, for use with Compute Engine and App Engine; in that case, create a new client ID and client secret by selecting Create New Client ID.
Edit the src/config.php file to put in your developer API information.
global $apiConfig;
$apiConfig = array(
// Site name to show in Google's OAuth authentication screen
'site_name' => 'www.example.org',
// OAuth2 Setting, you can get these keys in Google Developers Console
'oauth2_client_id' => 'YOUR_CLIENT_ID',
'oauth2_client_secret' => 'YOUR_CLIENT_SECRET',
'oauth2_redirect_uri' => 'YOUR_REDIRECT_URL',
// The developer key; you get this from Google Developers Console
'developer_key' => 'YOUR_DEVELOPER_KEY',
...
// Which Authentication, Storage and HTTP IO classes to use.
'authClass' => 'apiOAuth2',
....
// Definition of service specific values like scopes, OAuth token URLs, etc
'services' => array(
'calendar' => array('scope' => 'https://www.googleapis.com/auth/calendar'),
)
);
But they are DIFFERENT from the key i have, what's wrong ????
What are client secrets ? redirect_url??
Please help.
I think you need to setup a service account access as described here:
https://code.google.com/p/google-api-php-client/wiki/OAuth2#Service_Accounts
I had difficulties to get it work as I made many trial and errors and my cache got filled with non-working token.
If ever you find yourself not able to access the calendar even after following all the steps, try to change this line of code:
$client->setAssertionCredentials(new Google_AssertionCredentials(SERVICE_ACCOUNT_NAME, array('https://www.googleapis.com/auth/prediction'),$key));
to this:
$client->setAssertionCredentials(new Google_AssertionCredentials(SERVICE_ACCOUNT_NAME, array('https://www.googleapis.com/auth/prediction'),$key, 'notasecret','http://oauth.net/grant_type/jwt/1.0/bearer',false,false));
The last false tells AssertionCredential class to not use any cache. I did it once and then it worked with it set to true afterward.
First go here https://console.developers.google.com/project that is where you configure your app...
Click on your project, then on the left side you will see APIs & Auth, click on Credentials. You will need to create your OAuth, and Public API Access keys.
Once you have done that you will then enter those into the appropriate client_id, secret, redirect etc.
The redirect uri is the same page your app is on, its the page the user gets sent back to after authorizing.
I had the same problem.
On this page, when you click on the Create new Client Id, choose Web application and it shoudl give you the client secret key as well.
https://console.developers.google.com/project
Add a project etc.
Hope it helps