I want to share data between multiple devices and users running a couchdb server on iriscouch.com and using couchbase-lite on ios and android. Users should be able to login with facebook and email. How do I handle user access to specific documents? I dont dont want anyone to be able to access the documents and databases. I thought about using HTTP basic auth (replication security), hard coding username and password into the app code. Unfortunately it is sent as plain text and seems totally insecure. Can you help me out with some ideas about this scenario?
You can use SSL ecncryption for security. Please refer the link for enabling SSL
https://wiki.apache.org/couchdb/How_to_enable_SSL.
I had similar problem while using Basic Auth, hence we had to use SSL to make it more secure.
If can follow this method If you want to use Basic AUth.
1. Encode the username and Password
ex: username#password which after encoding becomes dXNlcm5hbWVAcGFzc3dvcmQ=
(use https://www.base64encode.org/ to encode).
Using curl try to authenticate
curl -v -H "Authorization: Basic dXNlcm5hbWVAcGFzc3dvcmQ=" -H "Content- type:application/json" -X GET IP_Address_and_DatabaseName
In this way you can hide the Username and Password but still anyone can have the encoded string. Hence If possible, try to implement SSL.
Related
So, I'm build an API System. I want to use KeyCloak for authentication as well as user management because it has a nice access control. I'm integrating it with Ktor and I want my user to use their own UI. Or at least, I want to make the UI.
I've read about Theme Customization but that's not what I want. I also come to know that the KeyCloak UI is tightly integrated within their code. I was just hoping to know if at least when one of the client app is a mobile app, would I be able to use for example android UI for the whole login flow?
If it's not possible which I think it's unlikely to be possible, is there any other library or framework for access control, prefereably one that work with Ktor?
If you do not want to use Keycloak UI nor create your own custom themes, you can leverage the Resource Owner Password Credentials Grant flow.
For this create a new or use an existing confidential client. Make sure to toggle the Direct Access Grants Enabled switch to ON.
After this obtain a token from your client (web page, CLI, mobile). Here I'm using curl and jq for simplicity:
KCHOST=https://yourkeycloak.com
REALM=your-realm
CLIENT_ID=your-confidential-client
CLIENT_SECRET=xxxxxxx-yyyyyyyy-zzzzzzzzz
ACCESS_TOKEN=`curl \
-d "client_id=$CLIENT_ID" -d "client_secret=$CLIENT_SECRET" \
-d "grant_type=client_credentials" \
"$KCHOST/auth/realms/$REALM/protocol/openid-connect/token" | jq -r '.access_token'`
P.S. For debugging I have created a CLI tool called brauzie that
can help you fetch and analyse your JWT tokens (scopes, roles, etc.). It could
be used for both public and confidential clients. You could as well
use Postman and https://jwt.io
HTH :)
You can also use the Keycloak Admin Client as described here.
As all I want to do is connect to my own site, I should be able to ignore oAuth and do token-baseed authentication as per:
http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html
My curl request looks exactly like:
curl -X POST "https://magento.host/index.php/rest/V1/integration/admin/token" \
-H "Content-Type:application/json" \
-d '{"username":"test#example.com", "password":"123123q"}'
The response I get is a HTML page from my own site that basically says 'page not found' I'm obviously going to the correct domain, but it seems something else in the URL is incorrect. Any ideas?
Am I using the wrong URL?
In version 1.9 you need to create a Guest endpoint. Then you don't need to use oAuth. You can see how to use it here: http://devdocs.magento.com/guides/m1x/api/rest/introduction.html
An authentication system that uses REST so that you do not need to actually track or manage the users in your system. This is done by using the HTTP methods POST, GET, PUT, DELETE. We take these 4 methods and think of them in terms of database interaction as CREATE, READ, UPDATE, DELETE.
There is no direct way to use REST token based authentication on the Magento 1.x version. You need to write this functionality to you for your own. I have write this functionality by using REST API and you can also follow this article for more details.
https://www.ipragmatech.com/magento-token-base-rest-api-for-authentication-and-authorization
I am trying to build a frontend that for certain functionality needs to communicate with a Jenkins backend. In my frontend I want the user to be able to log in with the Jenkins credentials (username and password, using Kerberos) and have these passed to my Jenkins server, upon which I'd like to retrieve the token that can be used to make further API calls to the Jenkins server without disclosing the password in each request.
I know that to be able to make Jenkins API calls I need to use HTTP Basic auth, and it will accept both user:token and user:password. I want to avoid sending the password in each request though.
I also know that I can find my token by going to the Jenkins webpage, log in with my password, go to my profile page and find the token there. I can then base64 encode that into a functioning HTTP basic authentication header. This works fine.
However, I can't seem to find a decent way to programmatically authenticate using the password, trading the password for the token. The best I've been able to accomplish is to do a GET to said profile page at https://<JENKINS_HOST>/me/configure using the user:password basic auth header and then parse the resulting HTML for the api token, which obviously doesn't feel very robust:
$ curl -v --silent https://<USER:PASS#JENKINS_HOST>/me/configure 2>1
| sed -n 's/.*apiToken" value="\([^"]*\).*/\1/p'
<TOKEN>
What I expected/hoped to find was an API endpoint for authentication which would accept user/password and return the token in JSON format. For most Jenkins pages, the JSON API equivalent is found by simply appending /api/json to the URL, however /me/configure/api/json just throws a 404 at me. Does anyone know if there's such a way? All the docs I've found so far just tells you to go to the /me/configure webpage and look it up manually, which doesn't really make sense for a client wanting to pass along authentication.
Jenkins user API tokens are not exposed via the API.
I would just take the API token once manually from Jenkins and hardcode that (rather than hardcoding your password), since the API token never changes unless you explicitly reset it.
Alternatively, you could authenticate with your username and password and store the resulting value from the Set-Cookie header. Sending the cookie value in subsequent API calls would work as expected.
Currently I'm accessing JIRA API in C#.Net application with username and password. But I need to access the JIRA API without entering a username and a password even without hashed username and passwords. Is there any way to create an API key and access JIRA API with that?
Yes, JIRA supports OAuth for that purpose, see: https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+OAuth+authentication
Unfortunately there's no C# sample code provided, but you should be able to assemble a solution from the other programming languages here:
https://bitbucket.org/atlassian_tutorial/atlassian-oauth-examples/src
You should use a generic OAuth library anyhow.
Oauth is great for when you need the actual user to log in and you are in the context of a browser.
However, for server-to-server communication that is not linked to any specific user (e.g. CI) you may want to create a "bot" account on your jira server and authenticate with API tokens. Creation of tokens is described here: https://confluence.atlassian.com/cloud/api-tokens-938839638.html
Then you can use [user-email]:[auth-token] as user/password to basic auth. Examples:
Curl
curl -u bot#company.com:AAABBBCCC https://[company].atlassian.net/rest/api/latest/issue/DEV-123
NodeJS got:
const issueContent = await gotService.get(
'https://[company].atlassian.net/rest/api/latest/issue/DEV-123',
{
auth: 'bot#company.com:AAABBBCCC'
}
)
Best approach for this is to read the documentation of the JIRA version you are using, since different versions could have different ways to approach Rest APIs.
For me below endpoint worked with Basic auth:
curl -u username:password -X GET -H "Content-Type: application/json" http://localhost:8080/rest/api/2/issue/createmeta
I am trying to implement Access Control Policies on Network Proxy Server. Presently, I am at a stage where I have modeled it like this:
The problem I am facing is how to send the resource url, username and password from PEP to PDP. I am presently using WSO2 for implementing PDP policies.
Relating to this I also saw a command on this link, which is as follow:
curl -X POST -H 'Content-type:text/xml' -T soap-xacml-request.xml https://localhost:8443/asm-pdp/pdp --cacert pdp.b64.cer --user pep:password
I also don't know what url should I be giving instead of https://localhost:8443/asm-pdp/pdp (as I am using WSO2).
Can somebody please help me regarding all these issues?
Did you look at the WSO2 documentation and blog? E.g. http://xacmlinfo.com/2012/06/14/pep-client-for-wso2is-pdp/.