I'm having trouble converting my ObjectiveC AFNetworking Request and Response Serializers to something in line with Alamofire best practices. I have several different endpoints that I need to connect to, and two of them share the same OAuth1 authentication system, but their request formats are different. How would I design a system around URLRequestConvertible that would allow me to share the OAuth authentication code with the 2 Routers that are specific to their endpoints?
The best place to start is the Advanced Section in Alamofire README. There are some good examples of how to start designing a Router type.
From there, you should post some sample code that we can work with you on. That way we can tell exactly what you're trying to do.
Related
I want to create web app in Nextjs and in the future mobile app in React Native. But I am confused what api to use. Do you think that the Nextjs api can handle both web and mobile apps? Is this possible and is it good idea at all? Should I use PHP backend for that? Thank you very much.
With the assumption that you are talking about API Routes :
I would ask you that you think through the scale of your web and app. If this is a simple web/app that you do not expect to grow much - The NextJS API which is similar to standing up an nodejs express server is not a bad option.
Remember a few considerations when designing this API
You may have to distinguish the request origin (web/app)
CORS may have to be customized - Next exposes this
You could set an app specific route to ensure isolation or use headers to distinguish behavior if your application bifurcates in the future.
These concerns are shared even if you made a PHP, ExpresJS or any other API middleware.
Once you are past all this, i would ask you to consider
Using a GraphQL server like Apollo that works nicely with Next and is custom built for this purpose..
Evaluating API Gateways for security and scale.
You don't use any external tools at all.
Next JS has serverless model. So, you don't need to mess with BE.
You can create a number of API routes you want. in /pages/api folder. You can even split like /pages/api/desktop and
/pages/api/mobile folders.
You connect your database (MongDB, sql etc) via /middleware/your_file.js. Here is example for MongoDB
If you like, you can even add some security (ex: Auth0, next-auth
etc) to secure your API routes created in /pages/api folder. Example for Auth0
After, you can access you data througth API calls. Very good!
I'm completing a python grpc server function-wise and being ready for deployment. Thusfar I have unsecure communication (pretty much the helloworld example when it comes to security). I thought I could put in place an authentication mechanism for my server in a reasonable amount of time after I observed that there was some documentation on this very topic provided by google. Closer investigation let me to believe otherwise.
The case is simple: Users (fellow colleagues of mine) login to their company mail (gmail) and use the resulting token (JWT, OAuth, OAuth2, I don't care) to gain access to the grpc server I wrote. No one else gets in.
Since googling grpc+authentication has been fruitless so far I believe I'm on the wrong track on how I should approach this kind of problem. So therefore the questions:
Given this use case, should my grpc server have any concern with authentication? If so, are there examples? Or should this be handled by a different system? If so, what system?
I noticed a lot of articles mentioning Envoy+gRPC. Can Envoy help me out here? Is it designed to deal with this?
The gRPC authentication can follow the same approach of a normal HTTP, the only thing you need to have in mind is that the authentication check would be placed in an gRPC interceptor and you will be looking at the metadata to get the creadentials. Unfortunately, I don't have an example to do it with Python but you can search in "how to add gRPC Server interceptors in Python" and then "how to work with gRPC metadata in Python"
Here an example in Golang, maybe it can give you the idea
I wanted to know how can I implement the SSO authentication between multiple applications using the SAML in ASP.NET Core?
Is this a safe and secure way to do it?
If you know the information, better free method or how to implement it, write it down.
Thanks in advance.
I don't think free method exists. Unless you want to implement solution from scratch by yourself, which seems to be a lot of work to do.
So, if it's an option you could use some commercial solutions. I have experience working with ComponentSpace.Saml2. Configuration is pretty straightforward - you need to fill and store a bunch of configuration items such as identity providers' params, certificates data, login and logout endpoints. Then controller needs to be built, containing methods for initiating saml request and processing response from identity provider. That's just infratructure level - of course you'll need to implement authentication service to manage SAML response and to decide how it integrates into your app's architecture.
Well, as you can see, the answer is general, so is the question.
Hope this helps. At least to choose right path to go.
I want to build an instant chat app with flutter without any third party services.
I've been working in a simple app using a restful laravel api for login, multiple methods and logout, using token authentication for each request. However, I find that architecture not suitable for a modern instant chat. I discovered WebSockets, which sound great, but can't yet grasp how I could subscribe to and consume one from flutter. I´ve read about web channels, but I'm not sure how they handle authentication for users. Is it possible to handshake and establish a session from my app? If so, how?
Or, can it be done totally restful? How could I post messages and listen other user's messages in that case?
Besides the chat functionality, is it recommended to work restfully? Or is flutter able to mantain a solid, authenticated session? I'm kinda new in flutter.
I appreciate any info, link or recommendation. Please, refrain if you were going to mention firebase, I want to build my own backend. Thanks!!
You should check out MQTT, an IOT protocol which is currently used for chat applications very widely.
To know about MQTT, see this.
But first I will recommend you to understand Pub-Sub(Publisher-Subscriber) Model, if you understand it then that's great.
For pub-sub model, see this.
Or, can it be done totally restful? How could I post messages and listen other user's messages in that case?
Yes, it can be done totally restful but honestly it's not recommended. You should do it with websockets.
Besides the chat functionality, is it recommended to work restfully? Or is flutter able to maintain a solid, authenticated session? I'm kinda new in flutter.
Depends on your architectural choice. There are many good options on which architecture you want to choose. Apart from restful there is GraphQL also, if you are comfortable with it. Apart from chat functionality mostly you will see people using RESTful but people who know GraphQL, might also use that instead of RESTful.
When creating a site/script to be on the client end of a RESTful API, what tools are available to create a "workbench" to explore the API, examining headers and responses while working through the design? Preferably one(s) that allow you to enter a custom endpoint, and create sample requests to see the responses. I recall seeing one nice workbench before, but its name has escaped me.
Re-found the one I remembered: The Apigee Console is a great interface for playing around with an existing API or building your own.
Mashery's I/O Docs is an open source workbench that you can deploy yourself on a Node.js server with Redis for storage.
If you have the wadl file of the ReST Services, you can load it in SOAP UI and use it.
EditedAnother much simpler tool Rest Client