I am struggling to understand how to implement a Google login. This is currently where I am at:
The client loads a default static HTML page from the server with a login button. Once clicking the login button it redirects them to the /login endpoint on my server. This redirects the user to the Google login and then consent page. Once the user logs into Google it redirects them to the /oauth2callback endpoint on my server. The response from Google contains the token that I need to get all the user info that I need. After I get the info from Google's services I need a way to send this info to the client in a JSON format. This info will be used in order for the client to connect to a websocket endpoint on my server.
I don't understand how I can send this info to the client. The client has been redirected to pages with no GET requests made to my server so I cannot send a JSON response. I don't want the client to make an additional GET request to the server if at all possible. How can I send the data I need to to the client?
I'm guessing your oauth2callback redirects to, or serves a page to your user. How about setting the JSON into a cookie that your JavaScript can then parse.
Related
I am trying to perform GET request which need admin consent for authentication when I run the request, postman provide OK response and the response in html script format. But I need to go to the respective website to provide authentication.
I am trying to redirect to website for providing consent to further processing.
Screenshot for Ref
I am developing a React Native apps that use a .net core web API back end.
When I develop, I would like to use the web interface that I get when I type :
expo start --web
This command open this url : http://localhost:19006
My back end listen on : http://localhost:51186
I configure my back end to allow CORS (Cross Origin Request).
I can do some GET and POST request and I work fine since I don't need to be authenticated.
I can call Login api with success but after this step, I can not access to authenticated url.
I have the same problem if I replace localhost by my IP (192.168.x.x).
If I do the same with postman or with my phone, that work fine.
If i look the login response, the back office send a cookie (.AspNetCore.Identity.Application)
I also examined the request send to my back office and it did not contain this credential cookie.
Without this credential cookie, the back end refuse to send the desired resource and redirect me to login page.
How can I send this cookie ?
Is there another way to get authenticated url ?
Thank you for any help
I have kind a puzzle-headed task and i don't know where should i start.
We have a web app that is in our local net. We want to give access to this
app from the outside using apache.
Basically we want pre-login page on apache that will send user credential using api to our app and receive answer with OTP, which user can write in pre-login page inputbox, send again and in case off success apache will redirect user to standard apps login page.
Can apache do that?
Sort of: you can put an authenticating proxy in front of your app that will propagate the established user identity to the backend. See e.g.: https://github.com/zmartzone/mod_auth_openidc
I'm currently trying to implement silent refresh follow this workaround
However, even when I'm logged in, if I try to do an AJAX GET request to the oauth2/authorize endpoint, I get a status of 200. I tried going to the URL in the browser directly, and it worked. Do I need to pass additional information?
Any help would be greatly appreciated, thanks!
I ended up solving my own problem and was able to not have to use an iframe.
Solution to original problem (I was using authorization code flow):
Set up an endpoint on your server with a silent response that FusionAuth can redirect to (endpoint 1).
Set up an endpoint that you will call from your app to perform the silent refresh (endpoint 2).
From the app, send AJAX GET request to endpoint 2.
On the server side of endpoint 2, send AJAX GET request to FusionAuth with redirect_uri=(endpoint 2)
On success, get redirected url. (In express.js with axios I did response.request.res.responseUrl)
If the url is current server host and not the fusionauth service host, complete auth code flow. Return the token and tell the browser that the user is logged in.
In all other cases the user is not logged in, so return to app that user is not logged in.
This is from the google federated login description
"Once Google accepts the authentication request, the user is redirected to a Google authentication page. At this point the authentication sequence takes over. On successful authentication, Google redirects the user back to the URL specified in the openid.return_to parameter of the original request."
I assume my web app is responsible for the redirect 'to a Google authentication page' mentioned here? I dont see how google can make this redirect.
And If my webapp does the redirect, how do the openid request parameters get sent to google?
On reading some more, its only possible that once "Once Google accepts the authentication request", (I assume the requesting party gets a 200 http status), the requesting web application now adds the same parameters that had been posted to google login endpoint to a google authentication url and then redirects the user to this url