For server extension declarations in FFDL, I have seen variations both including and excluding the UNSECURED keyword as follows:
CREATE EXTENSION /ActivateUser UNSECURED AS javascript:require ('scripts/RegistrationExtension').activateUser();
CREATE EXTENSION /ChangePassword AS javascript:require ('scripts/PasswordExtension').changePassword();
What is the UNSECURED keyword used for? Most examples I have found simply exclude it.
Normally, a user needs to be logged in to hit a server extension, but when you specify UNSECURED this restriction is lifted and anonymous users can trigger the extension.
Related
I am new to web-app development and the reSolve framework I am using for the backend (javascript). Since the application will have multiple users with different authorizations, I am using the Authentication and Authorization module like described in the documentation plus some lines from the shopping-list-advanced example.
The problem I am facing now is, how to make the HTTP-request in order to actually authenticate a user (register/login and also, logout)?
Since I couldn't find anything in the documentation, I've been trying a POST-request to http://localhost:3000/register but it always just returned Access error: POST is not addressable by current executor. What am I missing?
Another problem, or rather unclarity: In the example shopping-list-advanced what is "ROOT_JWT_TOKEN" and what is it used for?
Thanks a lot in advance.
I found it myself - at least the general path for the HTTP-request (see marked comment in picture):
Picture was taken from: https://github.com/reimagined/resolve/tree/master/packages/modules/resolve-module-auth
I have a FileMaker application which pulls Jobs (and clients etc) from servicem8 using the API. As its a private application I just use username/password in the GET_URL. It usually works, but now and then will not login correctly, and I get the message:
- "Authorisation Required"
Restarting FileMaker and/or pasting the URL directly into a browser then trying again seems to resolve the problem.
The only other consistent behaviour seems to be that once it fails once, it will not work again until I restart as above.
Anyone found similar issues or have any ideas?
For Private applications servicem8 uses HTTP Basic Authentication. You can try to reset cached request by calling the same url from FileMaker with a different, but incorrect username and password and then repeating the original request with correct credentials.
servicem8 documentation uses curl for authentication examples and I think this will work better. To implement curl you will need a plugin, like BaseElements or MBS, although on a mac curl could be called through AppleScript.
Try using
BE_Curl_Set_Option ( "CURLOPT_HTTPAUTH" ; 1 )
From This BaseElements help article, we can be sure that Basic clearly isn't the default method:
BE_Curl_Set_Option ( "CURLOPT_HTTPAUTH" ; 1 ) forces Basic auth for
some sites that won't work with the defaults.
ServiceM8 will work consistently with basic auth for private applications as you say, but there are other authentications that will only work when other valid session data is present, which can be misleading when it works at times and not others.
I want to configure a custom port for the redirect URL in the Google Developer Console for the class of 'Installed Apps'.
Following the instructions in https://developers.google.com/accounts/docs/OAuth2InstalledApp , it turns out that this should be possible:
redirect_uri=http://localhost:9004&
Going to the Console ("console.developers.google.com"), "Credentials", and "Create New Client Id", I cannot find the field, where to enter a custom port number. Does anyone know how to do this?
Thanks!
In fact, The document you've read has answered you question:
When you create a client ID in the Google Developers Console, two redirect_uris are created for you: urn:ietf:wg:oauth:2.0:oob and http://localhost. The value your application uses determines how the authorization code is returned to your application.
http://localhost signals to the Google Authorization Server that the authorization code should be returned as a query string parameter to the web server on the client. You may specify a port number without changing the Google Developers Console configuration.
I tried this idea and it works.
Give consecutive ports or probable ports in credentials as
**Redirect URIs**
http://localhost:55738/YoutubeVideoList.aspx
http://localhost:8080/YoutubeVideoList.aspx
http://localhost:8081/YoutubeVideoList.aspx
http://localhost:8082/YoutubeVideoList.aspx
http://localhost:8083/YoutubeVideoList.aspx
http://localhost:8084/YoutubeVideoList.aspx
and don't forget to give correct redirectURI with port(anyone above) while calling the authentication process.
I am new worklight . I am using this WL.Client.invokeProcedure.What is the third parameter(useSendInvoke) in the WL.Client.invokeProcedure.
See this question about useSendInvoke: Use of third parameter in the WL.Client.InvokeProcedure
To quote Anton:
This parameter is used internally by WL authentication framework.
Technically there should not be a reason for developer to use it.
There are several ways to invoke adapters.
(1) First one is via client application. This is where you use
WL.Client.invokeProcedure(invocationData, options) API.
(2) Second is by using adapter invocation service -
http://pic.dhe.ibm.com/infocenter/wrklight/v6r0m0/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fdevref%2Fc_adapter_invocation_service.html.
Basically issuing an http request to WL server and getting a response
from adapter. RPC style.
When you're doing it via (1) - you have two authentication layers -
first is security test defined for application, second is security
test defined for adapter procedure.
When you're doing it via (2) - there is only one security layer -
security test defined for adapter procedure.
UseSendInvoke param (which is, once again, for internal usage) means
that your application will go via path (2) instead of regular path
(1).
Using a provided username, password, and domain name, how can I retrieve a boolean value indicating if a user has successfully authenticated with a primary domain controller? Authentication should be performed using the Kerberos protocol for windows domain controllers. Thanks in advance, Dan
There's a free implementation of a windows-only JAAS login module and of an SSO Negotiate (Kerberos/NTLM) authenticator: Waffle.
You need to either write your own or use third party Authentication Module for that. When I was doing this, there was nothing available from JDK, so I used this tool. Note that it's GPL, but you can learn from there. You will have to create conf. file describing your authentication module and feed it into your JVM with java.security.auth.login.config property (e.g. using -D, or either way). In case of Tagish it looks something like this:
NTLogin
{
com.tagish.auth.win32.NTSystemLogin required returnNames=true returnSIDs=false defaultDomain="domain";
};
Another thing you will need is to specify kerberos configuration file via java.security.krb5.conf property. I don't have the details of this file handy, but you can easily find it on the net -- google about for krb5.conf. Settings in this file will have to match your windows domain and other windows specific settings.
It's a bit tricky to configure, but for me it worked very well, pretty robust.