I'm building an app that requires login for Facebook to send the OAuth token to the server.
The Facebook API is a bit bulky and adds a lot that I do not need. I was using share kit, but then realized that it doesn't use OAuth but rather the deprecated session key method.
I poked around github and done some searching but haven't found something the seems to be what I am looking for.
Thanks
You could probably implement your own stripped-down 'SDK' with just the authentication code, but i think it'd be a lot of hassle for not much benefit - the authentication docs are at https://developers.facebook.com/docs/authentication/ and should give enough info to implement login from scratch - not sure it'd be easy to implement the IOS SSO functionality though - this may be tied closely with the Facebook IOS SDK
Related
I just watched this video about why JWT's suck. I'm now uncertain what I should use for authentication.
For context: The API I wrote is mainly used by mobile Apps (iOS and Android). In the future it will also be accessed via a React Frontend.
In the past I just used DRF's build in Token authentication. The phone would then just store this token in the storage of the respective app.
Now I've recently been told, that this is not safe and that I should use JWT's. While researching JWT's I found the video above, which elaborates on why JWT's suck and basic session authentication is better. But as far as I know, when used as an API I can't use session authentication with DRF, can I?
So my question is? What tools of DRF would you suggest to use for authentication, so that it's safe?
Thank you in advance if anyone answers this question!
Edit: Someone privately suggested using O-Auth instead of DRF's tokens or JWT's. Would that be better?
Take a look at django-oauth-toolkit for OAuth 2
So here is my duplicate of the question on security stackexchange. The man #rdegges himself has answered it. Enjoy! https://security.stackexchange.com/questions/184855/django-rest-framework-what-should-i-use-for-authentication-how-should-i-use-it/184950#184950
This is my first question in SO, sorry if it's poorly structured.
I'm a relative noob developer trying to make a REST Api with Token Authentication. I already made one with Flask and I want to make the same one with the help of CherryPy. The problem is that I'm quite lost finding some sort of plugin for CherryPy, I'm either blind or I just can't find examples nor plugins in order to make the token authentication. Could someone help me? Any info or advice will be of great help :)
This is what I achieved with Flask https://github.com/themese/flask-api
Really my problem is that with Flask and Cherrypy i found the same issue with the token auth, but with various SO posts and wiki info, I managed to code the token auth. I just seem not to be able to reporduce it with Cherrypy, perhaps the lack of info :(
I realize this post is a little old, but I would recommend you look at implementing tokens with JWT. You should use the PyJWT package and create a CherryPy Tool for route authentication & authorization checks.
Another method would be to generate a token using something like a uuid4 hex and persisting that token in your db.
I'd recommend you investigate JWT and how to implement it properly - Auth0.com.
I am a noob too. probably more so. Just trying to help.
From the docs:
Authentication
CherryPy provides support for two very simple authentication mechanisms, both described in RFC 2617: Basic and Digest. They are most commonly known to trigger a browser’s popup asking users their name and password.
link: http://docs.cherrypy.org/en/latest/basics.html#authentication
Parse? Auth0? Firebase? Ionic Platform?
I'm so lost... Can anyone help me?
If you are looking for a "backend in a box" then If you are creating an API meant to be consumed by an Ionic application, JWT is probably what you are looking for. Parse, Auth0 etc may help. I have not used them. However, if you are building your own backend it will be dependent on what server side framework you are using. It's safe to say that JWT is a good approach on the client side(angular/ionic), but you will need a serverside authentication and account system such as Passport for Node, Devise for Rails etc.. Either of those will handle basic authentication and account management. You will need a JWT layer as well to produce and manage tokens for the client. You can also create a homebrew system if you choose to but the frameworks I mentioned make things quite a bit easier.
I need to get an access token from differente providers from the client side.
The idea is that I need the user to authenticate with these providers from javascript, and then retrieve an access token to be used to authenticate against another web service...
So far now, we managed to do it on twitter using twitter-anywhere, in facebook using the javascript SDK and in google using it's api-javascript-client
I was wondering if there's a similar solution for yahoo, linked and github. Or even better, a more general solution that could handle different providers...
Surely, there is one for Linkedin.
http://developer.linkedin.com/javascript
http://developer.linkedin.com/documents/javascript-api-reference-0
Not sure if this was around when the question was asked. For github, the comment by #Ivan Zuzak would suffice.
This link has a workaround with a little server support - http://blog.vjeux.com/2012/javascript/github-oauth-login-browser-side.html
I am working on designing an api/application structure to mimick facebook's for a project of mine. I am wondering what the best way of going about authenticating users is.
For an app how do I give them the nessecaru credentials and how do I authenticate those credentials?
I would investigate these technologies before I started down the road:
OpenSocial this is basically the "open source" facebook platform. You can set up your site as a container, or an application (or some funky combo of both).
OpenID if you just want to be able to authenticate people using their login credentials from another trusted site
OAuth if your looking for a API style authentication framework
All of these techs have reference implementations in the usual suspects and are supposed to be more "open" than anything facebook is doing. We will see what happens in the long run...
Well the facebook api actually has an open source implementation so that's fine. But I'm wondering how does facebook actually authenticate everything? Like how do they pass user data to you?