I am working on the backend for our two applications, which require sign-in and sign-up with a google account via REST - SPA app in Vue and Angular app.
I am thinking about this flow:
User from SPA or mobile application will log in google auth server with his credentials
App receive auth code from google
App request for sign-in / sign-up with this code to our auth service
Auth service fetch information about the user from google by this token, and generate jwt token for our SPA / mobile app which return back
Can you tell me if Spring Social module provides some endpoints to handle and generate this tokens via REST or I must implement it by myself? Thank you.
Related
I found Nuxt Azure AD authentication which helps get JWT token from Azure. Nuxt app will fetch data from Laravel API. How to implement API auth validation. Every API has User model so Azure AD response should be validated on API side and assign specific user.
Azure AD response
At present, you have registered an application representing the api in Azure AD, and have exposed the api for the api application. Next, you need to register another client application representing the Nuxt application, and then add the client application to api application.
Next, go to the client application.
Under 'API permissions' click on 'Add permission', then click on the
'My APIs' tab.
Find your api application and select the appropriate scope.
Click 'Add permissions'.
Grant admin consent for your APIs.
Then, I use the auth code flow to get the user token.
1.Request an authorization code in the browser.
https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize?
client_id={client app client id}
&response_type=code
&redirect_uri={redirect_uri}
&response_mode=query
&scope=api://{api app client id}/{scope name}
&state=12345
2.Redeem token.
Parse the token:
Parse the token and you will see that the aud claim is the client id of your api application. At the same time, the token also contains user information.
I'm doing some Android app that needs API and users.
I'm planning adding login (and register) button via Facebook.
I'm wondering: how should the flow of such an operation look like?
My idea:
Request the Facebook token in the app.
Send the token to the laravel backend by POST request (is this even secure approach?)
Get the Facebook user by Facebook token using socialite
Create / auth laravel user using Facebook user.
Return laravel's bearer token to the app (do I need passport to get the token or laravel has something built in?)
Is this the best approach?
I am working through a process of validating the JWT after OKTA Login. I have a SPA Sample SPA Site that handles user login and calling an API.
SPA SITE
User Logins into OKTA
Obtains a JWT
Passes JWT to a .NET Web API (hosted on my own server not at OKTA).
WEB API: This accepts the JWT and needs to validate it.
Per OKTA I need verify the JWT through an Authorization Server. I setup the Authorization Server but I cannot see where the two features (shown on the images) are located on the SPA API or the Auth Server. This includes a URL that is required that follows the format of xxxx.okta.com/AS/{key}
Is there something that has to be enabled that is not enabled in my OKTA Account? I think so but what is it? OKTA support states that everything is enabled and confirmed this is a good code sample (GitHub) to use.
The Image Below should appear after setting up the SPA App. I cannot find this feature under the SPA or under the Auth Server. It does not seem to exist anywhere on OKTA. This is why it seems something is not enabled on my Dev account, or this documentation is outdated?
SPA Code Sample (includes the images below from the PDF) https://github.com/oktadeveloper/okta-oauth-spa-authjs-osw
I see that under the Security menu item -> API.
Also, when I had my app OpenID Connect enabled, I used well-known endpoint:
GET /.well-known/openid-configuration to get "jwks_uri", I used this url to self-verify the JWT token at the API level.
OKTA confirmed the code sample and documentation is out of date. They have no ETA to any updated samples and could not provide any documentation to help. This was via a response on a support ticket. Well already then, time to look at Azure.
I have built a website with vuejs front-end and laravel back-end.
Only way to login is via Facebook Login using Socialite
All that works fine.
Now I am building some React Native apps (Ios/Android) that also use Facebook login but need to interact with the same web api.
I want to use JWT to secure the API for React Native -> Laravel API
I set up JWT w/ Dingo on Laravel side and I am able to generate a token using the JWTAuth::fromUser(). And I have established some API endpoints that use the token to authenticate.. so far so good.
Now here's the part that becomes sticky. I understand that on the Laravel side of things you can create JWT token with any user.. right now the JWT "identifier" is simply "id".. and it's my understanding that the token I generate from JWTAuth::fromUser() simply has no idea or care that this user doesn't have conventional credentials and instead used a Facebook Login.
On the React Native side however.. when a new user first authenticates via the Facebook Login.. it has no idea what the "matching user" is on the Laravel app, all I have to go on is basically the unique Facebook Provider Id.
So the question is as follows:
How can I generate a JWT token on the React Native side using only the Facebook Provider Id and the JWT Secret, and more importantly, how do I modify my JWT code on the Laravel side so that it can understand tokens that were generated with the Facebook Provider Id and JWT Token
In other words, I think my Laravel JWT implementation needs to be modified so that tokens are created/parsed purely on the basis of the Facebook Provider Id because otherwise it won't match up with tokens generated on the React Native side.
Many thanks!!
Ok after doing some reading I think this flow might work. Your thoughts please?
1 User authenticates via Facebook on in on Android/Ios app
2 Retrieve facebook access token
3 Do api call to public endpoint on web server and pass FB Access Token and FB ID
4a Web server makes Facebook Graph Api call w/ Access Token and verifies token is valid, is authenticated with Facebook App, and matches Facebook ID
4b If user doesn't exist on web first.. create user
5 If above matches, then web servers generates JWT token from user model and returns JWT token to app
6 App now uses JWT token for future API calls
I am working for AngularJS web application and we need to implement the OKTA authentication from Web Api.
Is there any possible to way to implement the OKTA authentication from Web Api ?
Yes, you can use Authentication API http://developer.okta.com/docs/api/getting_started/design_principles.html#authentication to build your own login page and authenticate user using Okta.
You can also use sign in widget from Okta for or use http://developer.okta.com/docs/guides/okta_auth_sdk in your angular js.