I have a Gatsby app that I've deployed to Heroku and I'd like to enable basic auth to restrict access to the whole app. Is this possible on Heroku with Gatsby?
I was able to solve this by implementing onCreateDevServer in Gatsby-node.js and adding express-basic-auth to the project.
You could consider setting up a rest-api on heroku like this one here https://github.com/smakosh/not-todo-api/ and retrieve the token from your front end
Related
I am planning a small project and have a question about authentication. I would like to implement the site with Laravel 8. However, as soon as the user has successfully logged in, he should be directed to the user dashboard. The User Dashboard should be a pure VueJS Single Page Application.
Now my question. Which auth should I use here? Session or token for the whole site or is both possible and useful?
If I use the token auth variant, for example, then I can protect the Vue app very well but I cannot access the user information outside the Vue app. For example, the current profile picture of the user should appear in the navbar and not only in the vue app but also on the landing page, contact page etc.
How can I do this and what will be the best practice and thanks for your help!
Use token based Authentication
(Laravel Passport)
Use Token-based authentication system.
In this way, you'll be able to manage the entire application UI and role checking in the frontend only. I would rather prefer to go with JWT [https://jwt-auth.readthedocs.io/en/develop/laravel-installation/]. It's easy to use and the documentation is pretty good. It's even supported by Lumen also. If you wish to integrate any micro-service in your application future, then it's available in Lumen micro-service also.
I am about to open source a React Native app which interacts with a Laravel backend in production.
However, the client_secret from Laravel Passport to generate auth tokens is saved in cleartext in the React Native repo.
What security should I be concerned about and are there best practices I should consider? Is it possible to import keys from .env into React Native project? Surely anyone who downloads the app would be able to get those keys anyway?
I have a Laravel project with a passport api. I want my other websites to connect to this same authentification. In the future, even ios and android apps can authentify too. How can i set my other laravel projets to use this api oauth? Can i guard my pages with it?
Before doing anything i want to know if this is possible or if there is a better idea of doing this.
Short answer: Yes, this is possible!
Long answer:
Passport provides OAuth2 which is the very same authentication protocol used by Sign in with Facebook and sing in with GitHub etc.
So your app with Passport is the user provider and your other apps are consumers. In the case of the consumers any OAuth2 client will do the trick (as long as you can create a custom provider for your Passport "server" app).
Laravel got your back with that too with: https://laravel.com/docs/5.8/socialite. You can create a custom provider for your Passport "server" app.
TL;DR: Just like you would implement "Sign in with GitHub" (if you did that before) you can implement "Sign in with my Passport app" by writing your custom OAuth2 provider.
I cannot show much code since this will be highly specific but I do hope my story helps you find the correct packages/articles on how exactly to do this for your use case!
I tried to add wildcard domain to my existing app hosting as mysite.herokuapp.com - without a custom domain. The point is it's my test app and application itself allows end users create apps that would be visible as subdomains.
So I configured custom domain and wildcard for main prod app, now I want it to be done for my dev (test) app - so here I need only wildcard but not custom domain. If I try to do it I have "Can't add an additional Heroku domain." What to do to fix it? Is it even possible? Thanks!
UPDATE I have the official answer from Heroku support. It's impossible, I can only add wildcard domain to my custom domain.
We are hosting a web app on Parse's Cloud Code Hosting service but I'm having a problem getting the logged in facebook user in Express code. I can see that the client side it working when I call Parse.FacebookUtils.logIn and I can get the user in main.js using request.user when the account is logged in from an iOS app, but the same doesn't work in app.js. I've tried following the cookie handling code in this guide https://parse.com/docs/js/api/symbols/parseExpressCookieSession.html but I still get undefined when I try and access it.
I'm sure I'm missing something obvious but I'm not sure where the process is failing.
This seems to be a reasonably common problem;
https://parse.com/questions/parseexpresscookiesession-cookie-session
https://www.parse.com/questions/parseusercurrent-on-express-is-undefined-when-loggin-with-facebook
Then I finally came across this;
https://github.com/ParsePlatform/parse-facebook-user-session