Usually when I build a new website I create a .NET or PHP website. These website either connect to a MySQL DB or an external API. To do this I can securely store my credentials to these services and the back end will authenticate to them. Now since I want to build a Progressive Web App which is front-end only, how can I securely auth to these? Does my PWA have to have a login page that returns an API key that is dynamic? Thanks
Progressive Web App (PWA) is not front-end only. You can see the definition and the PWA Baseline too clearly understand what makes a PWA.
The problem you have mention is authentication on Single Page Web apps (which is front-end only). Here is the first article from Google with keyword "Single page web app authentication".
Token Based Authentication for Single Page Apps
Related
I've a website ASP.NET Web API which have scaffolded auth code (I used built-in google auth), it's has both api vĂ mvc view. Then I'm building a Google Chrome Extension which to be a client of the website.
I'm looking for solution / best practice to have single-sign-on among this system. Should my website have to auth first and store token in cookies. And chrome extension will send request with token queried in the specific website cookies. If no token has been found, the chrome extension will open website auth form (google login form) to the user and continue website auth flow. the flow end will trigger chrome extension's callback to repeat the request. My design is very manual handle and I hope there's a better practice I can learn.
I am developing a SharePoint app that communicates with social feeds such as Twitter, Facebook (the user has to sign in ofcourse through the App using OAUTH). My problem is that everytime I deploy the app (using VS) it generates a new url and I need to keep registering this url with the community sites (Twitter, Facebook). Is there another way to overcome this problem.
I guess you are talking about the App Web wich is created every time the application is deployed (url has a form like that https://prefix-id.tenantdomain.tld/pathOfWebItHasBeenDeployedTo)
This is by design and here is some documentation about it
Then I guess the problem is because you're using OAuth implicit flow which requires url not to change over time. Unfortunately this is a by design limitation, to work around that you'd have to transtion to a provider hosted application. (therefore hosting it on your own server with a fixed url)
I have a webpp that is built on Django. I want to implement Facebook/Twitter login to increase convertion rates. The app is hosted on AWS EC2 and the domain is purchased under Namecheap.
Is it required for the webapp to have HTTPS in order to use OAuth for Facebook/Twitter login?
SSL is not required for Facebook or Twitter OAuth.
It's required for certain other bits of Facebook API functionality (page tabs and canvas apps), but not website login.
This doesn't seem to be explicitly documented anywhere, but I just tested both FB and Twitter login for one of my apps on a non-SSL page, and it worked perfectly.
I just got Visual Studio 2013 loaded up and want to create a new web/mobile app that uses the same authentication for the website version and the mobile version.
I loaded up both templates (MVC5 w/Indivual Account & WEB API w/Individual Account) to check them out but it looks like I actually want to do a merge of those projects so the MVC5 uses the Web Api 2 OWIN for normal username & password authentication along with Social Media logins via Oauth.
SPA - I did look at this template but I'm not looking for a SPA as my website will need to be SEO friendly plus I know MVC and want to keep using it.
This would seem like an obvious template that developers would like to have in order to support both websites and mobile apps in the same project.
If your target is to share user accounts between the MVC app and the Web Api app, then all you need to do is to have them both point to the same UserStore.
I think this is what you are looking for:
http://leastprivilege.com/2012/10/23/mixing-mvc-forms-authentication-and-web-api-basic-authentication/
I'm working on a Windows Phone 7 application with C#.
I want to implement my login page using Facebook account. To do that I'm using codeplex Facebook C# SDK.
How can I do that?
Thanks.
You can use ACS for that. See here. (answered your other question too)
In short (assuming you are writing a native app):
Your app (e.g. REST services) trusts ACS. For this you expect a SWT (Simple Web Token) that is issued by ACS
In your app, you embed a web browser that navigates to the app, to ACS and Facebook
Once the token negotiation happens in the browser, you extract the SWT and you pass it to the native app
All subsequent calls to your API include the SWT
If you are writing a "web" app for the phone, then it all just works.
In both scenarios, you would use WIF in your backend. It it is a REST API, you need the OAuth extensions mentioned in the link. If it is a web site, it all works OOB.