Working on a project with django-rest-framework as backend and creating a basic functional frontend which is communicating to the rest-api(s) services using ajax requests.
At login, used Token Authentication for users.
How am I supposed to obtained token after successful login to another template where it can be used for further calls to backend for authentication and fetching data purposes?
Please guide me to the best tutorial or any relevant doc.
Any help will be highly appreciated! Thanks in advance!
Related
I've created a web application that uses the built-in authentication method for the web, once the user is authenticated he/she is presented with a dashboard page. At this moment Ajax calls to an API need to be made to fetch data for the logged-in user. What would be the correct approach to this to make it is secure?
As a next step, I would like to be able to use the API "stand-alone" as well, so a 3rd party could access the dataset through the API as well.
Right now I am looking into Laravel Passport as well as Spatie Permission package to help me with access control.
If you are using ajax calls in same domain it won't be problem with built-in authentication to give access to authorized users only, because tokens & sessions are accessible for laravel and you can get authenticated users by default.
If you want to make external api as well the best approach will be to use Laravel Passport and pass token in Authorization header as usual.
Hope this helps you
I am planning to use Firebase for auth purpose for my Application. The app has a java based back-end using Spring Boot. My understanding so far is that Firebase will handle different type of login options interacting directly with my front-end code and in return will give a token after user has logged in(primarily email based,Google or FB login). I have a few questions:
Does it provide a JWT type token that can be used in conjunction with my back-end without having to talk to Firebase servers from my back-end? I guess its not and SDK provides ways to validate token
Is there a good example of configuring my spring security to validate the the token and get user details?
I could not find a working example with Admin SDK of firebase using spring security.
What other tech stack options I have? I read Amazon Cognito could be one. My app is more of a POC and don't want to host my auth server as well.
What the recommendation on storing the user info in my own back-end or should I just rely on firebase servers to handle my user base?
Pardon my primitive understanding of Auth frameworks!
I'm building a Angular 6 front-end and Spring boot based REST api. Angular app is going to be hosted separately behind a nginx. I want to implement spring security in order to secure REST apis. As per my understanding I need to two following things.
Spring security to authenticate API calls for valid tokens and respond 403 if not
Angular library in order to redirect user to google login and maintain access/refresh tokens, pass access token for api calls in headers and refresh access token if backend respond with 403.
I'm not quite sure whether the authenticate request go via spring backend or directly to google.
I have been searching for a good tutorial for sometime but didn't find one matching my requirement( most are html pages hosted within spring ). So please correct if my understanding on how to do this is wrong and share if there are tutorials.
Check this article. This might be the article which help to you.
Moreover let me know if it worked.
We are building a link/iframe that users can use on their website to post information to our CRM via our API. I want them to authenticate with their own API credentials. Im not sure how to fix this because they cant pass their API credentials (apikey) to the iframe. Every user has his own url like iframe.domain.com/{user_id}. Based on the user_id i want to authenticate the user but i want to avoid someone else can use that link too and abuse our API. We have API IP whitelisting but i cant use this because the remote IP will be the IP of who is submitting the form and not the server that is hosting the iframe/form.
How would you handle this? Hope someone can help me out.
In case its relevant: both are build in Laravel.
Raymond
Can't you just give each user their own unique api-token? That way, each time a user accesses that URL, they have to put the token in the url (Like this : ?token="token")
I recently made my own NodeJS API for a mobile app. I used (JWT) JSON Web Token for the authentication. More details on the principle of use in this link : https://www.youtube.com/watch?v=8Ip0pcwbWYM
You should find a similar solution for Laravel with a Bearer auth.
I hope it can help you :-)
I followed this code and implemented the jwt authentication successfully. I am using this authentication in my web application. I am able to get the token on the login page. After that how to attach that token to the header of all the subsequent requests. I stored the token in local storage, but when I navigate to next page after successful login before js loads, the page getting loaded with 401 error.
How should I achieve this?
The problem is you're trying to use token based security with the Web MVC architecture. I did a quick search for any tutorials on how to do it that way and all I was able to find is examples of REST APIs that use token based security.
The reason is that with Spring MVC, each link you click is going to redirect you to a controller endpoint that is going to render the HTML and send it back to the browser. Unless you somehow made every link on your site include the token in a header or perhaps used a cookie to store the token, you'll get a 401 error because the token isn't present in the request.
If you were to use Angular JS (or your favorite front end framework) with a REST backend, you'll be able to use the JS to put whatever you need in the header to make sure the user is authenticated and has access to the resource. There a lot of example projects out there that demonstrate how to do this.
Disclaimer I haven't been able to find a reliable source that definitively says that token based security is for REST only. I'm basing this on experience and readily what I see out there in terms of tutorials and how to articles.
Ich totally agree to the answer from blur0224, you have to set the token in the request header of every link on your pages. I don't know how to achieve this. Furthermore I think that JWT token based authentication is not the right way for MVC based app. I would use it in SPAs build with frameworks like Angularjs.
Why don't you use the 'standard' Spring authentication?