Mean.IO - how to implement additional OAuth providers - mean-stack

mean.io does a great job of implementing a number of Oauth providers out of the box, unfortunately I want to use Spotify which is not one of them.
Mean.io uses passport which means that it should be as easy as implementing the passport-spotify npm module. However I am having difficulty understanding how mean.io's Oauth comes together. I also am having difficulty finding relevant information on how it works.
I can see that there is a config file in the config folder where the Oauth providers are configured but I can't tell what happens past there.
Is anybody able to point me in the right direction on how to implement an additional OAuth provider with mean.io?

Strategies
Passport has a comprehensive set of over 140 authentication strategies
covering social networking, enterprise integration, API services, and
more. The complete list is available on the wiki.
You might be interested in this one:
https://github.com/JMPerez/passport-spotify

Related

What are Istio alternative for Authentication Policy and what is Istio flow for development?

At this url you can have a look at my project jut to have some context:
https://github.com/Deviad/clarity/tree/feature/hyperledger
Long story short I am building an open source framework for building Escrows that can take advantage of the latest PSD2 https://www.openbankingtracker.com/
It support Cryptocurrency payments and implements some sort of side chain in order to have a proof that a contract was signed.
Basically of all of the things that Istio does what I really need is the Authentication Policy using JWT.
This in order to avoid writing this part in every microservice that I am creating.
Of course the gateway is also something important.
The main issue is that I have no idea while I am developing using my IDE (Intellij IDEA) what I can do in order to avoid having to stop, rebuild and start containers every single time I need to rebuild since once I use Istio, I will need to use Istio also in development, otherwise I would have to write some dummy services that fake the authorization from istio when I want to check if a certain user has the permissions to access a resource.
What possibilities I have to have a lean workflow with Istio and eventually what alternatives to Istio do I have?
As for the workflow part of my question, I have found a possible solution:
https://garden.io
There is a nice workshop available here:
https://www.youtube.com/watch?v=Xfi9XqcZ76M

Security concerns using Spring as backend for mobile app

Me and a team built a small "meet people" app last semester that used Spring linked to a MySQL database as the backend. I am working on my own app now and I'm worried about security because all of our user information was sent over HTTPS GET requests to the server. It seems weird to me that we were able to hop on google chrome, type in xxx.xxxxx.xx:xxx/user/2 and get back a JSON with all of a specific users information. If anyone knew our url/port, they would be able to access this information themselves.
I'm sure this is a basic question, but what steps do I need to take to create a Spring backend that isn't as easy to access? I'm basically a total beginner in this, but I did write the service in Spring last semester so I know the basics.
You can use Spring Security which is a very good project and easy to integrate.
There are many types of security features it provides :
Basic Spring Security
Role Based Spring Security
baeldung.com and howtodoinjava has a very good series on it.
You can also use jwt-authentication-on-spring-boot which is also a good way to secure the APIs.

How to use Laravel Socialite with Laravel Spark

Is it possible to use Laravel Spark on a site where logins are controlled via Laravel Socialite? The documentation doesn't make this immediately clear to me. I understand I wouldn't be able to utilize the 2-factor authentication. Without access to the source code I can't scope out the difficulty, so I'm hoping someone who's used it can assist in answering this.
First
Laravel Spark is not meant something to integrate with an existing project. Its something to start with it, which save your time so don't 've to integrate common things and quickly implement / integrate / enhance your custom business / application requirements. Visit https://spark.laravel.com/ to check what you'll get ready made when start with Spark.
Here's what the official website says.
Spark provides the perfect starting point for your next big idea.
Forget all the boilerplate and focus on what matters: your application
Second
Spark is not free, You need to buy subscription key "Spark API token" which will lead you to install / use speak and start modify that for your business needs.
However
If your application already build on Spark and you are looking for features that offer by new version of spark, you might need to upgrade your Spark. You can check your Spark version by php artisan spark:version command
Updating might break your application, you need to be always careful
and follow the official guide and do backup.
Using Laravel Socialite with spark
You should be able to integrate socialite on your laravel application build on spark if that's your application business case or application requirement like any other requirements. This might be tricky to enhance the spark authentication code or follow spark approach to implement features. If you are a paid customer of spark you can ask for support. And to scope out difficulty you can go through the comments of this post https://laracasts.com/discuss/channels/spark/integrating-socialite-with-spark , it seems devs are already trying to integrate those.
Spark and the 2-factor authentication issue
I seems that spark latest version already integrate two factor authentication support. Here some text form official doc
Spark makes it simple to offer two-factor authentication to your
users. Two-factor authentication provides your users additional
account security by requiring them to provide a token during login in
addition to their username and password. This token is generally
retrieved from an application or SMS on their cellphone. Read more on that https://spark.laravel.com/docs/6.0/two-factor
Finally
Here's a screencast for a quick overview of what Spark is https://laracasts.com/series/laravel-spark/episodes/1
Hope That Helps

Authenticating GeoServer REST calls with certificates?

To meet security requirements, our project needs to move our GeoServer credentials(account/password) out of the code base. Is it possible to authenticate REST calls with certificates, or any other method besides account/password credentials?
The answer is 'yes'!
Exactly how requires working out a few details. If all users are required to provide a certificate, you'll likely want to sort that out at the container level (Tomcat, Wildfly, etc).
Once GeoServer has a certificate, you'll likely want to set up a role service to map users to roles.
The docs for GeoServer's security system are great. I've read them multiple times, and I'd strongly encourage checking them out: http://docs.geoserver.org/latest/en/user/security/index.html#security
Since you mentioned certificates, I'd suggest reading this tutorial: http://docs.geoserver.org/latest/en/user/security/tutorials/cert/index.html.
Since you mentioned security REST endpoints, I'd point out
http://docs.geoserver.org/latest/en/user/security/rest.html. I believe some of that configuration can be done through the GeoServer admin UI.
As a note, GeoServer is highly modular; you may need to install a module or two to connect to an LDAP server or modify how the security settings, etc.

Does a Talend connector to Google Contacts exists?

I have a pretty simple question (for once :D) :
Do you know if a talendconnector to google-contacts exists ?
I can't find one into http://www.talendforge.org/components/, neither on the 4 first pages of Google itself.
As a fallback, do you think it would be possible to wrap a Talend component around google-contacts ... I guess yes, and so I would be surprised that no one had already developped it !
I've not seen a Google Contacts connector in Talend but there's a problem in the fact that to access the API you will need to auth via OAuth2. There's currently nothing standard in Talend to help with this (although it would be pretty useful) but Gabriele Baldassarre who semi regularly answers questions under the Talend tag has built a series of components to access Twitter data which has a similar OAuth requirement.
His website might be a useful reference to building this should you want to do so.
Edit
As of 5.4 Talend's RESTful components such as tRestClient now support OAuth2 so it is possible to provide OAuth2 tokens in your RESTful connection to help you connect to web services secure by OAuth2. There's not (as of yet) a Google Contacts connector available but you could replicate it now.

Resources