I'm traying to develop a web app using Dart for both sever and client.
Anyone know if exist any tutorial for implement User Authentication using the features included in Dart library ( Http Server, Session, Cookie )?
I believe you can use the rikulo security addon.
You can find here is a good example.
Related
I tried to build a mobile app (client(mobile) <-> server) and i'm going to use google API to authenticate and identify my user and to sync to my server.
which is the best method to achieve this?
I was thinking to use below method:
Mobile app get authorization code
send the code to server
server contact google server to get access token
both server and mobile client use the access token to access data from google. <-- is this access token generated portable? means: i can use it in server as well as in mobile app?
i'm not sure if above method is the right method that i should use, if it the right method, is there any reference that i can follow (esp. in python) - i tried to read developer.google.com but it's quite humongous type of API there and i got lost...
Thanks for the kind advise
We have a custom built web app backed by a REST API. We already have existing user accounts that are created via our system. We've just recently integrated Domo to do reporting and they recommend Okta.
Is it possible to get have users sign in on our site and in the background also sign them into Okta via an API call/OAUTH request etc?
Yes it is. The methods are available via the API, and I just created app that demos exactly this in Python. Check out http://developer.okta.com/docs/api/resources/authn.html for links to test stuff in Postman. My basic approach was to have Okta be the system of record, but it can certainly be the other way :)
What is the recommended way to restrict my django rest framework APIs to be available to my mobile and web apps only ? I'm using django-rest-auth to authenticate my users. There are some APIs that can be accessed anonymously. But I need to make sure that all the APIs are available only through my apps (mobile and web).
Any help/tutorials are highly appreciated.
Thank you
You need to setup the authorization scheme at the configuration level to restrict it to your mobile / web app only and explicitly set the public ones at the class level. See http://www.django-rest-framework.org/api-guide/permissions/#setting-the-permission-policy about implementation details.
Because all requests can be sniffed you can't use any Secret-key or check for HTTP origin (it can be faked easily).
For mobile you can try using secret-key generator with some special algorithm. Fro example MD5(current_time + your_secret_phrase). Then you will be able to verify that code is acceptable. It will make using your API almost impossible for sniffers.
But for Web you can't do much. All headers can be faked. The only way - user authentication.
You can, of course, use Secret-key and change it every month/day/hour. But is it worth it?
I want to integrate a oauth 2.0 server system to access my login externally
I found CodeIgniter-OAuth-2.0-Server in internet but that code seems to be deprecated. It would be a bad idea to integrate it with my codeigniter?
You know of some other project oauth 2.0 server for my codeigniter?
much thanks
This php server is very good and up to date https://github.com/bshaffer/oauth2-server-php, and very well documented http://bshaffer.github.io/oauth2-server-php-docs/
You have to do yourself the implementation with codeigniter, but i think that is the best way
For more information take look at : http://oauth.net/2/
I have the task to build a new API. The API will mainly be used by tablet applications.
I'm thinking of using the new ASP WebApi.
My biggest concern however is the security part. Because the apps will be build by third-party companies, we do not want that usercredentials will be entered in their application, but redirected to our site (authenticationserver).
I have done some researching and I came accross OAuth 2.0. For working with mobile devices and tablets it's probably the best to work with the 'autohorization code flow' principle -correct me if I'm wrong-.
Am I thinking in the right direction or are their simpler authentication systems to achieve my goal?
Are their any frameworks (.NET) available (or documentation) how to create an Authentication Server and how to use it in the Asp webapi?
Is it easy these days to implement oauth2.0 in an IOS app?
Thanks for any help!
OAuth 2.0 authz code based grant is suitable when client app is a Web application. Will the apps that are going to be built by third party all be Web applications? There are HTTP redirects involved in that flow.
In OAuth 2.0, there is a client, there is a resource server (Web API in your case) and there is an authorization server. There is no such thing as Authentication server. Are you referring to some thing else?