Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I'm developing eBay Sinatra application and need to authenticate an user by their login and password to give them the ability to request their information from eBay by themself. By authentication I mean authentication by redirection (or something like) to eBay and entering their login and password. It's similar to Facebook authentication.
I did a research but found almost zero.
Your suggestions?
Omniauth has a strategy for ebay authentication. I haven't used it but omniauth is a competent gem for handling different login strategies for various sites out there. Recently I have used omniauth with rails but a couple of months ago I did likewise with padrino so I think it should work nice with pure sinatra also.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 1 year ago.
Improve this question
I'm looking for help in choosing the right, most modern and safest way to authenticate. I'm using Spring as backend along with Angular on frontend. I'll add that I want to use OAuth2. I've really searched quite a few sites and haven't found a straight answer. I'm really confused...
I started with this implementation, but than I stopped after reading this recommendations. So far I know that I should use Authorization Code Grant with PKCE.
How is it done in applications that are already in production?
The most sensible (as I think) option so far is implementing auth with Keycloak. Is embedded version reliable?
If you want to secure your API with OAuth there are many products out there which you can use (both open-source and paid solutions, if you search for "identity server" you should be able to find a few solutions). Keycloak is a viable option, but there are others.
When it comes to choosing a flow, I would also go with the Authorization Code Grant with PKCE. This currently is the recommended way, especially if you'll be performing OAuth flows directly from your Angular app.
That's another decision you would have to make - whether you want your frontend client contact the Authorization Server directly (then you have to handle tokens in the frontend app), or you want to call your backend and have the backend talk to the Authorization Server (then you would probably have a session cookie, and associate the session with any access tokens).
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm trying to figure out what's the correct way to authenticate users with Passport for a Vue SPA. I can't figure out which grant type I should use considering that implicit grant is not recommended by IETF’s OAuth working group and the other methods require to pass the client_secret with the request, I'm a bit lost...
I was thinking password grant but I receive a refresh token and it’s not really secure to store it in the localstorage.
I also thought about the cookie injected by laravel passport in every request but I can’t find out how to login from my SPA with this approach...
Any lead on what’s the best / more secure way to do this ?
Thanks!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm new in laravel, I want to create basic Laravel API without login authentication to get the token. Is there a way to create a static API token that can access fron header?, any answer would be appreciated.
You should use Laravel Passport definitely.
Documentation of Passport and underlying Oauth2 Server, could be a way better.
But despite this fact, it is a way to go, for building real, good working API.
If you want to use password grant token only (which is the most used scenario) then this post might be helpful to you...
You can do it using Laravel Passport. Read the documentation here https://laravel.com/docs/5.6/passport
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am writing a Springboot application that needs to authenticate users to an OAuth2 client provided by another group. The OAuth2 client provides two authentication schemes: form and sso. The application I am building needs to use the sso scheme because the application has no option to redirect the user to a login form.
Spring security contains an enum that provides the security.oauth2.client.client-authentication-scheme options that can be used, sso is not one provided so I need to be able to somehow extend this or provide a custom option.
Ultimately the application needs to generate a GET request that will take this form: https://iapi.mycompany.com/authentication-service/v2/authorize?response_type=code&client_id=myClientIdHere&redirect_uri=https:/myclient.mycompany.com/redirect&state=someStateString&login_method=sso
As far as I can tell it's really only the login_method=sso part which is the custom part that needs producing. Any ideas on how I can convince Spring security to do this for me?
Turns out the solution is to comment out the security.oauth2.client.client-authentication-scheme property in application.properties and to append ?login-method=sso to the security.oauth2.client.user-authorization-uri property.
Final property looks like this:
security.oauth2.client.user-authorization-uri=https://iapi.mycompany.com/authentication-service/v2/authorize?login_method=sso
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am new to Laravel and I noticed that it has an auth library but I would like to know what threats does it protect against. For example, does it use any technique to protect against brute force attacks?
Laravel Auth library/class only autheticate the user (or whatever you may authenticate) in your system and using it with the filters, you can garantee that the user only see what is permited for him to see. It does not really care in secure your system against attacks, for exemple. That's is on you!