I followed the Rails API quick start guide and I can create a user on auth0 or log in as an existing user and validate the web token, but I cant find next steps for creating a corresponding User model in rails.
Is there any guide that shows what callbacks or data is sent back when a user makes a request so I can associate a user in my database?
Related
The company I work for has a production ROR web application that handles user authentication using devise on backend. I´ve been asked to develop a mobile app using specific IONIC 3 with firebase template, This app works along with existing ROR web app and I cannot modify backend auth, so I implemented Firebase´s Custom Token authentication and had it to work. For testing purposes I registered manually user accounts in Firebase console using existing username and uids on my baackend, but when I try to login using a user account that is not manually registered, I get the following exception "there is no user record corresponding to this identifier" I know it is because there is no user wit that uid in firebase, but reading the documentation I found here it says "...After a user signs in for the first time, a new user account is created and linked to the credentials—that is, the user name and password, phone number, or auth provider information—the user signed in with. This new account is stored as part of your Firebase project, and can be used to identify a user across every app in your project, regardless of how the user signs in...." so my question is, Is there a way to have firebase register users automatically after using SigninWithCustomToken? Can anyone advise on a correct flow to achieve sync between current back end and firebase users?
I´ve never used firebase before and have not found more than very basic documentation.
Thanks in advance.
I have an app that uses ember simple-auth with torii and devise extensions.
My backend is on rails with devise to protect ressources. (BTW, I am a rails noob)
My goal is that I want users to be able to register/login with facebook, but I also need to authenticate requests made to my backend. (e.g. A user can only access his account info)
If I take each authenticators by itself, it works fine. For example, I can authenticate a user through facebook. And I can register and sign in on my rails server. However, I want the registration to happen through facebook( No forms to fill for the user)
The questions I have are:
- What information should I persist on my server so that I can identify a facebook authenticated user and authorize him to access ressources?
- Is there a more straight forward way to do it ?
- Does it even make sense to have 2 authentication processes ?
If you're using Facebook login the only data you need to persist is the App-scoped User ID (https://developers.facebook.com/docs/apps/upgrading#upgrading_v2_0_user_ids)
That's a unique ID generated for the user in your App. When the user logs into your App with Facebook you only have to get back this ID and then match it in your database.
I hope it helps.
I am creating an iOS app, and am working through the signup/login flow trying to understand how to structure my user model.
I want to allow users to sign up via facebook/twitter as well as using a standalone email/password if they don't want to authenticate through a service.
I am using auth0 to handle service authentication.
What is the standard process of storing / keeping track of my users if some are signing up through email/password, and others are simply authenticating through Auth0.
This is what I've come to so far:
My user model will contain the following properties at a minimum:
_id
name
email
password (will be blank for authenticated users)
auth0_id (will be blank for non-authenticated users)
How I will validate a user on login:
If a user who signs up manually (email/password) wants to log back in, I will check their email exists in my users table and then run a match on their password, if a match - return the user object.
If a user who authenticates through a service wants to log back in, I will make the call to Auth0, check their auth0_id exists in my users table, and then run return the user object.
Does this pose any security issues?
Comments/suggestions welcome!
I recommend decoupling your user and auth0 models from each other. For example:
User schema:
_id
name
email
password
Auth0 schema:
_id
auth0_id
user_id
I also recommend requiring a password on the user schema, and generating a strong password for users that register through Auth0. This will ensure that all users have a "standard" user account regardless of Auth0 and their continuing to have those services in the future (ex: the user deletes their Facebook account but continues to use your service – all they have to do is run through your "forgot password" flow).
Then have a standard login flow and an Auth0 login flow – the latter is the standard Auth0 flow, you check that the Auth0 ID exists and return the joined user record.
Did you consider using the email/password functionallity that is built-in in Auth0? That way you don't have to keep two different logics.
If a user starts out in my app unauthenticated and then logs in, I can have my Rails back-end return the user data, and create a User model in my Ember app.
However, what if a user starts out in the app authenticated? How can I use session to fetch the user's details from Rails?
I'm using the ember-simple-auth-devise authenticator.
I was able to use
this.get('session.user_email')
in my application route to find the authenticated user.
The better way to do it is to reopen the session object and add a property that references the authenticated user. See this example from the guides.
I have create the basics of subscription Paypal using the RailsCast and now I'm doing what is missing there.
Now I'm developing the process to do the Devise user registration together/just after the payment is done. For now, I'm trying something like this and this.
As the RailsCast got the e-mail from PayPal using this line:
#subscription.email = PayPal::Recurring.new(token: params[:token]).checkout_details.email
So, I thought that I could get first name, middle name and last name from PayPal as well. From PayPal documentation it seems that it is possible but I couldn't get it through paypal-recurring gem.
I have tried to see if I can learn what I have to do from paypal-recurring GitHub docs and code but I couln't find and tried some possibilities without success.
Is it possible? Maybe in another way not using paypal-recurring gem?
If you have another recomendation/reference to do this registration process, please, let me know.
Update
As #Andrew suggested PayPal IPN, I thought it would be better update my question as I want to have the first_name from PayPal as a default value to ease the process to the user register in my database but he or she may want to change to another name.
The process that I want is something like:
The user chooses his plan and to pay with PayPal
User is sent to PayPal
User fills payment info on PayPal site
User is sent again to my site
My site gets e-mail and name of the user from PayPal and asks the user to confirm or change the data, and provide his password to create the login to my site
My site uses the user data provided to register the user and sends the request to PayPal to request the payment and create the recurring profile
Ok, based on your current outline of steps you can handle that exact flow using Express Checkout.
SetExpressCheckout will generate a token for you, and you then redirect the user to PayPal. They review and approve the payment and are then redirected back to your site. There you can call GetExpressCheckoutDetails to obtain the email, name, address, etc. and display a final review page for the customer to confirm everything or make changes if necessary. Finally, you'd call DoExpressCheckoutPayment to finalize the payment using the customers confirmed details.
I would look at PayPal IPN (Instant Payment Notification). It'll POST transaction details to a listener script you have sitting on your server so you can process the data accordingly in real-time.