I want to use the QBWebConnector for an app that has multi-tenant DB. It means I need to know the tenant when my app receives data from QBWebConnector to populate the DB correctly.
I am using a PHP kit from consolibytes.
What are my options here?
I see that the functions which are called for building and receiving XML request have params like $user and $extra.
The $user is the user which is used by QBWebConnector to authenticate with the SOAP server.
So should I create multiple QWC files for each tenant as a user and use that to identify the tenant?
And what is this $extra in the param? Should I use that? If then how?
I also see we have callback options and hooks when we create QuickBooks_WebConnector_Server. I am not sure the use of them but can they be used in any way?
Thanks for taking the time to help me.
So should I create multiple QWC files for each tenant as a user and use that to identify the tenant?
Each tenant in your application should have their own username, and thus their own .QWC file.
If your application has multiple users per tenant, you do not need a .QWC file per user. You need a .QWC file per tenant.
And what is this $extra in the param? Should I use that?
The $extra param is for passing additional data to your callback functions. It has nothing to do with tenancy or authentication, so don't use it for that.
I also see we have callback options and hooks when we create QuickBooks_WebConnector_Server. I am not sure the use of them but can they be used in any way?
They can be used, but not for tenancy or authentication.
Related
I'm building an app using Vue and Rails.
I have both the frontend and the backend separate (in separate folders)
The frontend is generated with vue-cli.
I have a situation where, I want to send some data to the backend via websockets, I want to set that data in something like a session object, and then access that data again on subsequent websocket interactions. Is that possible?
Would I need to set some kind of token in the browser, some kind of identifying token?
This seems like it would be a common problem but I can't find any information on it.
If you are utilizing session in rails websocket/connection.rb you won't be able to access it directly, but you can access it through the cookies object. The rails docs say this is labeled ['_session'] but for me on my browser it was ['_session_id'] then whatever data you set within session like a user id ['user_id']
cookies.encrypted['_session_id']['YOUR_DATA']
I am developing a web application using rails and devise for the authentication. There are two types of users, one who are able to have multiple concurrent sessions (super) and the others who can only have a simultaneous session (normal). In order to implement this behaviour, I have added a new field on the User model to store the authentication_token (generated in the SessionsController#create). Also, I added a new filter to the ApplicationController which check if the stored token in the session is equal to the saved on the User model when it is a normal user. When it is not the same authentication token, we logout the normal user.
Now I am developing a new ionic mobile application which needs to login to the same rails application. However, in this case all user types can have multiple concurrent sessions. In order to do this, we would like to continue using devise (although we have also considered to use doorkeeper with password flow).
I am not sure about the best approach to get this. The main problem is to detect if we are accesing the API with the rails or ionic application. One approach is to add a parameter but I don't like to use a parameter in all requests. Another approach it is to use browser gem, but we can access the web from a browser in the mobile.
When we uses the rails application, we can use the same behaviour described above. Otherwise, I think it is not necessary to do anything because devise permits concurrent sessions by default.
Another posibility it is to use a new model to store the authentication token and its type (rails or ionic). If we are using the rails application, then we query the rails authentication token and override it (or create if it does not exist). On the opposite, we add the new authentication_token as a new instance related with the user model. With this behaviour we can manually control the expiration of the tokens and store more information (IP, browser...).
I am not sure about the best approach to achieve this behaviour. Thanks in advance.
Based on the EntityFramework and CustomUserService samples, I'm trying to authenticate users against a separate user database.
In the factory, I'm registering the service like this:
factory.UserService = new Registration<IUserService>(resolver => new CustomUserService());
However, if I want to use multiple user databases, how can I inject the repository or the connection string that I want to use?
The goal is have different clients getting authorization to use resources (like API) from the same authorization server, but point to different user repository. So, identity server would use a database where clients, scopes, redirect URIs, etxc, would be set. But to authenticate a user, I would like to use different database, depending on the client.
Is there any way of doing this?
Thanks
We had a very similar problem and solved it by using the tenant on the acr_values i.e. on the call to /connect/token, we passed in the following in addition to username, password etc:
acr_values=tenant:YourTenantString
YourTenantString will identify the database environment and from there, inside your user service you can extract it via:
var dbid = context.SignInMessage.Tenant;
from dbid we are able to get the connection string from config
I am trying to implement XPagesSBT on localhost.
I have followed this article http://heidloff.net/home.nsf/dx/12152011034545AMNHECAP.htm and the SBT document by Niklas and was trying to implement dropbox oAuth.
I have also placed http://localhost/XPagesSBT.nsf/ and http://localhost/WebSecurityStore.nsf in root folder
but still i get this error
Error while executing JavaScript action expression
Script interpreter error, line=1, col=26: Error calling method 'isAuthenticated()' on java class 'com.ibm.xsp.extlib.sbt.services.client.endpoints.DropboxEndpoint'
No application is registered with id XPagesSBT and provider Dropbox
if(!#Endpoint("dropbox").isAuthenticated()) {#Endpoint("dropbox").authenticate(true);}
do i need to make any other configuration /setup to XPagesSBT db? or it wont work with Localhost?
I don't remember exactly anymore but reading my blog entry you linked it says you shouldn't use Anonymous:
"Additionally there are a couple of security related settings which are important to understand. First of all you need to assign access to the document with the application keys to the ID with which you signed the two NSFs. In the screenshot above I've entered both OpenNTF servers and my own user ID. When you use the web UI to do this these names are added to the document in an authors field and a readers field.
In the last step you need to configure the ACL of the security store. Anonymous must not have access to this database. All users who you want to be able to use the Social Enabler OAuth functionality need to have author access. This is so that their user keys can be stored in this database so that they only have to do the OAuth dance once. "
It should work on localhost. It looks like a configuration issue with SBT not being able to read the security tokens from the websecuritystore.nsf . Did you create the Dropbox Application Key with an admin id and sign the websecuritystore with the correct id?
Padraic
we want to manage the credentials of the actions of the backend from
the backend.
How to get the list of the actions of an app? After that we could show
the credential of each one through getCredential().
2nd question: i found the function to get the credential of an action
(getCredential()), but how to set the credentials? I didn't find any
setCredential() function...
Javi
I agree with much of what has already been said regarding whether or not this is a good idea.
Regardless, to do what I think you are asking:
Credentials needed for an action come from this method in sfAction:
public function getCredential()
{
return $this->getSecurityValue('credentials');
}
You can overload that in your actions (or extend it in a new subclass of sfActions and have all your actions extend that) if you want to do something more complicated, like pull credentials from a database or some other source.
Getting a list of actions of an app has nothing to do with credentials. It's a matter of convention how the credentials are named or organized. Actions and credentials are independent. You could have one credential per whole application or define one credential per action. Still, you manage credential separately.
If you really want to get list of actions you could parse the routing file.
You could also use PHP's Reflection mechanism to get methods out of the action classes.
However, sfDoctrineGuardPlugin/sfGuardPlugin offers you sufficient credential management for most of the applications. I'd rather go with this approach.
2n question: There's no setCredential() method but there is an addCredential().
Let's start with your second question first, to firm up our grasp of how credentials in Symfony work.
Credentials in Symfony are set via the security.yml file the config directory of the module. A security.yml file might look like this:
all:
is_secure: true #makes all methods on this action require user's to be authenticated
edit:
credentials: [admin]
show:
is_secure: false #don't require authentication for this one
You cannot change the security settings of an action from the backend unless you want to actually write a new YAML file and clear the old one from the cache (not recommended). If you really needed dynamic credentials on an action, I would store some sort of switch (lock file, APC, database) and use a filter to dynamically set the credentials required (also, not really recommended).
Can't you do whatever you're trying to do with a standard user/group/permission setup?