I'm looking for OAuth serverless provider with:
OAuth authentication for major providers
Access to the providers' API
I already spent some time playing with OAuth.io service and was able to build prototype based on NodeJS. I successfully implemented authentication with Facebook, Twitter, Github, Stackexchange, Google, Linkedin. Integration with Paypal failed.
That is what I found for OAuth.io:
Proc:
List of supported providers
User-friendly management console
Authentication flow, simple integration
Cons:
Access to Github, Linkedin API generates an errors due to changes in their APIs. Looks like these changes were not reflected in OAuth SDKs.
Low activity at Github. Last commit for NodeJS SDK was made in Nov 2016.
Is there any other OAuth serverless providers on the market?
Thanks in advance.
Another oauth.io user here. I like the simplicity of their SDK, but their dashboard doesn't work at the moment (only loading spinners).
A great alternative is https://auth0.com, lots of features and integrations. You also have access to the provider's API, like you asked. You can find an example of using Auth0 to access the GitHub API here: https://auth0.com/docs/connections/social/github
Since you mentioned serverless, auth0.com also have a very nice serverless platform https://webtask.io where you can run your own NodeJS functions in the cloud. I found it a much more intuitive/enjoyable experience than AWS Lambda, and it integrates directly with auth0.com.
Downsides of Auth0 are the steeper learning curve compared to oauth.io (they started off very simple, but now it seems they want to be the be all end all of auth) and less customisation of the login screen/flow. Basically they want you to redirect your users to a login screen that they host and designed.
Hope that helps!
Related
We are planning to make a recommendations engine for the features in the app and we were thinking about using GCP Recommendations AI. Then, we ran into some unclear areas due to lack of examples.
When we send POST requests from iOS (swift) to GCP, is there a way to get access-token for the header field "Authorization: Bearer $(gcloud auth application-default print-access-token)" using Firebase iOS SDK? Could you please point us to some resources that we can follow. If it's not possible to do easily, what is the easiest secure method that you recommend? Any resources? example use case, we found.
Could you guys please help us with this?
Calling the Google Cloud Recommendations AI API requires that you specify the OAuth2 access token for a Google account.
Firebase Authentication uses a JWT ID token to identify the users. These are not Google accounts, as for example you could create a user with email/password that Google's account system knows nothing about.
It is idiomatic to only call the Google Cloud APIs from a trusted environment, such as your development machine, a server you control, or Cloud Functions. This is done to protect yourself from abuse, as (unlike Firebase services) most Google Cloud APIs don't provide a mechanism to control access directly from the client.
So you'll typically want to wrap the GCP API in custom server-side code, that checks whether the user is authorized, and then call that from within your client-side application code.
I'm having difficulties finding documentation for auth0 and microsoft graph integration. My end goal is to have a SPA that can login with a microsoft profile to auth0 (connected to azure ad). Then I want my app to get a token for microsoft graph and do some api calls.
As I've understood it so far, auth0 does not allow you to get the access token to different identity providers in a front end application, but rather that they should use a proxy to get this token. My flow therefore is:
I login with a SPA auth0 app (using a microsoft identity)
This is then used to authenticate to a backend server using a api registration in auth0
The backend has its seperate machine-to-machine app in auth0
Backend api uses this seperate app to get access token to auth0 management api
Current user is fetched (based on the logged in user from front end app login) from management api,
Here i find an access token under the azure identity (if I do the same in the front end, the access tokens are omitted)
Token does not work to call graph, I am unsure of where to send it next.
I am aware that the above is probably completely wrong, that's why I am here :)
My questions are:
1) Is it even possible to get an access token for microsoft graph starting from a login to auth0 in the way I want it to. If not, can it be done from a backend?
2) Does anyone have a link that discusses this, ideally with some code samples.
To answer your first question:
1) Is it even possible to get an access token for microsoft graph starting from a login to auth0 in the way I want it to. If not, can it be done from a backend?
I have had the chance to authenticate apps using the microsoft identity library called MSAl whose documentation is found here. It gives a pretty detailed way to authenticate directly from your SPA.
I have also used the microsoft javascript sdk as it comes inbuilt with token caching and refreshing so that I do not need to build that for myself.
In relation to this,
Does anyone have a link that discusses this, ideally with some code samples.
You can find the samples well described in the samples section of the SDK
I hope this helps.
I am building a third party client/app that needs to authorize a user via OAUTH2 before the protected Resource Server can be accessed.
I am hoping someone can help guide me with the process that I need to undertake to make this happen.
The client app and the Resource Server will both be hosted on a cloud server and managed via PaaS. I will be using a SSO (single sign-on) service to help with environment authorization flow and building the client app using NodeJS and a JavaScript framework (VueJS).
I am required to use a third party/enterprise security authorization server from my employer and not a social network (Google, Facebook, etc).
With the above items laid out, is there a recommended JS library to help me achieve a successful OAuth flow? I've never done this before and not sure where to start. I see PassportJS may be what I am looking for, but not sure if there's an easier library to use for a newbie? It must be a free, not a paid service.
Thank you!
I'm trying to create an Amazon Alexa service that will take advantage of the Microsoft Graph... This is built with Node.js.
Currently when using my standard Outlook.com Microsoft Account to sign in, I get redirected to a Microsoft page that says
Microsoft account is unavailable
Microsoft account is unavailable from this site, so you can't sign in or sign up. The site may be experiencing a problem.
You can sign in or sign up at other Microsoft Sites and services, or try again later at this site.
I have been using https://login.microsoftonline.com/common/oauth2/v2.0/authorize as my authorization URL in the Alexa config account linking section. and using the Node Microsoft Graph JavaScript SDK library in my code.
I'm wondering if the Node library I'm using is the correct one? Has it been deprecated? Or is there something else going on here?
A common misunderstanding with Microsoft Graph is the separation of concerns between the API and Authentication.
You do not actually authenticate against Microsoft Graph. Instead you authenticate against the directory that holds your account, for organizational accounts this is Active Directory and for consumer accounts this the Outlook.com.
Once you have authenticated, you use the token you received back to identify yourself when calling Microsoft Graph API.
This is where you (and many others) get tripped up at first. Just as there are two concerns (Auth & API), there are also two separate SDKs. For Node.js you're looking for:
Microsoft Authentication Library (MSAL): This handles authentication for both Azure AD and Microsoft Accounts.
npm install msal
Microsoft Graph JavaScript Client Library: This is the client library for Microsoft Graph. It will provide the objects and methods you need to simplify calling the APIs.
npm install #microsoft/microsoft-graph-client
This should give you the tools you need to get started. There are some things around App Registration, OAUTH and Admin Consent that you'll likely run into as well. For these, you might find these helpful:
Microsoft v2 Endpoint Primer
v2 Endpoint and Implicit Grant
v2 Endpoint and Admin Consent
Hope this helps!
I have recently implemented Microsoft OAuth2 to retrieve data from the Graph API (and more). Now I wan't to integrate with some of the social functions in the Yammer API but I can't find any info whether this is possible.
It seems unnecessary for me to have to force the user to auth against two different OAuth endpoints when judging from Yammer Embed, the Microsoft SSO is enough to authenticate in (Microsoft-owned!) Yammer as well.
Maybe I'm just not understanding OAuth enough, but it does mean that I will have to authenticate first against MS OAuth2, then to Yammer OAuth2.
EDIT: Just after I posted this, I found the "Yammer impersonation" page which I missed earlier: https://developer.yammer.com/docs/impersonation
It is very short on details, is this a viable way to avoid the user actively having to sign in to Yammer?
We have a paid Microsoft service including most applications, btw.
Further EDIT: I mainly want to use the API to get some statistics on nr of likes on a post etc., not really any personal info at this point.
If you register your app with AzureAD you can require scopes for the Graph API and the Yammer API at the same time. There will be then only one OAuth flow and one consent screen.