I have a Firebase database that authenticates with a Google account. Currently I have a <google-signin-aware> element that details the app's sign-in details for use with the Google Sign-in API, and upon sign-in authenticates a Firebase reference with the access token returned by the Google sign-in.
From the callback for <google-signin-aware> element on successful sign-in:
var ref = new Firebase("https://<myapp>.firebaseio.com");
var access_token = gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token;
ref.authWithOAuthToken("google", access_token, function (error, authData){/*...*/});
To try to integrate further with Polymer, I'm migrating to the <firebase-auth> element which is a "wrapper for the Firebase authentication API". However I cannot find an equivalent method to authenticate with an access token. The login() method has two parameters, is there any way to feed the access token to the login method so that Firebase authenticates with this token rather than its own pop-up window?
The <firebase-auth> element has an internal Firebase reference ref that you can access by calling
var ref = document.querySelector('#fbauth').ref
And then auth as normal
var access_token = gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token;
ref.authWithOAuthToken("google", access_token, function (error, authData){/*...*/});
You might be interested by my custom set that extends Firebase Polymer element set: https://github.com/MeTaNoV/firebase-element-extended
Related
I'm trying to implement the authorization code model using the Google Identity Services SDK, as described in Use Code Model. I would like to use the popup mode.
I managed to initialize the code client and receive an auth code with this Javascript code:
tokenClient = google.accounts.oauth2.initCodeClient({
client_id: CLIENT_ID,
scope: SCOPES,
callback: '', // defined later
ux_mode: 'popup',
})
...
tokenClient.requestCode({prompt: 'consent'});
When I receive the auth code in my callback, I relay it to an endpoint on my platform, as described in Step 5: Exchange authorization code for refresh and access tokens and I try to exchange the auth code for a refresh and access token in Python:
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
'client_secret.json',
scopes=scopes,
state=state
redirect_uri=redirect_uri
)
flow.fetch_token(code=code)
The problem is that I use this code with an empty redirect_uri, I get an error "missing redirect_uri parameter". If I specify a redirect URL defined in Google Cloud Console, I get an error "redirect_uri mismatch". And if I try to use the same redirect_uri as the one sent in the initial popup request (Google seems to use storagerelay://... in this case), I get an error that "it doesn't comply with Google Oauth2 policy".
It appears that in any authorization flow when you get an authorization code on the client side and then pass that to your server for token exchange you have to use the string literal "postmessage" as your setting for redirect_uri.
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
'client_secret.json',
scopes=scopes,
state=state
redirect_uri="postmessage"
)
flow.fetch_token(code=code)
This very important fact seems to be curiously absent from the documentation from most of the google client libraries, but it works for me. Hope this helps!
I have the following permissions granted in my Azure AD App:
App:
Read calendars in all mailboxes
Read and write calendars in all mailboxes
Read calendars in all mailboxes
Delegated:
Read user and shared calendars
Read and write user and shared calendars
Read and write user calendars
Read user calendars
Read and write user and shared calendars
Read user and shared calendars
Registration Screen Shot
I am successfully generating an Access Token like the following:
const string clientId = "my-client-id";
const string clientSecret = "my-secret"; // C
var tenant = "mytenant.onmicrosoft.com";
var authContext = new AuthenticationContext($"https://login.windows.net/{tenant}/oauth2/token");
var credentials = new ClientCredential(clientId, clientSecret);
AuthenticationResult authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com/", credentials);
With that Access Token, I am trying to make a basic request to /CalendarView passing the Bearer token header:
https://outlook.office.com/api/v2.0/users/my#email.com/calendarview?startDateTime=2017-11-12&endDateTime=2017-11-13
However, I keep receiving Access Denied. Are there additional permissions I need to set? Am I calling into the correct endpoint?
You don't include the body of the error response, but my guess is that you're hitting this because Exchange won't accept a token generated with a shared secret. Instead, you need to use a certificate-based assertion to request the token. Azure documents this a "Second case: Access token request with a certificate" here.
I actually was able to figure this out. Instead of using the Exchange API, I just applied the permissions in the Graph API.
Hit the following endpoint:
https://graph.microsoft.com/v1.0/users/{email}/calendarview?startDateTime={startDate}&endDateTime={endDate}
It's not very clear the difference between which API to use... but I'm moving forward now.
I am attempting to create an iOS app in Swift that uses the following authentication service using AWS Lambda - https://github.com/danilop/LambdAuth
It uses the AWS Mobile SDK for iOS to communicate with DynamoDB and Lambda - http://docs.aws.amazon.com/mobile/sdkforios/developerguide/
Here is the sample code for the website that utilizes the token returned from the Lambda login function, I imagine the Swift code will be something similar - https://github.com/danilop/LambdAuth/blob/master/www/login.html#L69
Here is the cloud function that generates the token for the user - https://github.com/danilop/LambdAuth/blob/master/LambdAuthLogin/index.js#L102
I have created an identity pool in AWS Cognito (Federated Identities) and I have two roles, auth and unauth. My application appears to always being the unauth role (arn:aws:sts::123123123:assumed-role/_unauth_MOBILEHUB_123123123/CognitoIdentityCredentials). My users are being stored in a dynamodb table, with a salted password.
The root of the problem is that I don't know the correct Swift code to write after I receive a login token from the service to transition my user into the authenticated role (use the auth arn). I want it to be using the auth role for every service call to AWS (dynamodb, lambda, etc). I'm hoping that someone can point me in the right direction - thank you.
As per the design in Danilo's book, if you are using the aws-sdk javascript , you should define your objects like :
var creds = new AWS.CognitoIdentityCredentials({
IdentityPoolId: //hard coded value for your system//
})
AWS.config.update({
region: 'us-east-1',
credentials: creds
});
var lambda = new AWS.Lambda();
then once you receive your identityId and token , you should assign them to you creds as follow :
creds.params['IdentityId'] = output.identityId;
creds.params['Logins'] = {};
creds.params['Logins']['cognito-identity.amazonaws.com'] = output.token;
creds.expired = true;
where output is the response from your LambdAuthLogin Lambda function.
Authenticated roles will only be used when you use one of the supported public providers (Facebook, Google, Twitter, Login With Amazon), OIDC provider, SAML provider or Cognito User Pool users.
Amazon Cognito User Pools provides you the solution for user registration, authentication and management. Is there is reason that you prefer using Lambda Auth over that?
I am working iOS app which is using Salesforce oAuth for login.
I would like to load one VF page url in web-container which requires the login to access. As I am already having valid oAuth token, How can I access VF page (salesforce) by passing access token on header request.
If you are using framework of SalesForce iOS SDK and you have a valid OauthToken :
SFOauthCordinator class has a method called [coordinator authenticateWithCredentials:[[SFAccountManager sharedInstanceForAccount:#"user"]credentials]]. This source line gives you a login session by using the existing oAuthToken.
I'm working on an objective-c iOS app. I want to use auth0 for authentication ( https://auth0.com/ ) and I want to use Firebase for the database backend.
I've gone through all the auth0 documentation and I've got authentication working for:
Facebook, Google+, twitter, self registration.
The problem:
The documentation kinda falls off at the point where I need to integrate the authentication model with Firebase, it gives me this one page and I'm not really sure what to now. Has anyone does this integration before and can you lead me down this path? I'm kinda new at this.
BlockquoteConfiguring Token content
As with any other API registered in the dahsboard, Auth0 will issue a Firebase token through the Delegation endpoint. This allows you to exchange a token for another one.
The contents of the Firebase token are generated by convention, copying all properties contained under the firebase_data attribute in the input token used in the Delegation call.
You can generate these very easily with a rule:
user.firebase_data = {
user_id: new Buffer(user.email).toString('base64'),
company: !user.isSocial ? context.connection.replace(/\./g, '-') : null,
foo: 'bar'
};
In the example above, the two properties user_id and company will be generated after calling the delegation endopint, and both will be made available to Firebase.
Blockquote
I have done this for Javascript in the browser, not ios/Objective C. But in concept, you need to do four things:
Setup
Configure your Auth0 account to allow Firebase delegation, and provide your Firebase token. This part is covered by Auth0's ios/objective C docs for Firebase, on the Firebase tab.
(optional) Create an Auth0 rule to set properties on delegated Firebase tokens. You have this in your snippet above.
Auth0 Rule for setting Firebase Token properties:
user.firebase_data = {
user_id: new Buffer(user.email).toString('base64'),
company: !user.isSocial ? context.connection.replace(/\./g, '-') : null,
foo: 'bar'
};
The properties you set here will be available in Firebase security rules.
Authentication Flow
Auth0 has a swift sample that seemed likely to be helpful to you. You need to do two things:
After the user authenticates successfully, make a second Auth0 request for a delegated Firebase access token from Auth0, see sample line 65.
Use the new delegated token with a Firebase object via its authWithCustomToken method, see sample line 73.