how can we authenticate user via user name and password in my local application in asp.net by which directly we authenticate to do the tweets in local application which shows on twitter website also...
Please do the needful..
It's not possible to validate a Twitter user via a third-party app using username and password. Twitter shut down Basic Authentication. The only avenue available for thir party apps is OAuth.
Related
We have a system that is using its own authentication system and I need to make it use our Google Workspace accounts to integrate with Google SSO so that when the user gives their credentials to the webpage, it will be authenticated in both google account and on our web app account.
Google default workflow redirects the user to its own form, so we have the problem of the password not being passed to our server.
Crossed my mind the fact that this would be too insecure to exist, but remember that all users that would log in to our website would have an account created in a workplace totally managed by us.
how could I auth the user this way?
Why not use "Sign-in with Google" -> OpenID Connect to access to the website. That way it will authenticate with Google.
Or add the website as a custom SAML application in the Admin console, and use Google as the IDP since the users will be provided by your organization.
I would like users to register an account on my site via OAuth Spotify. I have the following scheme:
User authenticates via Spotify
Spotify ID and Mail are returned
An account will be created on the website (saved to the database)
The user can log in with his Spotify to access that account
The problem I foresee here is that someone can spoof the authentication by copying the ID of another user and it's mail, am I right? If so, what would be a better way to let an user create an account using Spotify Authentication? Let the user set a password? That seems user unfriendly to me.
So, how can I achieve this?
You can use the access token acquired through OAuth to find the associated username. You can use this as the basis for your accounts instead of a username or password on your own site. The process would be something like:
The User authenticates via Spotify
The Spotify OAuth callback returns a authorization code
You use the authorization code to get an access and refresh token for the user
You use the access token to access the associated User ID and use this as the unique ID for the accounts on your site.
Save an account with the Spotify user ID to your site's database
The user can log in again with Spotify to access their account (it will streamline the process by skipping the Spotify OAuth view, if they have previously approved your site, and are logged into Spotify in their browser)
Since your application will only retrieve the User ID from someone's valid access token, and the only way your application will receive that is if they log in through the Spotify OAuth flow, each account on your site will be linked to a valid, unique, Spotify user.
While looking into this, there are security considerations about using OAuth alone to authenticate users. I would look at this post on Security Stack Exchange and decide based on what level of security is needed for your site.
We are using WSO2 IS v5.4.1
We want to authenticate users based on external user data store.
The desired steps:
User logins via Oauth to WSO2 IS with username and password
The login request is forwarded to an external service which authenticates the user by given username and password without authenticating by WSO2 IS default user store.
The service returns some kind of desired response to WSO2 and based on this response some kind of business logic is performed.
I saw that there are 2 options to achieve this:
Implement Custom Local Authenticator
Implement Custom Federated Authenticator
What the is the correct approach?
Thanks,
By the definition,
Local authenticators are to authenticate the user with a local user store. Presumably using username and password. You can use inbuilt login page to ask user's credentials and validate it against the local user stores.
Federated authenticators are to authenticate with 3rd party identity providers. Like Google or Facebook. In this case you won't ask user's credentials directly instead you'll redirect the user to 3rd party login page and after authentication 3rd party IDP will send the result.
By understanding the facts that you have provided, it seems you need a local authenticator where you can ask the user's credentials directly from them and authenticate against the user store.
PS: If you can directly communicate with the user store (Without using any API) and it's a OOTB supported user store (LDAP or JDBC), you can directly plug in that as a secondary user store (Or even as the primary user store) and authenticate against it without using any customization.
I have employees on google apps id like to authenticate (with their google apps username and password) at login.mydomain.com > authenticate without being redirected to the google login page > send them to gmail.
Would I do this via Oauth 2.0 or OpenID? A simpler method perhaps?
Of course you can use oAuth.
you could use Google Accounts as your identity provider, and configure your resource-server (your application, I guess) to redirect your users to Google account, and give their creds there.
The flow: your users will try to access your resource-server (your app?), then, since it is protected by oAuth, they will be redirected to Google Accounts for authentication and authorization. after authentication, oAuth mechanism will redirect your users back to the original URL (your app)
HTH
I use rails as backend for ios applications. So far i have been using devise as it looks flexible and comfortable to use with less effort . And i have read about omniauth and that too looks easy to integrate with devise. My question is, consider my ios app requires authentication and the following are the different methods that i should be able to allow user to do
Login using email and password
Login using Facebook account
Login using Twitter account
Login using email can be handled by the devise itself but how about login using Facebook and twitter? Actually in one of my project i came up with the following approach which has all three of these login process. The ios app authenticates the user from the device(not devise) itself and sends the user information like username, email etc whatever required along with auth type so i save this a separate user with username that is sent and one of the field as password. And the next time he sends me these details i allow him to login to the app. But now i realised this is not the best way to do. I read about FBgraph which can be used to verify the access token validity, so should i get the token from user and then verify it and get the profile information and save it in user model and give them the token.
Also i have another doubt which is, For login using email and password i allow user to login through email and password and then for the each requests the user sends me the username and password. Is this is alright or do i have to create a token in login request and send the token as response and then the user can send the token for all the other request he makes.
Sorry if it is confusing but to tell you shortly i need to know what should i do if i have all these three login process. Any help is greatly appreciated. Thankyou
There are couple things to consider when dealing with external applications like on other devices:
You should use an API to communicate with your Rails server
Your server should send an authentication token after the first user authentication using his email and password. It is not a good idea to send user's email and password for each requests.
Devise
Devise is great for authentication both in-app and for remote applications using the token_authenticatable hook. This will allow any registered user to have a unique secret token to use in order to be authenticated on your server.
More information here
OAuth2
OAuth2 is becoming the standard way to authenticate on remote services giving the user the possibility to use his Facebook account to login for example.
This would be the easier way to allow your users to authenticate using their Facebook or Twitter account (note that twitter will not give you the user's email address).
Devise can handle OAuth2 clients.
Finally, you could also create your own OAuth consumer to authenticate users using your service. Doorkeeper is a great gem to protect your API endpoints and to allow users to use OAuth2.
Conclusion
Devise is great for authentication. Using their token module coupled with OAuth2 integration could do the trick in your case.
Here is the OmniAuth wiki page from Devise
Here is the Simple Token Authentication wiki page from Devise