for authentication I'm using AWS cognito. but the issue im facing now is that Cognito do not support OAuth 1.0. I know its very old now but still the client I'm dealing with don't want to upgrade so I have to make this OAuth 1.0 compatible with cognito.
what I'm thinking now is to build a bridge between Cognito and OAuth 1.0 using custom OpenID app. this solution was suggested here.but I'm still wondering if there's a better solution for this? or if I want to create this bridge what should i consider ?. and if anyone have build solution like this ? i cant seems to find anything like this.
Related
I want to use AWS services into my app for authentication and basic functionalities which include : Login, Register, Forgot Password, Change Password, Delete account, etc.
I have searched a lot and found that there are many ways :
By using Amplify Framework
AWS Mobile client
By Amazon Cognito
By Identity Provider
Actually, I am little confused, what is the difference between all these ? Which one is the best way to implement ? And while go for documentation, there are so many official documentation about it on google. Which can be consider ?
https://github.com/awslabs/aws-sdk-ios-samples/tree/master/CognitoYourUserPools-Sample/Swift
https://aws-amplify.github.io/aws-sdk-ios/docs/reference/AWSMobileClient/index.html
https://aws-amplify.github.io/aws-sdk-ios/docs/reference/AWSCognito/index.html
https://aws-amplify.github.io/aws-sdk-ios/docs/reference/AWSAuthCore/index.html
https://aws-amplify.github.io/aws-sdk-ios/docs/reference/AWSCognitoAuth/index.html
What are all these use for ? Can anyone differentiate ?
these are all abstractions on top of the lower level generated Cognito Client designed to make it easier on the developer to call Cognito API's. The lowest level ones are AWSCognito, AWSAuthCore, and AWSCognitoAuth. The AWSMobileClient is a higher level abstraction built on top of all of these to make it easier to hit the Cognito API's in a way most developers can understand (Cognito can be fairly complex) and is the one the Mobile SDK teams here at AWS recommend using. Amplify will have an Auth category which will be an even higher level abstraction and will also be generic to any auth provider when it is done but right now it's still in progress( you can track PR's for the Auth category here and here) thus Amplify is depending on the AWSMobileClient for auth at the moment.
We are using WSO2 API Manager for exposing and securing our API's.
Its working fine.
Now we have actually a lot of API's in WSO2 API Manager. It looks like a long list of API's. Now its hard to find an API and do some changes.
Is there any best practices for organizing them in API manager?May be group them based on functionality or url or anything like that.
Any inbuild support or suggestions?
I am trying to implement multiple login options in my ember-cli site (so you can authenticate via facebook, google, or my own oauth2 server). However, I'm a little at a loss as to the right way to accomplish this. As far as my research goes, I can see that there are multiple ways to do this using ember-simple-auth.
The first option is to simply use ember-simple-auth-oauth2, and create authenticators that extend that for each login method. This is a combination of the Authenticated Account and Multiple External Providers examples provided by ember-simple-auth. Obviously, this would mean writing all my authenticators myself including the ones for facebook/google.
The second option I see is to use ember-simple-auth-torii to authenticate each of my login methods, as in the Torii example provided by ember-simple-auth. However, I simply cannot find a good oauth2 example to help me create a provider for my custom oauth2 server. If anyone could help me out with this by showing me how to add a custom oauth2 provider to ember-simple-auth-torii, I would appreciate it.
Finally, the last option (that I can see) is a combination of the two above - Using ember-simple-auth-torii authenticators for google/facebook, and a ember-simple-auth-oauth2 authenticator for my own server. Obviously, I don't really want to rely on 2 separate ember-simple-auth packages, but if I have to I can (I'm assuming doing this would work?).
If anyone could pipe in on these methods or suggest a new one to allow me to do oauth2 authentication via facebook, google, and a custom server, I'd appreciate it.
Using both packages is the way to go. The Ember Simple Auth packages are built so that you always include the base package (ember-simple-auth) plus any additional packages for authentication strategies etc. that you want to use. If you e.g. want to use the OAuth 2.0 package to authenticate against your own server plus the torii package to authenticate against Facebook, Google+ etc. then you simply include both packages. There will also be no duplicate code that you're requiring as the common functionality is in the ember-simple-auth package and the ember-simple-auth-oauth2 as well as the ember-simple-auth-torii packages only include the code that's specific to the respective authentication strategy.
I'm using Django and nginx hosted on AWS. I'm trying to integrate with a university for SAML authentication, using their idp. There are plenty of outdated answers on SO, but is there anything more relevant with current standards?
Many of the apps i've seen are for django 1.2 and lower. Specifically i'm looking for resources that would allow me to more easily manage the SAML authentication through some middleware or anything else.
Some of the things I have seen are:
https://github.com/unomena/django-saml2-idp
https://github.com/WiserTogether/django-saml2-sp
The project I found is below:
https://bitbucket.org/lgs/djangosaml2/overview
The project uses psaml2 for SAML support. Pysaml2 can be found here:
https://github.com/rohe/pysaml2
Bear in mind that djangosaml2 may not use the latest version of pysaml2. I tested it and its working fine.
UPDATE
djangosaml2 works with latest version of pysaml2, but make sure to add this line to make it work:
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
This should be in your settings.py.
SAML is two sides:
IDP -> Identity Provider side -> i.e. the university
SP -> Service Provider -> i.e. your application
Sounds like this one is what you want: https://github.com/WiserTogether/django-saml2-sp.
You have to take into account that SAML as a standard is complex, so you might find issues getting the library talk to the SAML implementation in the university. You will also have to get from them the identity provider cert public key and ask them to add your application on their side with a specific entity id. And when you start managing a couple of them it gets complex.
You might also want to check out something like Auth0 to handle all those SAML connections. There is a very simple python sample https://gist.github.com/woloski/8149412
Hi I just created a django saml2 authentication plugin.
https://github.com/fangli/django-saml2-auth
It's quite easy to integrate with your SAML2 provider, hope you enjoy.
This library is actively maintained: https://github.com/onelogin/python3-saml/tree/master/demo-django
I need to implement the OAuth 2.0 Provider using Coldfusion. Do you know of any library I could use? Only thing I've found is this, but it's based on the Core 1.0 specification.
What are you thoughts on this? Maybe I should use the Java libraries? Any help will be appreciated.
Thanks,
Lucas
You could use a pre-existing Java provider implementation and use ColdFusion's cfinvoke/cfobject syntax to implement the provider in your ColdFusion application. The oAuth site maintains a list of server/provider implementations by language here. Using this sort of solution might even give you more flexibility in the long run if you have other Java apps that need to provide oAuth provider services.
There is this OAuth library from Harry Klein used in several ColdFusion projects involving OAuth 2.0 (IE. twitter clients) - http://oauth.riaforge.org/
To implement OpenID 2.0 Auth framework using ColdFusion go to this link and download "OpenID CFC" Library.
This is really a nice one to implement OpenID 2.0 using ColdFusion.