We have a web application that runs on say domain.com. We then have whitelabel users that access the application from subdomain.theirdomain.com.
Our application is able to connect Google, Facebook, Twitter accounts using our main domain (domain.com) and our integration with each platform.
But when whitelabel users want to connect the process shows the name of our application and redirects to our domain (breaking whitelabel).
We are looking at creating a generic application on each platform (google, facebook etc) for our whitelabel users on generic domain xyz-connector.com with a generic name and logo.
However the users are not logged in on that domain so when the platform redirects to that domain after the user has successfully gone through the authorization\connection process we cannot associate the connection with the user.
We need to know which account has just authenticated so we can update the database.
Using Django 3.1.
Ideally we want our users to connect\authenticate their accounts directly from their white labeled subdomain or domain. Rather than having to login to xyz-connector.com.
Can we share sessions? Or do these services (facebook, google) allow us to pass custom variables they will pass back to us when connecting that we can use to associate the users account?
Is there a best practice for achieving this?
Related
I am developing an app that works with Google Calendar API to provide some services to employees of an organization. For that I need access to their calendars to make changes on their behalf. Although OAuth2.0 authentication works fine, I am exploring service account for my application.
With service account I'll need to give domain wide delegation to service account. But I am stuck with a weird question for which I could not find confirmation on web -
If I have multiple clients (organizations with different domains), will I need a separate service account in each of those domains with domain wide delegation, or just one service account in my own domain (where the application resides)?
The latter sounds scary as it can lead to security breach.
I am developing an app as part of a research project and need to submit it to Google for verification. Our privacy policy is not hosted on the same domain as the app (though we do link to it) it is instead hosted on the domain for the university. In my OAuth consent screen configuration in the developers console if I list the university domain under the "Authorized domains" for our app, will this interfere in anyway with the university's website while google is verifying the app? Sorry if this question is trivial I just want to make absolutely sure doing so will not get our team into trouble.
No, Google OAuth Verification does not interfere in any way with the website. This is just a security measure to only allow your authorized domains from within the consent screen.
I am building a web app and I would like to accomplish the following:
Authenticate/store users using AWS Cognito User Pools (Not "Identity Pools")
Allow users to sign in with both Facebook and username/password.
Use my own UI (not the hosted UI offered by AWS)
I have set up a User Pool with Facebook as an Identity Provider and an app client, but I can't seem to figure out how I can actually let users sign up.
I've tried a number of things using aws-amplify and amazon-cognito-identity-js, but everything ends up only authenticating the user in the "identity pool" (which I don't really understand why I even need one just to use "user pools").
Considering the AWS mobile SDKs somehow accomplish authentication without requiring the redirects used by the hosted UI, I would think it must be possible to also do this on the web.
I have a web app which already uses AWS Cognito to authenticate my users. These users have been granted role-based access to the Kibana URL of my AWS ElasticSearch cluster. But when I provided an embedded kibana dashboard iframe into my user's session, it doesn't work. I think I need to pass the Cognito session information along with the iframe. Is there a way to pass the Cognito session information along with the iframe? The embedded dashboard starts working when I login to Kibana in a separate browser tab, which leads me to believe this is an authentication issue. Any pointers will be of great help! Thanks.
We have an enterprise web application implemented based on Spring-Security for authentication/authorization. This application is currently deployed on-premises on client side and usually we connect it to existing AD/LDAP systems.
Now we'd like to setup this web application within Amazon AWS for demo purposes. Therefore we need a kind of an user access frontend, where users can register and as soon as an admin approved this, the user should have access to the webapp ui. In addition a simple analytics layer is needed, to see some information about the user access.
It is important to have this "frontend" (could be a simple website based on a CMS like WordPress) just to explain the demo, to have the user registration functionality and the analytics layer. We explicitly don't want to include this in the existing web application, so it must be decoupled from each other.
What could be the right approach to setup such an environment? I just need the right direction to dig into the topics.
After a first research, we see that Amazon Cognito could be the right backend service for user data management. But we don't see "an easy way" to enable a simple frontend as described above (e.g. I didn't find a wordpress plugin to connect wordpress user data management with Apache Cognito). Also on the backend side I haven't find useful information how to integrate Apache Cognito with Spring Security.
If you are looking for a simple frontend we launched a new feature which gives you basic signup/login pages for your user pool.