Get data from additional table in userstore during authentication - wso2-identity-server

I had to create additional table in tenant user store to store some specific data. Now I need to fetch data from this table during authentication in authenticator. What possibilities do I have to make a sql query to this new table? I know I can create custom user store manager, but it looks like overengineering to me.

There are two ways that you can do this.
Write a custom authenticator
Write a custom user store manager
The above depends on the logic that you want to implement.
== Write a custom authenticator ==
Let's say you need to use these for username and password authentication. Then you can implement a custom authenticator by extending the existing authenticator. You can refer to this blog for more details.
== Writing a custom user store manager ==
You can easily extend the existing user store manager and overwrite the auth-related methods to suit your need. You will be able to find many documentation and medium articles related to this. I would like to recommend this approach since this is related to the user stores.
Also, you can see whether you can achieve this using the Pre-Post listeners (If possible then this would be the easiest approach). During the user store manager auth methods, UMs fire pre-authentication and post-authentication methods. If you add a new listener and subscribe that to any of those events you might be able to achieve this use case.

Related

Flask authenticantion. How to inform the user logged in the client to the server

I am creating a flask app to be used internally in my company. I would like to restrict what a user can do it based on its login ID. I read a lot about using LDAP3 but I don't think I can do what want which send the login ID to the server. There I would have a table which will register which part of the system has the permition to edit. If it try to change somenthing not permited the app will retrieve a warning message.
I won't to do that to avoid having to create a separate login functionality just for this app. I read that I should use AD authentication but I am not very familiarized with that and I would also like to avoid having to ask our IT department to create user groups there for each part of my system.
I know that I can do that using ASP .NET (at least I did once).
Any guidance will be apreciated.
I think you are looking for Role-based Authorization.
In order to use this functionality you will need to implement roles on your model file per the Data-models documentation.
This will allow you to assign users a role when they are created, and you can use a decorator on your routes to 'require' the user to have the role you want them to have before they access the endpoint.

Is creating a new user in Amazon Cognito and sharing his credentials publicly a good practice?

I have a backend app that provides measurement data through the use of REST API.
Now, I'm creating a frontend app that can visualize and query that data depending on parameters such as city, fromDateTime, tillDateTime, sponsorId etc.
I'd like to assign attributes to specific users that would describe how visualization should look like and what exactly they can query from my REST API. For example, a specific sponsor of measurement devices can only see data from the devices they bought.
However, I'd like them to be able to make their data public. How to do that?
I thought, in that kind of situation, I could make a new user with appropriate attributes and make its credentials public. Then, create a URL with something like /user/{username}/data/ in the path. The username could be randomly generated and the password could be the same to all public users and could be hardcoded into the frontend app.
What do you think about this approach? Is it a good idea? Is it secure? Maybe there's another better way to do that?
Sounds like part of your application is only available to authenticated users and part of it to unauthenticated (public) users.
You are already using Cognito for the authenticated users. Sounds like you've done the hard part of locking that data down to the right users. The question is, why would you involve Cognito at all for your unauthenticated users? Sounds like the right answer would be to put the public data in a location that is publicly accessible in your application.
EDIT: I would not use Cognito to store application data. Whilst your data may relate to a user, it doesn't sound like authentication and authorisation data. More importantly, if you are accessing this data frequently for application purposes, Cognito is not scalable in the same way as something like DynamoDB. If you are still in design phase, I think perhaps you should look at putting this data into a database instead of Cognito.

Creating replicated claims in WSO2 Identity Server

I am using wso2 Identity Server and creating custom claims in it. In a specific use case i need two claims to replicate the same value.
So while creating user if i have give "1234" to claim http://wso2.org/claims/store1/id1 than claim http://wso2.org/claims/store2/id2 should also have "1234".
Is there any way possible to achieve this.
One way to achieve this, is to overwrite method in user store manager. There you can put your custom logic to save and get claims.

How to store additional information about the Users in Django ?

I have several notifications that can be sent out from my Django application for users. These users are managed with the django.contrib.auth app.
I need to keep track for each whether the user has specified he/she wants to get that notification.
Where should I save this information?
I was going to create my own custom table but I've seen perhaps I can save that information somewhere in the auth module?
User Profiles are a good way to go.
https://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users
Set up a model with a OneToOneField to your User object as described and you have easy access to an arbitrary table of extra information.
PS: Heed the note about the fact that profiles are not automatically created. There is an example about how to use a Signal to automatically create one whenever a User is created.

Going about Implementing Authentication/Authorization using CouchDb as backend in Django

I need to store both authentication and authorization information in couchdb. I've used a similar method to this for implementing authentication. However, what do I need to implement authorization for users. I need that certain actions be called only by specific users. Will using the user_passes_test decorator be a good idea for this?
I am also looking to move the session store to a separate couchdb instance. Will this be a good idea? Can anyone give me pointers/examples on how to go about this.
I am new to both Python and Django.
To answer the first part of your question, all you need to implement is the "authenticate" method of your custom authentication backend. The Django docs have some decent examples of how you could implement an authentication backend.
In regard to your permissions question, it depends on the exact details of what types of permission checks you need. If your permissions model fits well with Django's existing permissions system, you can make make authorizations decisions based on data in couchdb by implementing the optional permission bits in your custom authentication backend. Again, the Django docs have details on how exactly to do this.
As far as the session store, I don't know enough about CouchDB's performance characteristics to say if you need to store session data in a separate instance or not. What I can tell you however is either way, the way you use a CouchDB instance as your session store is to use a custom session engine. With a quick look around, it looks like django-couchdb-utils can provide you with a session engine that you could drop in without too much work (might also have some other useful bits for you).