I'm currently adding Auth0 to an Ember Application that previously used ember-simple-auth to authorize it's users. I was hoping to plug auth0 into ember-simple-auth to avoid having to refactor too much. I found the following library provided by Auth0, but it appears to be deprecated: https://www.npmjs.com/package/ember-simple-auth-auth0
Is there any simple way to still accomplish this? The new instructions seem to be for if you're just using Auth0 and no ember-simple-auth.
Related
I want to get my head down into a small community website using Django Rest Framework as a backend and Next.JS as a frontend. I am struggling with the authentication module.
What is best practice? I thought about using Firebase as an auth provider but the implementation is quite hard - or at least I could not find good documentation.
I am now thinking of using the Djoser library to have django handle all authentication and user management.
My question is: What would you recommend to use? The official DRF website has a ton of third-party packages on this topic but I just can decide which one to use (https://www.django-rest-framework.org/api-guide/authentication/#third-party-packages)
You can use Next Auth to handle JWT authentication.
If you are using Token authentication (rest_framework.authtoken), you can store the token in localStorage and inject the token using axios.interceptors.request.use for axios, or create a custom fetch method that injects said token in your fetch headers.
I'm trying to learn authentication for a web app that I'm writing. All I want is a login and password, and to make sure the user can't write/edit each others posts unless they are logged in.
I'm not sure I fully understand it. But it seems that Torii is better if you need to do Facebook or Google authentication, whereas simple-auth is better for just logging in. Is that correct? Is there other things Torii can do that Simple-Auth can't? Are there things that Simple-Auth can do that Torii can't?
Actually, as you can read in this link, it makes sense to use both together:
Simple Auth is more about maintaining session/session events, providing a framework for authenticating a strategy, and authorizing requests. Torii is more about interfacing with these external authentications. So, it’s not as though Simple Auth and Torii could not exist side by side.
Is it possible to use ember-simple-auth with multiple auth providers at the same time? For example, in my website I want to call few google analytic APIs using google's JWT auth token and other APIs using custom oauth2 token.
You can have few authenticators, but use only one authenticator at the time. It's mentioned in docs. So the answer is no. It's because you have only one session service, which holds authentication status. And I don't see a way of solving this without heavily modifying ember-simple-auth.
Just to clarify my understanding of what Torii provides for client side static apps:
OAuth 2.0's Implicit Grant workflow is the only OAuth workflow which works in client side static apps.
Torii only supports this via torii/providers/oauth2-bearer, which returns tokens not codes.
If 1. and 2. are true, then I suppose all client side static apps which use Torii would only use the oauth2-bearer approach. The rest of the providers in Torii, like stripe-connect etc. which are code workflow based would need server support to get an AccessToken based on the code.
Is this right?
Thanks in advance.
Some of the concepts in Torii can be a little confusing to understand. Because it's so flexible, the answer to most questions is "it depends".
Your understanding is basically correct:
Yes, the only useful OAuth workflow which does not require a server with a shared secret is Implicit Grant.
Yes, the bearer provider does not require you to run a server. Neither does the facebook-connect provider, or any custom provider which uses the same approach.
Serverless apps using Torii cannot use an Authorization Code workflow, and would need an authentication mechanism which returns an access token. This is likely to be using the oauth2-bearer provider, but you could use facebook-connect or any other similar approach.
I am trying to implement multiple login options in my ember-cli site (so you can authenticate via facebook, google, or my own oauth2 server). However, I'm a little at a loss as to the right way to accomplish this. As far as my research goes, I can see that there are multiple ways to do this using ember-simple-auth.
The first option is to simply use ember-simple-auth-oauth2, and create authenticators that extend that for each login method. This is a combination of the Authenticated Account and Multiple External Providers examples provided by ember-simple-auth. Obviously, this would mean writing all my authenticators myself including the ones for facebook/google.
The second option I see is to use ember-simple-auth-torii to authenticate each of my login methods, as in the Torii example provided by ember-simple-auth. However, I simply cannot find a good oauth2 example to help me create a provider for my custom oauth2 server. If anyone could help me out with this by showing me how to add a custom oauth2 provider to ember-simple-auth-torii, I would appreciate it.
Finally, the last option (that I can see) is a combination of the two above - Using ember-simple-auth-torii authenticators for google/facebook, and a ember-simple-auth-oauth2 authenticator for my own server. Obviously, I don't really want to rely on 2 separate ember-simple-auth packages, but if I have to I can (I'm assuming doing this would work?).
If anyone could pipe in on these methods or suggest a new one to allow me to do oauth2 authentication via facebook, google, and a custom server, I'd appreciate it.
Using both packages is the way to go. The Ember Simple Auth packages are built so that you always include the base package (ember-simple-auth) plus any additional packages for authentication strategies etc. that you want to use. If you e.g. want to use the OAuth 2.0 package to authenticate against your own server plus the torii package to authenticate against Facebook, Google+ etc. then you simply include both packages. There will also be no duplicate code that you're requiring as the common functionality is in the ember-simple-auth package and the ember-simple-auth-oauth2 as well as the ember-simple-auth-torii packages only include the code that's specific to the respective authentication strategy.