How do I get a refreshToken with adonisJS v5? - adonis.js

In versions prior to 5, it used:
await auth.withRefreshToken().generate(user)
Is there something I can do similar in adonisJS version 5?

no there is not, there is no jwt authentication in adonisjs v5 however I came across this issue and implemented the jwt authentication myself, it's not that hard you will install jsonwebtoken and #types/jsonwebtoken and create a middleware and handle the authentication tokens yourself and that's what the maintainers suggest. if you want jwt authentication you can implement it the same as you would in any nodejs backend framework.

Check out this adonis package that adds JWT authentication to Adonisjs v5 https://github.com/maxgalbu/adonis5-jwt

Related

Which is the best way to configure auth between two apis using Django rest framework?

I'm using DRF for developing an API and I want to consume this API with another API and with an app. For the second API, how can I develop an API authentication? I think that using JWT is not good because I'll need to save the token on the consumer Api and keep refreshing it.
If your requirement is to avoid refresh of JWT token you can configure that at the settings.py
JWT_AUTH = {
'JWT_ALLOW_REFRESH': True,
'JWT_VERIFY_EXPIRATION': False}
You may use the package djangorestframework-jwt==1.11.0
If you don't want to use JWT at all you can still use the basic authentication rather than token based authentication.
Your authorization header would then have a format as follows:
Basic cG9pc29uaXZAYXJraGFtLmNvbTpwYXNzd29yZA==
The basic authentication will not change until you change the password.
But since you were asking which is best, I would recommend JWT with expiry for the right security reasons. But if you take out expiry from your equation JWT and Basic Auth just as same except that JWT can still be expired and you can demand reauthorization without the consumer changing the password.
Please note you can use basic and JWT authentication hand in hand.
For your second API's internal consumption you can use basic auth even if JWT is implemented.

Are Django's auth backend and DRF's token authentication just two approaches to the same thing?

In my django web app, which is split into a front and and a back end project, I am currently using a custom AuthBackend class that extends django's BaseBackend, as well as DRF's UserTokenAuthentication.
Am I right to think that I only need one of these approaches? Or is there a reason to use django's login() function, even if i am using DRF's token auth? I know it stores the user in the session, so I guess that would make passing and authenticating a token pointless?
What's my best approach? Cheers :)
There are differences in both namespaces wise and purpose wise.
In Django, auth backends handle session-based authentication only whereas rest framework auth supports not only session-based auth but also token (JWT, OAuth ), and basic auth based authentication.
Besides, Django auth backends authenticate requests during passing through middle-ware and rest framework authenticate without middle-ware.
If you are planning to separate your backend and frontend then go for token-based auth. There is no reason to use the login function of Django if you only use token-based auth to authenticate.

aws-amplify with Auth0

We've got Auth0 and aws-amplify working separately for our React Native App. But, going the next step (even following the Auth0 and AWS docs) for getting the authentication to flow from Auth0 to Cognito/User-Pools has not been working.
Yet, we've not found discussion on stack overflow, or Auth0 or others with the same problem. Is it possible that we are missing something?
aws-amplify does imply that OpenID Connect and Federated Identities are working, but its possible that the library is not yet supporting this flow.
refs: https://github.com/aws/aws-amplify/issues/58
https://auth0.com/docs/integrations/integrating-auth0-amazon-cognito-mobile-apps
https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html
Does anyone have a working example or other docs that we could use to debug the flow? Right now it defaults to the guest/unauth route after Auth0 and aws-amplify communicate, rather then enabling authentication to flow and our policies to be applied for the user.
Hi we have this feature request in the repo. https://github.com/aws/aws-amplify/issues/239

Can DjangoRestFramework accept JWTs that have more than username/password in payload?

I have a Django application that uses the Django Rest Framework. At first I was just using Session, and Token authentication, but now want to implement JWT Token authentication. I downloaded a package called djangorestframework-jwt that allows you to use JWT for authentication in DRF. The crux of the problem is that my client side application is using Auth0 which can return a lot of different information, first name, last name, userid, etc. We are using Auth0 with gmail as an identity provider to log into our client side EmberJS application. For our data adapters to get data from Django though, we are using 1 consistent token that we configured in our Auth0 account that is tied to a user in Django. What I would like to accomplish is to use the JWT returned from Auth0, instead of this 1 token, to authenticate all our requests to Django. Can you authenticate yourself in Django without using a Django User object?

SessionAuthentication vs OAuth2Authentication to work with Django and Angularjs

i'm currently learning about django-rest and i'd like to interact with an Angularjs application.
The main idea is to build an API with django-rest serving on localhost:8000 and call it with a nodejs/angularjs serving on localhost:9000
the main question is: how to authenticate an user through angularjs ?
The documentation says
Session authentication is appropriate for AJAX clients that are
running in the same session context as your website.
because django and angularjs are not in the same context, does it means i have to use oauth2 to play with authentication ?
Thanks for your lights :)
does it means i have to use oauth2 to play with authentication?
Of course not. You can use TokenAuthentication or even BasicAuthentication.
I myself most of the times use something similar to TokenAuthentication but handmade. The only concern here is passing token in requests.
EDIT:
If you perchance not satisfied with options provided by Django REST you can write your own middleware to handle authentication. The idea here is to authenticate user. Pass to him some token and then check for that token in your custom middleware.