I'm trying to do django authentication with JWT in my django+react app. I'm using part 1 of this tutorial: https://hackernoon.com/110percent-complete-jwt-authentication-with-django-and-react-2020-iejq34ta
Everything works fine when I use cURL in terminal to get access to my API, but when I run server in my browser I'm still getting
What does this behaviour mean?
Related
I am implementing WeChat SSO for my web application, I have developer account, created an application there, followed this article exactly. I am using React on front-end and flask on backend.
I am using this package for flask for WeChat-sso.
So in my weChat dashboard I have registered official website e.g (chess.com), but I have to use callback url in such way so I can test redirection on my dev server.
My dev front-end is on (localhost:8000/)
My backend server is running on (127.0.0.1:5050/)
I have tried saving different callback urls e.g (127.0.0.1:5050/api/users/wechat/callback), no matter what I save in callback url always receiving parameter error.
So my question is how do I actually achieve this functionality locally? Instead of parameter error I should be seeing QR code so that I can get code from which I can get access_token. Following code generates authentication url
from weixin import WXAPPAPI
from weixin.lib.wxcrypt import WXBizDataCrypt
from weixin.client import WeixinAPI
scope = ("snsapi_login",)
api = WeixinAPI(appid=WECHAT_APP_ID,
app_secret=WECHAT_APP_SECRET,
redirect_uri=WECHAT_REDIRECT_URI)
authorize_url = api.get_authorize_url(scope=scope)
The authentication url generated is as follows, redirect URI is properly encoded just like in the documentation.
https://open.weixin.qq.com/connect/qrconnect?appid=wx35c78a124e8f027b&redirect_uri=127.0.0.1%3A5050%2Fapi%2Fusers%2Fwechat%2Fcallback&response_type=code&scope=snsapi_base&state=689db1f29605481a492639e98c7b1f9f#wechat_redirect
Please look at the picture of error as well thanks
I am using Django 4.0 with python 3.9 and I installed drf-social-oauth2 in my app. I was using the now depreciated gapi Oauth2 for google login and it worked fine. Then I started getting warnings in my console that it'll not be in use for some time to come so I changed to the new google Identity Service(gsi client). What I used to get from gapi was an access_token which I use to verify users on my backend. now I get a credential jwt which I'm supposed to decode to get user details.
when I send this code to the /auth/convert-token/ end point, I get AccessDeniedError at /auth/convert-token (access_denied) Your credentials aren't allowed <oauthlib.Request SANITIZED>
all my details are correct and I'm stuck.
Tested this using vscode thunder client.
I have found a solution. turns out the jwt isn't what I'm supposed to send to my backend. I used the jwt token to get an access token for the user which I then used to authenticate the user on my backend.
I have uploaded successfully my project on the RHEL7 server and it's running using the Nginx web server but when I am trying to login to my user then is throwing a Forbidden CSRF token. MY get request is working but not working POST request how do I solve it?
I'm trying to implement Outlook Oauth2 in our Django backend server which is hosted on an AWS instance.
I carefully followed the instructions in their python tutorial and it works 100% in my local machine. I am able to grab the authorization code which I then convert in my backend server to an access token.
The problem lies in our demo server which is an AWS instance. We have a button that redirects the users to Outlook authentication. The URL has the following format:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=<client-ID-here>&redirect_uri=<demo-server-redirect-url>&response_type=code&scope=openid+profile+offline_access+Calendars.ReadWrite&prompt=consent
I am receiving the following error whenever I convert the authorization code into an access token just after the consent screen:
{
'error': 'access_denied',
'error_description': 'Your credentials aren't allowed'
}
The weird thing is that if I use POSTMAN using the demo server Outlook credentials, I am able to retrieve an access token from Outlook.
Basically, it works for both in my local machine and using Postman. I really think that I'm just missing a very small piece of code/configuration here. Are there some extra settings that I need to do in order to make Outlook Oauth2 work in AWS?
We were able to fix the bug by adding User.Read into the scopes. Apparently, that's the only thing missing from all of this.
I want to implement a Facebook login on my website that runs with Django. I have found a really good post explaining how to use the Facebook Javascript SDK here: https://www.sammyk.me/best-practice-for-facebook-login-with-the-javascript-sdk-and-php-sdk-v4-1
My problem is that I need to be able to access the facebook token from server side code. It seems this token is encrypted in a cookie and we can decrypt this cookie using the PHP SDK (as stated in the part "Using the JavaScript SDK and PHP SDK together" from the article).
However, I don't use PHP. Is there a simple way in Python to get this access token? Can I get it using the javascript SDK and maybe send an AJAX request to my server?
If not, do I need to manualy build a login flow?
It turns out I can get the token using only javascript using var access_token = FB.getAuthResponse()['accessToken'];. I can then send it to my server.