related to user signup and login
how can the user fields be modified(add and remove fields according to the business needs) based on the documentation as https://loopback.io/doc/en/lb4/Authentication-tutorial.html ?
for example the user in the example already has fields
{
"id": "string",
"realm": "string",
"username": "string",
"email": "string",
"emailVerified": true,
"verificationToken": "string",
"password": "string",
"additionalProp1": {}
}
but i do not need all of them, and i need other fields too
In the example there are these imports
import {
Credentials,
MyUserService,
TokenServiceBindings,
User,
UserRepository,
UserServiceBindings,
} from '#loopback/authentication-jwt';
which show that the user is somehow predefined in module #loopback/authentication-jwt.
How can i customize the user ?
thank you
Here is a link to info about how to customize the User Auth related Component: https://loopback.io/doc/en/lb4/JWT-authentication-extension.html#customization
An answer from other issue that helps: #5709 (comment) (It describes there more ways to use a Postgresql DataSource for user signup and login, including a possibility to change the User fields)
Related
I'm using AWS Amplify and I'm wondering is it best to store user attributes as custom Cognito attributes or in a user table for AppSync?
Cognito approach:
'username': 'jdoe',
'password': 'mysecurepassword#123',
'attributes': {
'email': 'me#domain.com',
'phone_number': '+12135555555',
'custom:favorite_flavor': 'Cookie Dough' // custom attribute, not standard
}
Pros: Single source of truth
Cons: Not part of the API
AppSync approach:
type User
#model
#auth(
rules: [
{allow: owner, ownerField: "owner", operations: [create, update, delete, read]},
])
{
id: ID!
owner: String
favoriteFlavor: String
}
Pros: All the capabilities of the API
Cons: Each person has two "users" (a Cognito user and a table user)
If the AppSync approach is best, should other fields carry over to the table (like the name or email)?
Thanks!
From my experience, use both is the best.
Fields related with authenticated (email, username, phone, ...), save it on both Cognito and DB. 1 Cognito custom attribute "custom:id" to mapping with User "id" in DB.
Other attributes, save them to DB for more flexible. Because cognito Custom attributes can't be searched, and the Cognito APIs Limit (request per second) is not good for using regularly: https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html, so save and fetch from DB is better.
When user update fields related authenticated, you have to update on both Cognito and DB.
Hope this help you.
I want to add authentication to my API, so only authorized people can see the data.
To my resource class I added:
authentication = BasicAuthentication()
authorization = DjangoAuthorization()
Then I added a new user using Django admin. He's listed as active and staff. No other permissions have been given.
Now whey I try the resource URL, it asks for credentials.
When I use the new users credentials, I get nothing:
{"meta": {"limit": 20, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []}
No objects, nothing. If I login as root, I see all the data.
How do I assign stuff to the user so it can see the resources?
Firstly, stuff status only designates whether the user can log into this admin site.
You should see
What's the difference between staff, admin, superuser in django?
Secondly, Tastypie's DjangoAuthorization checks the permission a user has granted to them on the resource’s model (via django.contrib.auth.models.Permission).
https://django-tastypie.readthedocs.io/en/latest/authorization.html#djangoauthorization
Obviously, the reason of why root can see all the data is that the root is superuser.Thus, you can do:
grant the user superuser;
grant the user read permission(can change ..) of current resource_model;
I got the LDAP authentication working but now I need two more things.
I need to add the new User to the permission group default.
And I need to store the department field additionally to the User.
For the first Problem I didn't find any solutions. I can only set boolean fields in the user model by using the AUTH_LDAP_USER_FLAGS_BY_GROUP directive.
How can I add the new User to this group?
The second Problem:
I map the following fields to the django user model:
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
The default user model does not have a department field.
I could create a new model that inherits from the user model. But how can I tell the ldap-auth to use my own model?
I am using python-social-auth (within django) to implement facebook-login. I am able to successfully sign into my app using facebook and extract user email. But where in the database can I find the OAuth token generated by facebook? Is it in the password field in the user table?
It's in the UserSocialAuth extra_data field which is a JSONField.
Example of the value stored:
{"expires": "5184000", "id": "00000000000000000", "access_token": "the-token-value"}
I have a project I am working on that requires some users to be authenticated via facebook and others to sign up using a custom model. The facebook users will not have the same sign up credentials as the custom model. For example- there will be a restaurant owner sign up and a customer signup. The customer will not have to put a street address location, they can simply login.
My intentions were to have the restaurant owners sign up via the custom profile model and the facebook users to simply login via the defualt social auth, but whenever I combine the two, social auth starts to use the custom model because I define a custom user model within settings. Is there a way to distinguish to the python social auth backend to only use the default or a way to update my current custom user model to have a facebook segment. I have searched the web for a long time for this, but can not seem to find anything that can combine the two besides (1), but it did not work successfully. I can however get one or the other working successfully depending on if I specify a user model in my settings.py file or not.
It is quite simple, but I do not know of a way to get social auth to look at its default and djangos authentication to look at my custom model.
(1)-http://code.techandstartup.com/django/profiles/
In order to distinguish one type of user from another, you can do something like this:
First, in your settings file, store the following:
FIELDS_STORED_IN_SESSION = ['type']
This will be stored in strategy parameter in every function of pipeline
Then, change the pipeline wherever necessary. For example, in your create_user pipeline function, you can do this:
user_type = strategy.session_get('type')
if user_type != 'customuser':
return {
'is_new': True,
'user': strategy.create_user(**fields)
}
else:
return {
'is_new': True,
'user': create_restaurant(**fields)
}