I'm using loopback 3.x ,I wanted to create a route account in Razorpay. Is there any builtin API is available for that? Also I required the corresponding account id for a particular user. Is that possible with loopback? If yes, how to integrate it with loopback?
Related
I am building a multi-tenancy SaaS with AWS (Cognito, API Gateway, Amplify). I am planning to create API keys/secrets for my tenants and trying to figure out the whole process. However, I could find a clear document from AWS.
So I use custom-attribute-based multi-tenancy with Cognito. 2 questions here:
What is the best practice to manage API keys/secrets for each tenant? It seems I have to create the key pairs and store them in the database all by myself. I am wondering if there are some services that could help.
What is the best practice to verify the keys/secrets? For now, I guess I have to implement the customized authorizer myself to verify the keys.
For the first query, you can simply story API keys/secrets in the AWS SSM - System manager parameter store as secret text and whenever value is required simply call SSM parameter store api to get that value at runtime.
https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameter.html
Now for the second point, I believe you are not required to explicitly write logic to verify any API keys/secrets as if a user uses an incorrect key they will get invalid key/secret or unauthorized exception directly from API Gateway and Cognito service calls.
I am currently doing a PoC on WSO2 API manager (v2.6.0). I am already having a Web application (Ex: Pizza booking) and also registered customers (end users) who is using the application for pizza booking. Now I wanted to bring the backend services of the pizza booking app such as,
Choose store location,
Book pizza,
Track order, etc.
as APIs into the WSO2 API Manager. For this, I would create the required apis in API manager. Then I wanted to bring my existing web application users (end users) into the API manager and provide access to those apis.
What would be the best way to implement this?
Bring my users under WSO2 identity server and use identity server as a key manager to my API manager?
Bring my users under secondary user store/ use custom user store of API manager?
Out in that case, how would I provide access to particular API's (subscribing to API's) without logging to API manager store and subscribing manually for every user?
Also,
What is the use of creating a Service provider and creating an Oauth application under Inbound authentication?
What can I do with this application?
Is this same as the application we create before subscribing to an API in API manager store?
Can I add users to this application and grant access to them in common?
Can I subscribe to API's using this application so that all users under this application will have access to it?
You can do it either way. Using IS as Key manager (if you already using IS), or adding as a secondary user store.
So, if you are already using WSO2 Identity Server in your deployment, configuring it as key manager (by sharing user stores), will automatically enable all the users in IS (with proper permission) to access the apis.
If you do not use the IS currently, the best option is to add as a secondary user store to the existing APIM deployment.
Please find the answers to the other questions below.
What is the use of creating a Service provider and creating an Oauth application under Inbound authentication?
What can I do with this application?
Is this same as the application we create before subscribing to an API in API manager store?
Can I add users to this application and grant access to them in common?
Can I subscribe to API's using this application so that all users under this application will have access to it?
Answer
The Service Provider is created automatically when an Oauth application is created and generate keys. But, there are different aspects of these two entities.
The Service provider is generally used for generating application keys to get an access token to invoke the apis.
OAuth Application (when you create through API store) has several other uses such as subscribing to APIs, enforcing throttling policies for subscriptions etc.
In order to use the token generated by an Application, the respective API should be subscribed by the application. Otherwise, you will not be able to invoke that API although you have a valid access token.
You can subscribe to an API only from the OAuth application created through the API Store.
Your users can use the same OAuth application (which is created via Store portal and subscribed to an API) to generate an access token for them. That is by providing them with the application keys and using password grant type, they can generate token for them
Refer this documentation for more info on the token API and grant types. https://docs.wso2.com/display/AM260/Token+API
Adding to what #Menaka has explained.
Your end-users don't have to subscribe to APIs. Only the application developer has to subscribe and embed the consumer key/secret to their app. Then the application should generate tokens for the end-users using those keypair+end user credentials.
I am using the AWS Amplify to create a website platform that functions mostly as a directory of its registered users with various attributes relating to the business domain. The two primary users for the platform will be registered users and normal unauthenticated users who will be able to list and filter the registered users based on their attributes such as location, age, etc. Registered users will be set all their attributes in the members area.
Some of the attributes are stored in Cognito such as name and address and were setup using Amplify Authentication. These are fields I would like to be to query and mutate through the Amplify GraphQL capabilities.
I can see there are cool authorization patterns that can be achieved with the #auth directive.
Is it possible to leverage GraphQL Transform such that I can create a model schema where some of the fields link to the Cognito User Pool and some are defined within the GraphQL schema so that they are queryable and mutable? In fact I would like to provide registered users with the facility to update all their fields except email. Or maybe there is some combination of services supported by Amplify that I can hook up together to achieve the same?
I am new to the AWS Serveless ecosystem and it has been exciting so far!
I found out the above can be achieved using the #function directive. It allows us to connect lambda resolvers to the schema. In the lambda we can do virtually anything like read and update Amazon Cognito User Pools.
https://aws-amplify.github.io/docs/cli-toolchain/graphql#function
I have a React Native mobile app in which I'm using AWS Amplify to work with my Cognito user pool.
I am trying to get the "Created" date of the currently signed in user because I want to show existing users an alert when the app starts, but I don't want new users to get that alert. I plan on using the creation date of the user to know if they should see the alert.
When looking at my user pool in the Cognito service in AWS Console, I see that each user does have a "Created" property:
however, I am unsure how I can access that property from within the app. The only relevant method I could find in the docs was Auth.currentAuthenticatedUser(), but that doesn't seem to include the "Created" timestamp in its response.
I did find a reference to AdminGetUser in the Cognito docs which does include a UserCreateDate property, however I don't want to have admin credentials used within the app itself, so I am looking for an alternative.
Any suggestions would be appreciated!
There is a way that you can use the AdminGetUser API without providing direct admin access to the users. Since you are using Amplify, you can publish an API (either REST or GraphQL) that calls a Lambda function. The Lambda function in turn is configured with the required cognito-idp:AdminGetUser privilege for reading the user data and then returning it through the api.
I have several questions about WSO2 API Manager that I am not able to figure out reading the documentation:
Is it possible to setup a "default" basepath for all API? for example if I have to switch my endpoints from localhost:8080/rest/myapi to 12.43.56.89:8080/rest/myapi is it possible to do it without editing any single API's enpoint?
Is it possible to create create a role which allows access only to sandbox endpoint but not to production endpoint? The only way to do this, as far as I know, is to manually block the access to production once the user has subscribed the API. My idea is to allow all users to access the sandbox but enable only trusted users to access the production APIs once their applications have been validated.
Is it possible to distribute several instances of the AM Gateway? Accordingly with documentation it seems that is only possible to run gateway, store, and publisher+keymanager on different servers but not to run multiple instance of the gateway in parallel.
Thank you!
1) You can use a variable for endpoint base path like this.
http://{uri.var.host}:{uri.var.port}/apis/weather
These variables can be taken from system variables. See this for how to do it.
2) You can use Key Generation (i.e. OAuth App Registration) Workflows for this. This will send a approval request to admin user. If you want to automate it to approve based in user roles or something, you can customize workflows.
3) You can have multiple gateways.