I have Firebase Cloud Messaging registration token from client. and i want to verify this registration token before I send push notification.
btw, I have tried https://firebase.google.com/docs/auth/admin/verify-id-tokens but I think this is for Auth tokens not for push notification.
how to verify registration token before send push notification ?
You cannot verify FCM registration token generated from device. Auth token created by firebase auth is JWT token which can be verified.
To verify if the token is generated from your client and project, you can send a test notification with your server key and check the response message, if token is altered obviously it will give you relevant error.
Related
I'm using django-oauth-toolkit with djangorestframework where our partner user will register their application and get application credentials (client id and client secret) which then used to get access token that can be used further to get our server resources. Upto now I'm able to convert those form based application registration process and other apis through rest. But while I hit for access_token only access token with expire are coming as response. Refresh token also supposed to come along the access token but it's not. What I'm missing here...
Below is the sample api response for access_token
And the oauth2 settings
FYI: I'm using Client type as "Confidential" and Authorization grant type as "Client Credentials"
Findings: This may be helpful for others
There is no need for refresh token for grant type client credentials.
Further descriptions RFC doc ; grant type client credentials
How to custom the default authentication method-username/password in WSO2 Identity Server 5.7.0? i.e. use password plus any of mobile/email/username to authentication an end user and provide the user an JWT token as response.
Please refer to the following[1][2] as per your requirement you can use basic(username/password) as authentication step 1 and SMS OTP or email OTP as step 2. Following examples are based on SAML but as you need to get JWT token as a responce you need to register an OIDC application as a service provider.[3][4]
[1].https://docs.wso2.com/display/IS570/Configuring+Email+OTP#ConfiguringEmailOTP-ConfigureWSO2ISastheemailOTPprovider
[2].https://docs.wso2.com/display/ISCONNECTORS/Configuring+Multi-factor+Authentication+using+SMSOTP
[3].https://docs.wso2.com/display/IS570/Configuring+OAuth2-OpenID+Connect+Single-Sign-On
[4].https://docs.wso2.com/display/IS570/Try+Authorization+Code+Grant
I am new to django and am trying to get the user authenticated using firebase admin sdk. I am trying to do token authentication and have setup the admin sdk in my django app. Also I have received the client id token in the android app.
Now I am unable to understand how to send this id to the backend and verify it as a user and create users accordingly.I did find this answer but couldn't really understand how to go about this.
Also if a user is verified how do I add and update its data. Do I pass the token again or is there any other way to do it?
Your Android App should send its ID token along with all requests sent to the backend server. You can decide how to include that (as a header, as part of a JSON payload etc). In the backend server, you should always call auth.verify_id_token() and return an error (e.g. 401 Unauthorized) if the token fails to validate.
I'm creating an API for an android application I'm using Django Rest framework JWT token for API authentication. In perticular case, I want to deactivate the token which is activated for a particular user.
JWT is stateless auth which means it is not stored anywhere on server. When you send JWT token in header of request your server just check if token is valid. Therefore you cannot deactivate token - you can only delete it in your Andriod app. More on JWT here.
Using java client, I have generated the SAMLRequest string
Is there a way to post the whole data, and skip the IdentityServer login page?
With the data which I pass, has to meet the authentication for SSO and then generate Oauth2Token.
You can use request path authentication and send the username, password in the same request, which will give you the SAML assertion. You can later use SAML2 bearer grant type to exchange that assertion to an oauth token.