I've got my Identity Server 4 project all up and running on .NET Core 2.0, and I've got an Angular front-end connecting to it, which when I try to access gives me the correct OpenID Connect login window (in my case it's Azure AD), and when I log in everything works wonderfully.
Now the time has come to put some functionality behind the callback, so that on my side I can create entries in my own user table when people log in, and read their claims to grant them permission to things in my system. But I can't for the life of me figure out how to write automated tests to cover the callback. All of my attempts at mocking/faking tokens, or calling the callback URL directly (even re-using working calls captured by Fiddler) throw errors.
I've looked in to hybrid flow, which i think is what I need, but I cannot work out how to get the bearer token from Azure AD, let alone pass that to the callback. I thought about having a fake Relaying Party, but that seems a little overkill for a few simple unit tests.
I've tried Googlging all manor of search terms, and every time I seem to be getting close, something doesn't fit. So I'm here, asking for help.
Thanks.
Related
some time ago I've read of a Webservice, that simulates a large number of clients to your Website / Webapp, which click randomly everywhere and log every error or timeout they produce with that behaviour. As far as I remember it was based on javascript.
It's like Zombie.js / Phantom.js, but only as a Service without having to do the setup self.
Does anybody know this service?
(Things I've already excluded: WebServiceStudio, Storm, SoapUi
I guess you want to test how well your webservice works. I have used JMeter which is very good.
http://jmeter.apache.org/
I am new to Enyo and web services. I am looking to build a web page with Enyo that will require use of Echonest. Can anyone help me understand how to connect to the Echonest service from inside Enyo and whether to use SOAP, REST, or something else?
I assume you are talking about the Echo Nest found here: http://the.echonest.com ?
Briefly glancing at their API, you may not have to use SOAP or REST since everything is accessible with simple GET requests through the Web service. It looks like the hardest part of using their API will be generating OAuth signatures for authenticated requests.
As far as the enyo.WebService, http://enyojs.com/api/#enyo.WebService, goes, you should be able to include the kind, set the URL and call the .send() method on it. Then you response handler would get the data back (I recommend json) so you can do what you will with it.
Another option would be to use enyo.Ajax, http://enyojs.com/api/#enyo.Ajax, directly. enyo.WebService wraps that and provides a familiar (to Enyo 1 developers) way to use it.
My team and me are currently working on quite a large project. We are working on an online game, which will be accessible (for the moment), in two ways:
-Via a web browser, an application full JavaScript(client-side), full Ajax (basically meaning that the UI will be managed in JS client side).
-Via an iPhone application (the UI will be managed by the application itself).
Between the two different applications, the core logic remains the same, so I believe (I could be wrong), that the best solution would be to create a web service (if possible using standards such as RESTful or Rest) capable of perming all necessary operations.
Following this logic, I have encountered a problem: the authentication and identity management of the user. This poses problem as the applications users need to be authenticated to preform certain operations.
I’ve looked into WS-security, but this obviously requires passwords to be stored, unencrypted on the server, which is not acceptable!
I then looked into Oauth, but at first glance this seemed like a lot of work to set up and not particularly suited to my needs (the way that applications have to be accepted does not please me since it will be my application and my application only using the web service, not any external application).
I’ve read and heard about a lot of other ways to do what I want, but to be honest, I’m a little confused and I don’t know what information is reliable and what isn’t.
I would like to note that I’m using symfony2 for the backend and jquery for the client side JavaScript.
Furthermore, I would like a detailed, step-by-step response, because I really am confused with all that I have read and heard.
Thank you for your time, and I hope someone can help me as it’s quite urgent.
Good evening
I'm not entirely sure if this answers your request, but since the UI will always be handled on the client side, I think you could use stateless HTTP authentication:
This is the firewall in security.yml:
security:
firewalls:
api:
pattern: ^/api/ # or whatever path you want
http_basic: ~
stateless: true
And then the idea basically is that on the server, you use your normal user providers, encoders and whatnot to achieve maximal security, and on the client, you send the HTTP authentication headers, for example, in jQuery:
$.ajax("...", {
username: "Foo",
password: "bar"
});
Please note that since the authentication is stateless (no cookie is ever created), the headers have to be sent with every request, but, I figure, since the application is almost entirely client-side, this isn't a problem.
You can also check the Symfony2 security manual for further information on how to setup HTTP authentication. Also be sure to force HTTPS access in your ACL, so the requests containing the credentials are secured (requires_channel: https in your ACL definitions).
I have built a website in django framework. It has a lot of features such as blog, discussion forum, basically there are lots of ways users can interact. I have built a basic notification framework where a user gets notified when somebody comments on their blog, or answers their question in the forum.
Since the notifications are stored in db, new notifications are displayed only when a page refresh is done. I would like to make it real time using some push server using something like long polling technique.
I have come across NowJS which seems to be pretty handy for this, but in all the examples that are given I could not see any example where there was any interaction with the database. In all the cases there was some information sent by one client and it was displayed to one or more clients.
What I actually want to do is to call a function using NowJS, and make it go to sleep until a new notification is added in the database. When a new notifications comes in the server responds back with the notification and a new request is done immediately.
I can figure out all other parts except how to access the database from Node server that is used by NowJS. Any help or guidance is appreciated.
Either:
Have your node.js server make an http call to the Django server via something like a REST api to get info back
Google for a database connector for node.js - I found enough evidence for a MySQL one, and rumours of a PostgreSQL one. Note this won't get you access to the Django DB API, so you'll have to work out all your related queries and craft your SQL by hand (make sure Bobby Tables doesn't bother you: http://www.xkcd.com/327)
Re-implement the NowJS protocol so that you can write a django server for it, keeping the same JS client code on the clients... but then you may as wel.....
...use django-socketio http://blog.jupo.org/2011/08/13/real-time-web-apps-with-django-and-websockets/
What do you use as a test client for your stateful web services? Is it possible to use SoapUI? Are there best practices in this area?
You can do what's called a "Property Transfer" in SoapUI. For example, all our web services have to first call an authentication web service and obtain an authentication token.
I've set this up in SoapUI so that the returned auth token from the auth service is passed on to subsequent requests. It seems to work pretty well, but unless I'm missing a trick I wouldn't like to set it up for a lot of web services (i.e. you have to have an entry for each call you want to transfer data to / from).
Yeah, building SoapUI tests is slow, repetitive work. We didn't discover it until rewriting the SOAP server, and it makes great unit and system tests, but is s.l.o.w to create them.
Oh, and watch out for the memory leaks. Save very frequently. When you run out of memory, you can't save anymore. That sucks a little.
The property transfer stuff is awesome - you can have different scopes (test, request, global), and you can use GroovyScript to do dynamic stuff (like look up a particular date related to today's date, and so on).
With a properly formatted WSDL file, it will generate template requests for you, but you'll still need to tweak them a fair bit - or at least, I did.
I don't know whether it's practical to do this with SoapUI, but I've done things like this with both iTKO LISA and Parasoft SOATest. It wasn't for testing stateful web services, but simply executing multiple testing steps, storing results that are used in following steps. Both LISA and SOATest have the ability to define steps in the GUI that can store pieces of responses that are used in later requests.