How can one use Firebase Authentication to allow users to authenticate with a Google account via the C++ SDK (using it in Cocos2d-x).
I’m confused as to whether I would need to build a special Google auth GUI or if the SDK requires/contains a standardized GUI (or, in the case of Cocos2d-x, a Scene) that should be used.
Either way, I am unsure how to do it. Does anyone know how to proceed? The SDK example code shows how to authenticate via Email/Password but not via a Google Account.
Ok, so this is complicated, but not because of Firebase.
Basically, if you want to use a Federated Logon, such as Facebook, Google, Twitter, then you will need to use their UI SDK built for whichever platform you are using. When you successfully login with one of these services, you will construct a Credential with the token that is returned from one of these services.
After you login with this credential, the Firebase Auth service will associate any account data with this federated logon. If you were previously using an anonymous login, then the account should be upgraded. If you have already logged in with another credential (email, phone number, alternative federeated logon) then you will need to do some logic to check if you need to merge or switch.
Firebase Auth can outlive the Federated Token. For example, the Facebook Login token expires or is revoked, your Firebase Auth backend might remain signed in. Vice versa your Facebook token might not expire, but your Firebase Auth might have been signed out. You will need to manage these states.
Here's an example. We want to use Facebook Login as our federated logon provider. We link the Facebook Login SDK for our platform as described in the Facebook Developer docs.
When we want to ask for Facebook login credentials, we use the FBSDKLoginManager .loginwithReadPermissions() to launch the login flow. This typically consists of launching either the Facebook App to confirm permissions for your app or the website (make sure you implement deep links properly as described in the Facebook documentation).
Eventually, the login will succeed or fail.
If it succeeds, Facebook will hand you a token which you can grab from [FBSDKAccessToken currentAccessToken].tokenString. This is what you would send to firebase::auth::FacebookAuthProvider::GetCredential
All of this is ASync and done on separate threads. You should use a concurrent queue to funnel these events to your main thread.
It is possible to use your own server and signup form, in which case you would build your own UI in game and then make secure server calls to your backend. There's a flow for getting a text message to validate a user, not something I would do for a game.
Related
Basically I want the below flow in the application .
I have created one user pool in the cognito and configure it.
I want to integrate cognito authentication and authorization with below flow.
Register new user with by using cognito signUp api via postman (I dont want to use hosted UI) .
once user is successfully registered in cognito.
User will call the cognito login api via postman - On successful login cognito will return access_token.
I will use that access token in all subsequent requests to make sure the user is authenticated and authorized .
The main thing here is I do not want to use that hosted UI given by cognito .I want to achieve this via api calls .
I am not sure for achieving this what I need to . You can tell me if any more steps needed before the first step I wrote like authorize my app or anything like that.
I understood I need to authorize my app before it uses the signup api but I am not sure about exact flow and process or in which manner I need to perform the steps .
Please guide..
There are aws sdks available for different platform. You need to implement one of them according to your backend technology and expose your api and test it out in the post man. Please go through this link docs.aws.amazon.com/cognito-user-identity-pools/latest/… There are sdks links at the bottom.
I have my web application. Now i want to integrate salesforce into my web app so that i can push data from my app to any salesforce org after the authentication(OAuth).
I found 2 ways:
1. Connected Apps
2. via wsdl generation file and use
I created a connected app from my developer account and i authenticated using consumer key, cusumer secret key(from my connected app) and username of user and secret token of the user account.
I tried with another free trail account, It's validating and fetching the details and post data also working.
My question is, shall i deploy my connected app into app exchange, then only i caan use REST APIs ?
generating wsdl and coding around is the better option than the above ?
Is there a option, only one time authentication enough for any number of sessions and use the REST APIs?
Please suggest me a best way to proceed.
You're mixing up a couple of independent issues here.
If you're going to authenticate via OAuth, you must have a Connected App.
A SOAP API login() call requires you to store a username and password, which is undesirable.
There is no way to "permanently" authenticate, i.e., to get a session id that never expires. Your app must always be ready to get a new access token via the OAuth refresh token it obtains and stores (via, for example, the Web Server OAuth flow), or to reauthenticate via JWT flow.
Connected Apps are global metadata in most cases. You don't need to deploy a Connected App into a target org in order to authenticate using its Client Id and Secret into that org. The only exception I'm aware of is if you want to use the JWT flow with a certificate and preauthorized Profiles and Permission Sets.
Based on what you've shared, I don't see any reason for the AppExchange to be involved.
I'm trying to use Federation from a User Pool. Note, I am not talking about Federated Identity Pool a different concept.
Is there a SignIn API for federated users or is just a hosted UI
Does the app "have to" open a browser on a Sign In URL that looks like https://XXXXXX.au=th.XXXXX.amazoncognito.com/login?response_type=code&client_id=XXXXXXXXX&redirect_uri=XXXXXXX? Can the end-user can stay inside the app, similar to how Google SignIn API on Android works (it pops up a small Google sign in UI, user clicks on their name, you're immediately back inside the app with a token.
How do I launch a browser on that Sign In URL?
How can my app be called back when the user has finished signing in?
Specifically how does my mobile app receive the token from the browser?
Is there a SignIn API for federated users or is just a hosted UI?
As far as I can tell you have to use the hosted UI when you federate a user pool to social IdPs.
How do I launch a browser on that Sign In URL?
This depends on the language and platform obviously, on Android with Xamarin you can use Xamarin.Auth.Presenters.OAuthLoginPresenter.Login() to launch a native browser Chrome at a URL specified by the OAuth2Authenticator you pass in. That OAuth2Authenticator does more than just craft the URL it gives Chrome, its stateful so when you get an answer back in the form of a code or token, you can then call methods on that object to proceed.
How can my app be called back when the user has finished signing in?
Specifically how can the browser redirecting a URL actually redirect you back inside the app. That's done via something called, Deep Links & App Links, here's that concept explained on Android.
I want to be able to authenticate users of an angular.js application using oauth, but I do not want to store any tokens on the frontend because I have seen that it can be fairly complicated to do so securely. Is there a way to pass some sort of credentials of a user to my django web application, where is can authenticate the user with some oauth provider and save that information in a session? To make it simple, here is the process I want
User is logged into some oauth provider, i.e. stackexchange
They click a "login with stackexchange" button on the front end angular app
Their login credentials are sent over to the django application through a restful api
The django app which receives these credentials attempts to get a token using rauth
If the server receives a token, the user is logged in and their information is saved in a session, otherwise they are given an error
Is this sort of process supported by OAuth2 providers?
Step 3 is incorrect: that authentication process is handled entirely off-site, on the OAuth provider's infrastructure, e.g. StackExchange.
This kind of flow is certainly possible. I would check out the Facebook example, which uses Flask, but provides a similar framework for how you might go about this in Django.
I am building a app/API that allows user to login with Facebook, Twitter or Google. I am wondering what are the best practices in allowing those user to use the same account to login to the API.
A couple Ideas that I have had is pass the auth token/cookie in a header to the API for every request and use that to authenticate on the backend.
Run my own OAuth setup and make the user authenticate once with the back end to get my OAuth token and use those from then on.
I am doing the same thing and my solution is to match the email addresses that you get from these respective APIs.
For Facebook, you need special permission from the end user to get the email address registered there. You do this by adding &scope=email to the first oauth request.
A disadvantage is that you need to get this permission from the end user and they may decline. Another disadvantage is that users need to use the same email addresses for Google, Facebook and Twitter.
An advantage is that user records are merged automatically, so users can directly access all their data if they logged in the first time through Google, and the second time through Facebook.
Another approach would be to manually merge their data by making them log in to Google when they are already logged in through Facebook. Then you can conclude that they are the same user, even when they use different email addresses for both. But this is a more tedious approach, as you still need to merge the app's user data from both accounts.
Your first solution is exactly the way I do it. As all my rest services are stateless, the access token goes in the header and is parsed by spring security authentication filters on every request. I use a grails sever with the spring-security-oauth plugin. We also run a website which allows for using session cookies for browser based access.