Essentially, I'm wanting to create an Oauth Client as an App so I can get data from Dynamics for multiple customers. Does anyone know if this is possible to do in AppSource or do you know of another way?
I have a service that will be served in a cloud different than Azure so there really isn't anything for me to submit as an App and I really don't want every customer to have to setup their own App that gives my service the privileges/access it needs, but it's looking like I may have to.
It sounds like you'll want to register an app with Azure AD (the OAuth2.0 service/identity provider for work and school accounts), and create a multi-tenant app. Then you can configure this app in the Azure Portal to get permissions to the APIs the app wants tokens to call (in your case Dynamics or the Microsoft Graph).
Once this app is written, you can code up your app using one of the Azure AD Auth Libraries. Here's some sample code for a .NET web API. You can find more code samples on Github and search active directory. Moreover, the Azure Active Directory Developer Landing Page is a great place to look for more resources on doing all of this.
Related
I am developing web platform which has to have 3 type of users (user, admin, partner companies). For the authentication I am considering to use google Identity platform with multitenancy (probably users in one tenant and admins are in different tenant).
As I understand from documentation, how do we integrate identity platform to our application is to create identity platform provider from console and integrate it into frontend with UI. From front-end, without contacting backend service we can sign up, login and logout by calling firebase SDK and it will give us authentication token. From backend I can check that token with middleware and decide if I agree the user as authenticated or not. Correct me if I am wrong.
Then I can get some metadata of authenticated user from the token, maybe email or name etc. But I want to store user related information on noSQL database as well. For example, if user wants to change his email I need to handle it in backend server, also, I'd like to store users log (access and audit log on somewhere else). In case of, I am using frontend UI and SDK how do log the access and audit information on my backend? also, when changing user's information, do I just write handler function in backend end update user's data with REST API or Admin SDK? what is the best practice over here? Or should I better write my own login and logout function on my backend then call REST API or Admin SDK? is there preferred way? Google is showing me only integration way of authentication from frontend?
BTW, I am deploying backend application on google cloud run, and frontend would be developed in react and should be deployed maybe in firebase or in cloud run as well.
Thanks
As per the Documentation,Yes your understanding is correct to integrate identity platform to the application.
You can store the user related information on a noSQL database like Firestore or Firebase Realtime Database. You can write the Rest API to change or update the user's information in the database.
If you want to write your own login and logout function, I don’t think it is necessary because Firebase Admin SDK provides these features. But if you want to manage user authentication in the backend for specific requirements, you can write your own login and logout function on the backend and use the Firebase Admin SDK.
For access and audit log information you can use Firebase Analytics, Firebase Analytics helps you understand what your users are doing in your app. It has all of the metrics that you’d expect in an app analytics tool combined with user properties like device type, app version, and OS version to give you insight into how users interact with your app.
But finally, the best way would depend on your requirements and use case.
I'm trying to build a plugin for a WordPress App, that uploads file to the users Google Drive space. I don't want the end user to create the Cloud Console Project. but rather just have him give consent so the plugin can access the needed data from his Google Drive account.
When I create OAuth 2.0 Client IDs in the Google Cloud Console (Web Application), Google asks for Authorized JavaScript origins and Authorized redirect URIs. Since the plugin will be portable and can be installed on different websites I can't define this.
How can this be solved that an OAuth2 Authentication by the user can be done, without knowing the URL where the app is running?
Thanks
You cant. Redirect uri must be configured properly, to point webserver the code authorization is running on.
You will need to instruct your users in how to create their own client.
Also as this is a WordPress application, you would need to share your client id and secret with the users. This is also against googles TOS.
possible workaround.
If you put up an authorization server on your own server. The users of your app could then login though that. A refresh token will be returned to their website running your app and stored locally. Your code could then run using the refresh token to access their data.
However you are then going to be responsible for verifying an app with google drive scopes.
I am working on integrating Cognito with the website my team is building for user authentication. I am having troubles with regard to number of app client that I should setup. In the AWS's official documentation, it says something like this:
You can create multiple apps for a user pool. Generally an app corresponds to the platform of an app. For example, you might create an app for a server-side application and a different Android app. Each app has its own app client ID.
So normally, lets say for a full stack application, do we need to set up two app clients, one for frontend and one for backend? or it is fine just creating one app client?
You do not need to create 2 app client values to require a user to authenticate to access your web site using a login such as this one:
You only need one App client id value to secure a web app (the note above is describing a web app and a separate mobile app).
To see an example of securing a web site (this example demonstrates how to secure a Spring boot Web app using the OAuth2 identity provider), see this:
Using Amazon Cognito to require a user to log into a web application
I have been working with Azure's web app service using Resource Manager to deploy a Django app. It has been working in fits and starts. I really like the auto-deployment from GitHub but I have been frustrated by the ability to work with the underlying machine. There is a "Console" tool through the Azure portal but it has limited functionality and when there is an internal server error on my app, I can't find the server output log.
Can someone share insight into how to view the server logs?
Azure web apps have a number of logs however, the applications logs provided out of the box only support Asp.Net applications. That being said there is an article about django on web apps and how to store and view its logs here.
What'll you'll have to do, as described in the link, is to setup the django application to store its logs on the azure file system. Another option is to setup the django application to email the devs but the better option is to store the logs on the file system properly.
My team is trying to develop a product for the google apps marketplace and I am having issues with the workflow in the new ADMIN SDK.
With the now deprecated Provisioning API we simply ask for a username and password from the account we are trying to manage.
With the ADMIN SDK it seems as though they would need to go enable the API, create a key and do a lot of manual work for this to happen. This really is a tough option for us as the technical level of our clients is not likely to be able to make this transition.
Is there something like the work flow for the provisioning API where they can enable management from a third party or a recommended workflow for a developer to build an application that can access any number of google apps accounts?
A use case for this is say I want to develop a different option for a console, I want to build a console web app and simply ask for credentials or easy setup routine and allow our users to manage their google apps account in a different way.
Thanks in advance,
Steve
The Admin SDK Directory and Reports APIs work correctly with 2-legged OAuth 1.0a which is what the Google Apps Marketplace currently supports and automates. You do need to turn the Admin SDK on under "Register for additional APIs" from your Vendor Profile page on the marketplace. Also, the Administrative APIs for the domain must be turned on. You'll get a generic error that the domain cannot use the APIs if it's off in which case you can direct the client to the exact CPanel page where they can turn it on.