I am aware of native ios solution. I am wondering if it is possible to use FB JS sdk in react-native to login the users. A sample code to load FB SDK below - it will throw error in react-native because document doesn't seem to be a valid object in that implementation.
(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/es_LA/sdk.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
I can also use oauth2 manual login flow but using FB JS SDK seems better because it handles other scenarios like two-factor authentication.
I would recommend using the Facebook React Native SDK Login (you can find it here) to do user authentication, I tried it and it works for signing users in...the ReadMe says delete sub projects, I was confused and deleted too many, and it didn't work, so I had to start over again, I would recommend keep the sub projects for now until we find out exactly which sub projects to delete...
Related
What is the right way to proceed the logout action of the User when using JWT, Rails API and a JS front-end framework, for example Ember JS ? What I'm actually doing is:
use Rails 5.2 as API
use Ember JS 3.3 as front-end
use Ember Simple Auth as OAuth add-on
example app, its master branch, works as needed
example app, its without login branch fails to logout the User
check the presence and pass in a token in every request between Rails API and Ember JS apps.
The questions I have are:
Should I keep a token value in the backend model (User, for example) ?
I need it to make another request in the background on the backend side.
Should I set the token value to nil when the User logs out in the backend ?
What am I doing wrong with ESA as for logout action ?
Actually the token value is kept in a cookie on the client side (see https://github.com/simplabs/ember-simple-auth for more details). I followed their guides and the dummy app they provide.
I also had a discussion on Ember JS Forum and tried to follow some tips and advises, still no success.
Thank you.
This answer applies to Ember 1.13 through at least 3.x.
Authentication comes in so many flavors that I think the right way to do it is whatever is an easy-to-understand fit with the back end.
Since your JWT is in a cookie, let's think of that cookie as the source of truth. Rather than doing something complicated to parse the cookie in a model hook, you could define a Service that has functions to grab the cookie, parse it, and either save the results to values on the service or return the values you need.
This gets you a few benefits. You can get the values from anywhere in your app, including adapters, and all the logic for auth lives in once place. On the other hand, you would have to handle async behavior yourself (i.e. if a route depends on having login info, you will have to manage the order of operations between authentication and route transitions).
Ember Simple Auth is quite popular because of this issue. Although there aren't out of the box features for JWTs in cookies, if you have an app with different states based on logged-in behavior, it might be a good investment to learn it.
The user model is kind of a middle ground between a hand-rolled service and Ember Simple Auth, since you can get the user model and rely on it throughout your app, plus get a little help with async. Just be careful not to scatter your auth code across your whole app.
Lastly, to trigger logout, I would create a function that destroys the cookie by setting the max age/expiration like this. If you are handling auth on a service, this means you could use Router Service and then transitionTo a login page. If you are using Ember Simple Auth, that functionality can go in the invalidate hook of your custom authenticator. Example:
invalidate() {
this._super()
document.cookie = "some_token_name=; expires=Thu, 18 Dec 2013 12:00:00 UTC; path=/"
return Promise.resolve();
}
Lastly, for passing the token to authenticate requests, if you are using Ember Data, this can be done easily in the adapter's headers method.
Currently I am working on an WebApp with Ember.JS. Now I want my customers to log in with their Twitter account using OAuth but I don't want my App to reload when they do.
So my idea was to have the login button open an popup to the Twitter authentication page which redirects to my page which has some JS based on the result e.g
window.opener.success(userdata);
and
window.opener.failure(error);
But since it first redirects to Twitter (the popup) browsers remove the window.opener properties to prevent cross site scripting even though it does redirect back to my own domain (where the JS code is).
Is there another way to go about this?
edit: I could user postMessage, but this doesn't work in IE8/IE9 in a popup. Only in an iFrame.
Yes, you have the same idea as some other programmers at Vestorly; they made a social authentication plugin called Torii I would recommend this as they have probably also taken care of all your obvious security concerns.
Does anyone have experience creating an authentication mechanism with the new router in pre4?
Here are some of my thoughts so far:
In order to completely separate the view (Ember app) from the server (Rails app) I want to use token authentication. I will likely use Devise on the Rails server.
I need something like a before_filter equivalent in the Ember app where I can check if there is a current user and if that user has an authentication token set.
The Rails server will return the current auth token on every call. If it returns a null auth token the Ember app should detect this and transition to the unauthenticated state, redirecting to the login view.
I suspect I should be using an Ember state machine for this but I'm not sure how to proceed. Anyone tackled this problem yet?
UPDATE: Like #DustMason says in his answer, check out the awesome embercasts for authentication best-practices.
Client Side Authentication Part I
Client Side Authentication Part II
In order to completely separate the view (Ember app) from the server (Rails app) I want to use token authentication. I will likely use Devise on the Rails server.
Makes sense.
I need something like a before_filter equivalent in the Ember app where I can check if there is a current user and if that user has an authentication token set.
You can add an enter hook on routes, this is roughly equivalent to a before_filter. But not sure that's the best place to check for an auth-token.
The Rails server will return the current auth token on every call.
Makes sense. We use cookie-auth and fetch current user profile by calling /api/me but either should work.
If it returns a null auth token the Ember app should detect this and transition to the unauthenticated state, redirecting to the login view.
Thing about this approach is that (unlike rails) it's not easy to "protect" access to a particular ember routes. And no matter what a user can always pop open JS console and enter whatever state they want. So instead of thinking "user can only get into this state if authenticated" consider "what if unauthenticated user somehow navigates to this route"
I suspect I should be using an Ember state machine for this but I'm not sure how to proceed. Anyone tackled this problem yet?
Our auth needs are pretty simple so we've not found the need for a state machine. Instead we have an isAuthenticated property on ApplicationController. We use this property in application.hbs to replace the main view with a login form when a user is not authenticated.
{{if isAuthenticated}}
{{render "topnav"}}
{{outlet}}
{{else}}
{{render "login"}}
{{/if}}
From ApplicationRoute, we fetch user profile:
App.ApplicationRoute = Ember.Route.extend({
model: function() {
var profiles;
profiles = App.Profile.find({ alias: 'me' });
profiles.on("didLoad", function() {
return profiles.resolve(profiles.get("firstObject"));
});
return profiles;
}
});
Then our ApplicationController computes it's isAuthenticated property based on the profile that was returned.
I would suggest using ember-auth for that. It implements all the needed functionality and works very well in my opinion.
Also there is a demo and tutorial with Devise on Rails by the same author.
I also have implemented a basic Ember application based on Ember-auth with Devise token authentication and example Oauth for Google and LinkedIn that can be found here and is live here: https://starter-app.herokuapp.com
I recently changed from a bespoke auth system to using ember-simple-auth and found it very easy to integrate with my app. It fulfills all of the OPs requirements and also has built in support for refresh tokens.
They have a really nice API and a great set of examples. Anyone interested in token based auth should check it out.
The newly released Ember async router makes setting up a nice auth flow easier in my opinion! Check out the two-part series on http://www.embercasts.com/ for a good example
Josep's example app is really nice. I made a copy of his repo to show how to do it with ActiveRecord instead of mongoid, and also enable the Devise confirmable module. You can find it here. This repo was reconstructed from scratch, rather than forked, as I wanted to force myself to go through all of the steps to get it working. I'll update this answer if I add a fork with the necessary changes to get it to work.
Has anyone succeeded embedding Facebook Like button in metro app page? I tried both flavors HTML5 and iframe and none of them seem to be working fully.
What works:
Both flavors can render the not-logged-in version of Like button with total like count correctly.
What does not work:
Clicking on “Like” button takes user to metro IE for sign-in but its unable to return to the metro app page. User stays in metro IE blank page and even if you forcefully come back to metro app and restart, it still does not recognize that you are logged in to facebook.
Has anyone successfully able to add fully functional like button in metro app? Any pointers on what else to try?
No you can't. You can't integrate js from the outside like you would do on a normal webpage.
Instead you can login to Facebook from a Windows 8 application using OAuth. Once you have a valid access token you can perform any action using Facebook's Graph API, but liking a page is not supported (though the documentation is misleading).
Take a look at the Web Authentication sample SDK app.
I'm creating website that creates a page for each person in our department with their contact information. The page can then be linked to from a qr code on a business card.
What is the best way to get the information out of their SharePoint profiles?
edit: I'm not very familiar with creating stuff in Visual Studio. I'm using Ruby on Rails for the website and I've read SharePoint has REST services which would work great but I can't seem to figure out how to access the User Profile information.
You don't need to use Visual Studio. You just need to be able to use a SOAP based web service from Ruby. The documentation for the User Profile web service is here:
http://msdn.microsoft.com/en-us/library/aa980957(office.12).aspx
You can use the SharePoint UserProfile WebService to achieve this.
http://msdn.microsoft.com/en-us/library/ms494053.aspx
Or, if you need something more specific, you could create your own WebService which access's the UserProfile API like this -
using (var site = new SPSite("http://yourserver"))
{
var userProfileManager =
new UserProfileManager(SPServiceContext.GetContext(site));
var userProfile =
userProfileManager.GetUserProfile("domain\accountName");
//iterate the userprofile properties
foreach (UserProfileValueCollection prop in userProfile)
Console.WriteLine(prop.Value);
}