The access tokens created are not being persisted to the postgresql database. I created extended users and access_tokens models using the strongloop controller interface using the User and AccessToken models as parents. On login the user is successfully queried from the database, login is successful, and the access token is created. However the access token is not persisted in the database and so essentially the login fails.
Inside my model_config.json I have the following entries:
"access_tokens": {
"dataSource": "postgresdb",
"public": true
},
"users": {
"dataSource": "postgresdb",
"public": true
}
When investigating, the create function is called and the accessToken.beforeCreate() properly triggered and successfully returned. However the database does not store the token. When altering the access_tokens database to use db (memory) the access token created still cannot be used for authentication.
I am certain the database settings are correct because the access_tokens table is on the same db as the users and the users successfully grabs all the user information.
Related
I have configured google provider via cognito user pool and I am able to login through google and get user information. And I have added many attributes on the attribute mapping page as shown in below screenshot.
The endpoint I am using to get user info is https://docs.aws.amazon.com/cognito/latest/developerguide/userinfo-endpoint.html.
The response data for user info is always:
data: {
identities: '[{"userId":"xxxx","providerName":"Google","providerType":"Google","issuer":null,"primary":true,"dateCreated":1587772412295}]',
email_verified: 'true',
email: 'xxxx#gmail.com',
username: 'Google_1xxxx'
}
Regardless how I update the attribute mappings, I always see above response. Why can't I get additional attributes like picture, given_name, birthday etc. Do I need to set any permission on google side?
In app client setting, I have below configuration:
In authorized scope, I have set: email openid profile
I have been successful in creating a new Account User from following this tutorial: https://forge.autodesk.com/en/docs/bim360/v1/reference/http/users-POST/#example, and have used the PATCH method to set their status to active on Postman.
I would like to set their role and access_level but I am having trouble doing so. I have followed the link below to try and perform this function, but it requires the user to already be a BIM 360 Project Admin for it to work.
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-users-user_id-PATCH/
I also tried following the next link below to add a User to a project, but I am getting errors that I am unsure how to fix.
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-users-import-POST/
URI: https://developer.api.autodesk.com/hq/v2/accounts/:account_id/projects/:project_id/users/import
Method: PATCH
Authorization: *******************************************
Content-Type: application/json
x-user-id: {{user_id}}
Body:
{
"email": "john.smith#mail.com",
"services": {
"document_management": {
"access_level": "account_admin"
}
},
"company_id": ************************************,
"industry_roles": [
************************************
]
}
(The id for industry_role is IT).
Error:
{
"code": 1004,
"message": "this user doesn't exist."
}
I am unsure how I am getting this error since the User Id used for x-user-id is the same user_id associated with the email given in the request body. Is there a way to fix this or another method I can use?
The x-user-id header is not for specifying the user to import but rather:
x-user-id
string
In a two-legged authentication context, the app has access to all users specified by the administrator in the SaaS integrations UI. By providing this header, the API call will be limited to act on behalf of only the user specified.
Remove this field if that's not what you intended.
Verify the user id and email match each other via /GET users and /GET users:userid.
And be sure to provide either the user's email or the user ID and don't provide them both:
Note that you need to specify either an email, or a user_id. However, you cannot specify both.
See doc here
I want to pass info to React about the current authenticated user within an app that only uses social authentication on the backend (that is processed by social_django). All of my user and user token info is stored within django REST, and to access the tokens, I normally have to send POST requests to rest_framework.authtoken's obtain_auth_token view. My django root urls.py file looks like:
...
from rest_framework.authtoken.views import obtain_auth_token
urlpatterns = [
...
url(r'^obtain-auth-token/$', obtain_auth_token),
...
]
However, in order to actually get the auth tokens associated with the users in my database, I need to supply the username and password within my POST request. Social authentication automatically creates new users without assigning any passwords, so how do I get those tokens?
Have you got this working? If no, here is what I did. Hope it helps.
My Setup:
Django with Postgres
Django Rest Framework for REST API implementation
Python Social Auth (PSA) for Social Authentication (For now using Google+ libraries)
Reactjs frontend
While using Login for login, it translates to /login/google-plus/. This not only get's the acess_token but also creates a "social user" in your database. I used oauth 2.0 client side libraries in my case and roughly followed this approach to fetch the google user object with all the details on the client side. I replaced form in above link with ajax call which is more flexible and gives control to me to access tokens and other information necessary. The ajax call here ensures creation of social user in social auth table within the database.
<script type="text/javascript">
gapi.load('auth2', function () {
let auth2;
auth2 = gapi.auth2.init({
client_id: "YOUR CLIENT ID",
scope: "profile",
cookie_policy: 'single_host_origin'
});
auth2.then(function () {
let button = document.getElementById("google-plus-button");
auth2.attachClickHandler(button, {}, function (googleUser) {
// Send access-token to backend to finish the authenticate
// with your application
let authResponse = googleUser.getAuthResponse();
$.ajax({
"type": "POST",
"url": "/complete/google-plus/",
"data": {
"access_token": authResponse.access_token,
"CSRF": "{% csrf_token %}"
}
}).then(function(data){
console.log(data);
// Your success code
}).fail(function(error){
console.log(error);
});
});
});
});
</script>
Once you fetch the access_tokens you can store them in browser local storage till the user logs out. On log out you can delete them.
This method works well for me for the setup I mentioned. Also the problem of querying /obtain-auth-token with username and password is not there at all.
Would definitely be interested to know if there are other ways of accessing social auth tokens from PSA django. Cheers!
The Google Directory API https://developers.google.com/admin-sdk/directory/v1/reference/users/get
returns following kind of organizations data for a User. However in the Apps Admin console I can not find where the corresponding organisations name "Company Title" is defined. From where does it come from or how to edit that data? This is also inconsistent, since for some Users in this same domain the "name" field is missing completely?
"organizations": [
{
"name": "Company Title",
"title": "Software Developer",
"primary": true,
"type": "work",
"department": "The SW department"
}
],
I'm not particular about the Apps Admin console but you can update a user account if there are data that has to be changed.
To update a user account, use the following PUT request and include the authorization described in Authorize requests. The userKey can be the user's primary email address, the unique user id, or one of the user's alias email addresses. For the request and response properties, see the API Reference.
PUT https://www.googleapis.com/admin/directory/v1/users/userKey
You can try the REST API to retrieve all or children organization units.
To retrieve all sub-organization units under an organization unit or to retrieve the immediate children sub-organization units under an organization unit, use the following GET request and include the authorization described in Authorize requests. For the request and response properties, see the API Reference.
GET https://www.googleapis.com/admin/directory/v1/customer/my_customer
/orgunits?orgUnitPath=full org unit path&type=all or children
Here is a sample response to the List of Org unit/s
{
"kind": "directory#orgUnit",
"name": "sales",
"description": "The corporate sales team",
"orgUnitPath": "/corp/sales",
"parentOrgUnitPath": "/corp",
"blockInheritance": false
}
You can also try using the Update an organization unit:
To update an organization unit, use the following PUT request and include the authorization described in Authorize requests. For the request and response properties, see the API Reference:
PUT https://www.googleapis.com/admin/directory/v1/customer/customerId/orgunits/orgUnitPath
You can compare the values in the REST API and Admin Console.
Hope it helps!
I'm trying to use loopback angular SDK to login but instead I'm getting back a 401 unauthorized response.
User.login({ rememberMe: true }, {email: $scope.user.email, password: $scope.user.password})
.$promise
.then(function() {
var next = $location.nextAfterLogin || '/';
$location.nextAfterLogin = null;
$location.path(next);
})
.catch(function(x) {
$scope.authError = 'Wrong Credentials';
});
};
Also i can see the user with the given credentials in the datasource that I've defined for the User model.
So basically, I have a boot script that creates a default user
User.create([{
username: 'admin',
email: 'xxxx#gmail.com',
password: 'admin'
}], on_usersCreated);
And I also have created a custom User model that extends the built-in User model.
Why am I getting a 401 unauthorized response when trying to login? I have even tried to login via the explorer, but with no success.
Update:
I debugged the build-in User model and the login method; and it seems that it cannot find the user with the given email. I can see it though in the mongodb database.
Inspect the ACL records of User model, starting you app in debug mode and viewing console: DEBUG=loopback:security:acl slc run.
I don't see anything wrong with your code. Are you sure the values you're passing into the function are correct? Try logging $scope.user.email and $scope.user.password before calling User.login.
See my new example here: https://github.com/strongloop/loopback-getting-started-intermediate/blob/master/client/js/services/auth.js#L6-L15
The tutorial part is not complete, you can look around the source code to get an idea of what you're doing different.