I have designed a Restful component using Coldfusion 11. Now I need to think of securing this REST service.After searching for sometime
I found HTTPS + oauth2 is the best combination for securing REST service.
In the official oauth2 page, We have libraries for different languages. But there is nothing listed for ColdFusion.
Any one having any kind of knowledge if we have a library for oauth2 in ColdFusion?
I believe you are looking for this. This CF script is built by Matt Gifford 3 years ago, so you might want to take a look and update some code. But as far as i believe, it was designed to work on CF9 and CF10, so it will work on CF11 as well.
Let me know if this works for you.
Related
I am a nodejs developer but currently migrating to django(being a python lover). I am trying to implement OAuth2 in Django Rest Framework but I don't know how to start.
In nodejs, there is passportjs library which is well maintained, and it's got stratigies for every possible authentication type. What about django rest framework ? User name/password auth seems straightforward but oauth2 is not well covered.
In DRF docs here, It mentions two libraries for oauth. The first is django-oauth-toolkit which is well maintained but after going through docs, I didn't seem to understand much, it doesn't even talk about googl/facebook oauth. I am not sure what it is used for, anyway. The second one is django-rest-framework-social-oauth2 which seems to be straightforward but it's not been touched for over a year, it's probably not maintained any more.
So, How do you guys do oauth2 in your DRF projects ?
I hope you have solved this already. You can check my repo: It offers a simple way of authenticating against major ouath2 vendors. Here it is https://github.com/wagnerdelima/drf-social-oauth2.
You can also check my other repo https://github.com/wagnerdelima/facebook_setup. It integrates https://github.com/wagnerdelima/drf-social-oauth2 as an example to make it easy for newcomers.
I am a beginner in the world of the OAuth2.0 and OpenID Protocols. I would like to implement a custom server - provider for multiple applications. So, to use it for Single Sign-On (SSO). I would like to work with python. Till now I have found four packages, for an OAuth2.0 and an OpenID Connect server implementation, in Python: pyoidc, django-oidc-provider, Django OAuth Toolkit (DOT) by OAuthlib and Authlib. I tried to read and understand pyoidc, but it was not so helpful and easy, basic things were missing. I have tried django-oidc-provider and I was really satisfied, and the whole implementation was really easy. So, after those trials, I am left with Django OAuth Toolkit (by OAuthlib) and Authlib. Has anyone tried them? Are these packages the same? Is Authlib an updated version of the OAuthlib library? The only information I know till now, is that Flask-OAuthlib is deprecated, and Authlib is was its new version.
*Every answer or advice or personal experience would be really helpful and always appreciated!
Thank you again for your help.
After some research, I concluded to work generally with JWTs. As before, I would like to work with a GraphQL API, so I am searching for solutions about JWT authentication on it. I maybe use Passport.js (passport-jwt) or something else for Python. All the libraries mentioned above possibly will be not used.
I will just redirect the user to my main application, authenticate them with JWT, and then return the JWT back to the application. In the future and after deployment, I might also implement an OAuth2.0 provider for my website. Although those packages did not really help me, I would recommend Django OAuth Toolkit (DOT) and django-oidc-provider to others. But, also I learned that django-oidc-provider only supports the implementation of a small and simple OAuth2.0 provider. Django OAuth Toolkit comes with lots of options for implementing an advanced OAuth2.0 Authentication Server (AS), including Authorization Code flow with PKCE (Proof Key with Code Exchange), which is the most secure flow. It is also scalable and has great documentation with lots of customizations if you want.
*I sent an email to the support of Authlib, and of course no one has answered to me after a week.
I have to create web application similar to twitter with a few tweaks using django. I am clueless if I have to use a CMS for this or any other existing django-application. Working from ground up is quite tedious to be honest. Can anyone recommend me which CMS( or anything else) I should attempt trying?
There is a project called trillr1. According to its page:
"Trillr is a Twitter-like microblogging service enhanced with user directory and group discussion features. " that's maybe what you want.
https://contributions.coremedia.com/trillr1
I guess, the closest you can come with an out-of-the-box software to imitate Twitter is Status.net, the software, that powers identi.ca. However, this is a PHP application.
I'm not aware of something similar in the Django world.
I am trying to set up a web store using magento on a SOA Architecture. So I intend to use all of the functionalities through the API connecting it with mule ESB.
However on my research I have read that the magento API is Silly Slow. And now I am wondering if it actually can handle the requests of an entire website.
Has anybody done something like this before? Can it actually work? If not, is there a workaround?
Regards
Leo
No, it is not viable to setup a store using only Magento's SOAP and RPC APIs. THat is not the intention of these APIs.
There are examples where people have done what you are looking for such as http://www.yireo.com/software/magebridge
They claim to be 40% faster than native Magento.
I've tried the tool, and it is quite functional.
I'm trying to integrate with Twitter using their OAuth API. I have downloaded and tried the CF implementation here: http://oauth.riaforge.org/ with no success. Anyone have a simple CF to Twitter OAuth example for authorizing a user, getting a token, and using it?
ColdFusion plays really nice with java. What I did is simply use the twitter4j lib (http://yusuke.homeip.net/twitter4j/en/index.html#introduction) to handle everything. Works like a charm, and is far more comprehensive that you'd ever dream of writing yourself. Plus, it's free.
I'd try that before I went banging my head against the wall trying to deal with signing oauth requests and reinventing the wheel.
checkout this post my colleague wrote - the twitter 4j library recently change in the 2.2 update and the class is now an interface, so you have to modify the code a bit...
http://techblog.troywebconsulting.com/2011/09/authenticating-to-twitter-using-oauth-and-twitter4j-2-2x-api-with-coldfusion/
Could try this one, but I didn't try it myself yet to know if it works any better than the one on RIA Forge. I just found it while digging around.
http://oauth.googlecode.com/svn/code/coldfusion/
It looks like RPX also supports OAuth, but again, I haven't tried it personally. I am using them for an OpenID implementation, and they work great.
https://rpxnow.com/docs