I have a parse/mongoDB running locally and am wondering about putting the Dashboard live for my client to access online.
Currently the endpoint /dashboard shows all the user data with read/write access, how do I go about deploying this live and keeping the /dashboard endpoint password protected or the Dashboard object itself ?
For more context this is a simple React app that stores user data in the MongoDB using Parse and the client will be needing to access these data at any point.
Googling many variants with no luck
Related
I hope you are doing well!
We are working on a project that consists of 3 projects/websites. It's basically something like a Management Platform for the resources, a Platform to display information and updates, and a Platform to manage both those platforms. (Something like Office365 and PowerPoint, Word, Excel where Office365 is the main application between them).
In our project, we want to integrate a navigation drawer in which the user can navigate to the different application from our 3 websites without having to re-login. In this case it would be easy. However, would there be a way that if the user access the other website from the browser (ex:"www.exameplwebsite.website2.com") we login the user directly if he was already logged in to a previous application from ours?
We thought about local storage however the local storage and cookies accessible depend on the domain we are accessing.
Is there a way to make this happen? Or would using a navigation drawer the only way possible?
(For context we will be using ReactJS)
I think it wouldn't be that hard with JSON Web Token (JWT) for authentication. When you redirect the user from one site to the other do it with a post request and include a JWT token in it. The new site can capture that token and send the token to the browser and the browser can catch it and saves it into its own localstorage.
I can think of two solutions ->
Use micro frontends (Recommended)
If all three apps have different domain names (app1.com, app2.com, app3.com) then you're right you cannot share any token using cookies and local storage.
Here, You can take the login/signup pages and the navigation drawer into one parent app and load all your other apps using micro frontends.
Use SSO
SAML and OIDC are made for this specific purpose but this is a very complex topic. Basically, your users will need to log in once(at someplace like google or OneLogin or your own identity server)
Is it possible to use the salesforce APIs in a JS application to authenticate users of multiple, unknown organizations that I do not control or have access to and import their account names?
I want users of my application, all of which belong to different companies, to be able to import their salesforce contacts into my application. All of the tutorials I have come across seem to focus on creating applications for organizations that the developer has access to via "connected apps". I assume that creating a connected app will only allow access to that specific organization and that if someone from a different organization tried to authenticate and access their data it would fail? Pointers to the product I should be using to accomplish this are much appreciated!
You have the right idea, to get data from a salesforce org, you are going to need the user with the Salesforce account to authorize your application to access the data. The connected app is basically just a way for you to get the auth code that you need to access that data.
It is possible to define the connected app in one org, and have it be used by multiple different salesforce orgs. The data that one auth code provides access to is limited based on the data available to the user that grants access.
I have created a web app which is making use of OneDrive API (https://learn.microsoft.com/en-us/onedrive/developer/rest-api/) to perform actions such as create/update/rename/delete of documents etc. I am authorizing requests with OAuth 2.0 (client side - that means every access token is valid for ~1h and then silently I am getting a new token) and then perform previous actions using that token.
I have a new requirement for the authorized user to share his/her documents for writing/updating them (I found out that API has option for inserting permissions (https://learn.microsoft.com/en-us/onedrive/developer/rest-api/api/driveitem_invite).
Is it possible for a non-authenticated user to be able to write/update documents (programmatically - via OneDrive API or some other API?) that have been created from the authenticated user that shared these? (something that is similar to Microsoft Word online when a user is sharing his document and offline/ guest users are able to edit it?
Thanks.
Some Update:
First of all documentation for REST API/ endpoints is chaotic. (https://github.com/OneDrive/onedrive-api-docs/issues/839)
I found out that I can get shared document via these endpoints:
GET: https://api.onedrive.com/v1.0/shares/encodedUrl/driveItem
And update shared document only if I have an access token
PUT: https://api.onedrive.com/v1.0/shares/encodedUrl/driveItem/content?access_token=accessToken
where encodedUrl can be obtained as : https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/shares_get
(check example on C# with sharing url )
So, I am still wondering how possible is to update a document without any authentication but just a share url.
I am trying to get it so that when the user on the local network opens up the webpage it will log them in with their active directory username and password through a react js system with a C# API back-end. would react just say someone has connected on load and then send a message to the web api telling it to pull the user and authenticated it pushing that to the webpage for me to use as the login details.
You can achieve by using common authentication/authorization protocol OAuth 2, which is commonly used.
for example google have different product like gmail, drive, doc etc which is hosted in different domain. But when you login in any of this domain, you don't require to login again in any of its product. it use Signle Sign on concept
I have an app and i have created the required API for in php I could also create it using firebase.
The app is meant to be used by people who are new to technology. I don't want any login authentication.
As I have created API any one who goes through my code can see the API link and can get the data which i don't want.
What i want to achieve is the API to serve data when the request is from my app only
How can i achieve this without any user login?
create an access token and store it in your application, then on each ajax request you will compare the token, so if the token is valid you will deliver the contents otherwise you will show an error message.
As, raymond Camden said in his comment:
it is not secure. I can use Remote Debugging to sniff the access token
and then use it myself. At the end of the day, there is no way to do
what you want 100% securely.