I am currently trying to build a Calendar app in Node.JS hooked with Google Calendar. However, I have been struggling with trying to get a Calendar from the Google API. I have downloaded the GoogleApis npm package to assist PassportJS, but I can not seem to get passport to interact with GoogleAPIs. I was trying to find a method of using the already authenticated user to get a Calendar, but google has yielded no results. Is there a way to use Passport.JS to get a Google Calendar, or do I need to abandon PassportJS for this task entirely?
Here is the express route I am currently using to attempt to get a Calendar.
let auth = passport.authenticate('google', {
scope: ['profile', 'email',
'https://www.googleapis.com/auth/calendar.events',
'https://www.googleapis.com/auth/calendar.readonly']
})
/*
I want to know if there is a way to Get The Calendar without the Code below or if I can use Passportjs for the Credentials Section
*/
const client = google.auth.getClient({
credentials: credentials
scopes: ['https://www.googleapis.com/auth/calendar'],
})
calendar.events.list({
calendarId: 'CALID',
...
Related
I have used Msal.js for login to microsoft account inorder to call microsoft graph api.
On local everything is working fine but after deployment on production, login is happening but again a login popup is opening up , and my web application is not redirected to home page.
My redirect uri is : "http://localhost:8080/"
I am using node.js to create the localhost server.
My config.js file is -
const msalConfig = {
auth: {
clientId: 'cbd4ec69-c747-4592-ae78-7d8d680d0428',
redirectUri: 'http://localhost:8080/'
}
};
const msalRequest = {
scopes: [
'user.read',
'Files.Read',
'Files.Read.All',
'Files.ReadWrite',
'Files.ReadWrite.All'
]
}
I need to deploy my application on prod, i have made the whole application and now only this thing is not working.
One of the workaround we can follow to resolve the above issue,
Make sure that the port you are using its been updated in server.js with your preferred port number in redirect uri.
We can follow the below given MS DOC and use the sample code.
The sample code will work like, When a user initially clicks the Sign In button, the signIn method invokes the loginPopup function to sign the user in. The loginPopup method prompts and validates the user's credentials by opening a pop-up window with the Microsoft identity platform endpoint. Msal.js starts the authorization code flow after a successful sign-in.
For complete setup please refer this MICROSOFT DOCUMENTATION|Sign in users and call the Microsoft Graph API from a JavaScript .
I've written a simple Calendar API call using the official NodeJS client: https://github.com/googleapis/google-api-nodejs-client#service-account-credentials
It works fine on my local machine, using a Service Account set up with Domain-Wide Delegation to create the event and invite a list of attendees on my behalf.
I set the credentials location using GOOGLE_APPLICATION_CREDENTIALS env var on my local machine, but do not set this on the Google Cloud Run service because it's supposedly automatic since I've associated the Service Account. This assumption seems true because I can call GoogleAuth functions and get back the expected service account name.
However, once I try to run it in Cloud Run, it throws the error:
Error: Service accounts cannot invite attendees without Domain-Wide Delegation of Authority.
At first I thought this was an issue with default credentials somehow loading the wrong service account.
I added logging directly before the event is called to see what account it is using:
const auth = new googleClient.auth.GoogleAuth({
clientOptions: {
subject: eventOwner
},
scopes: calendarScopes,
})
const serviceAcctName = (await auth.getCredentials())?.client_email
googleClient.options({
auth: auth
})
logger.info(`${serviceAcctName} acting as ${eventOwner}, using calendar ${calendarId}`)
const calendar = googleClient.calendar('v3')
const response = await calendar.events.insert(event)
The log output is exactly as expected, with the correct service account acting as the correct user on the correct calendar id.
I've double-checked that the account has domain-wide delegation of authority and the proper scopes, and it works fine on my local machine, so the only thing I can think of is something about the library's feature of grabbing default credentials in a Google environment is overwriting my googleClient.options() call. But I'm still confused because GoogleAuth functions still give the expected service account info when it grabs the 'default'.
I have integrated swagger in node and it is accessible on http://localhost:3002/api-docs. But the swagger ui is publicly accessible. I want to add authentication/security to access this route. When user hits http://localhost:3002/api-docs, it should show popup/prompt to enter username/password. If username and password is correct then only user should able to see swagger UI.
Possibly like as seen in below screenshot
I am using swagger-ui-express, and this is my code that I m using
import swaggerUi from 'swagger-ui-express';
import * as swaggerDocument from './swagger.json'
....
....
app.use("/api-docs",swaggerUi.serve,swaggerUi.setup(swaggerDocument));
I searched on the internet but didn't got any solution. I found one solution but that is in spring.
Thanks in advance !!
You can plug in a basic-auth middleware (e.g. https://github.com/LionC/express-basic-auth) to protect the swagger-ui route. If you use express-basic-auth, make sure to set the challenge option in order to force the browser to open a prompt:
const basicAuth = require('express-basic-auth');
app.use("/api-docs",basicAuth({
users: {'yourUser': 'yourPassword'},
challenge: true,
}), swaggerUi.serve, swaggerUi.setup(swaggerDocument));
I want to authenticate to Odoo from an express application using token. I am using odoo-xmlrpc node module to connect Odoo with
my express app. Odoo requires users of the API to be authenticated before they can use any other API. And this node module provides this function
const odoo = new Odoo({
url: config.odooUrl,//odoo url
db: config.odooDB,//odoo db path
username: "john#gmail.com",
password: "john_pass123"
});
odoo.connect(function(err, uid) {
if (err) {
errors.auth = "invalid cridentials";
return res.status(400).send(errors);
}
//execute something from/to odoo server
})
The problem is, I have to enter the user's credentials every time I want to execute an Odoo command. And if I store the user's password it would be stored as a plain text.
My question is, is their token-based authentication to Odoo that can be used through API. Or any other alternative solution to my problem
Currently in Odoo unfortunatelly there is no good solution to this. There is work in progress for support for api token access and 2-factor authentication in this pull request: https://github.com/odoo/odoo/pull/33928.
There are also multiple Odoo rest api modules in app store that support token authentication. You can find these with seach ”rest api” or ”token”. To me none of these have been perfect for my use-cases. I look forward to get native support for this in Odoo Community.
For a work-related app I use Firebase authentication with Microsoft. In this case, however, it is important that only people from my company (we use Office 365) can sign into this application. I have everything set-up and working in a non-firebase context. But when I use Firebase for authentication, it seems to always point to the /common/ endpoint. This causes problem with my single-tenant-application. If I set the application to accept all tenants, the app works again. But obviously, now everyone can log into my application.
The pop-up is called with a rather conventional:
const provider = new auth.OAuthProvider("microsoft.com");
provider.setCustomParameters({
tenant: "[tenantName].com"
});
auth()
.signInWithPopup(provider)
.then(result => {
But I can't find any instructions on changing the oauth endpoint to use the single tenant endpoint.
How would I go about doing this?
But I can't find any instructions on changing the oauth endpoint to
use the single tenant endpoint.
We can not change the oauth endpoint, even though we add the tenant information to customParameters. The endpoint always use common as the value of tenant. This is the default design.
If we enable Microsoft as a sign-in provider, users using Microsoft accounts (Azure Active Directory and personal Microsoft accounts) can sign in.
Turns out the above is not exactly true. I've switched to signing in with a redirect, and now it (mysteriously) works.
const provider = new auth.OAuthProvider("microsoft.com");
provider.setCustomParameters({
tenant: "[tenant].com"
});
auth().signInWithRedirect(provider);
I have tested this. The tenant is named in the redirect, and people from other tenants cannot log in.