API authenticate to odoo with token - javascript

I want to authenticate to Odoo from an express application using token. I am using odoo-xmlrpc node module to connect Odoo with
my express app. Odoo requires users of the API to be authenticated before they can use any other API. And this node module provides this function
const odoo = new Odoo({
url: config.odooUrl,//odoo url
db: config.odooDB,//odoo db path
username: "john#gmail.com",
password: "john_pass123"
});
odoo.connect(function(err, uid) {
if (err) {
errors.auth = "invalid cridentials";
return res.status(400).send(errors);
}
//execute something from/to odoo server
})
The problem is, I have to enter the user's credentials every time I want to execute an Odoo command. And if I store the user's password it would be stored as a plain text.
My question is, is their token-based authentication to Odoo that can be used through API. Or any other alternative solution to my problem

Currently in Odoo unfortunatelly there is no good solution to this. There is work in progress for support for api token access and 2-factor authentication in this pull request: https://github.com/odoo/odoo/pull/33928.
There are also multiple Odoo rest api modules in app store that support token authentication. You can find these with seach ”rest api” or ”token”. To me none of these have been perfect for my use-cases. I look forward to get native support for this in Odoo Community.

Related

Storing API Keys in react-native app with expo library

I have a question, please, if possible explain in simple terms. Im new to react native, what's the best way to store API keys in a secure way where they can't reverse engineer it and get the keys right away. Can I just retrieve it from the server side using a restapi to get the apikey only if user is signed in? I'm trying to upload pictures to aws storage, but I want to store the APIKey somewhere where it's difficult to retrieve at least by hackers. Also, is there a way to send images trough the server express.js(from react native to express app) how can I do it, so I can upload it to aws storage or even if it is possible on mongodb instead of aws storage.
For example:
const express = require("express");
const requireAuth = require("../middlewares/requireAuth");
const router = express.Router();
router.use(requireAuth); //make sure they are signed in
/**
* * GET: Api key for the amazon s3 bucket storage
*/
router.get("/apikey/amazonstorage", (req, res) => {
const APIKEY = process.env.APIKEY;
if (APIKEY) {
res.status(200).send(APIKEY);
} else {
res.status(502).send(null);
}
});
Thank you in advance
In general, the safest way to handle API secret keys is to store them on your backend server and have the server make those requests to the third party APIs for the client (and send the results back to the client if necessary).
From the React Native docs:
If you must have an API key or a secret to access some resource from your app, the most secure way to handle this would be to build an orchestration layer between your app and the resource. This could be a serverless function (e.g. using AWS Lambda or Google Cloud Functions) which can forward the request with the required API key or secret. Secrets in server side code cannot be accessed by the API consumers the same way secrets in your app code can.

Microsoft single tenant authentication with Firebase

For a work-related app I use Firebase authentication with Microsoft. In this case, however, it is important that only people from my company (we use Office 365) can sign into this application. I have everything set-up and working in a non-firebase context. But when I use Firebase for authentication, it seems to always point to the /common/ endpoint. This causes problem with my single-tenant-application. If I set the application to accept all tenants, the app works again. But obviously, now everyone can log into my application.
The pop-up is called with a rather conventional:
const provider = new auth.OAuthProvider("microsoft.com");
provider.setCustomParameters({
tenant: "[tenantName].com"
});
auth()
.signInWithPopup(provider)
.then(result => {
But I can't find any instructions on changing the oauth endpoint to use the single tenant endpoint.
How would I go about doing this?
But I can't find any instructions on changing the oauth endpoint to
use the single tenant endpoint.
We can not change the oauth endpoint, even though we add the tenant information to customParameters. The endpoint always use common as the value of tenant. This is the default design.
If we enable Microsoft as a sign-in provider, users using Microsoft accounts (Azure Active Directory and personal Microsoft accounts) can sign in.
Turns out the above is not exactly true. I've switched to signing in with a redirect, and now it (mysteriously) works.
const provider = new auth.OAuthProvider("microsoft.com");
provider.setCustomParameters({
tenant: "[tenant].com"
});
auth().signInWithRedirect(provider);
I have tested this. The tenant is named in the redirect, and people from other tenants cannot log in.

Sending an email using Azure SDK

I use azure-graph in my Node.js project:
const MsRest = require('ms-rest-azure');
const credentials = await MsRest.loginWithServicePrincipalSecret(keys.appId, keys.pass, keys.tenantId, { tokenAudience: 'graph' });
const GraphkManagementClient = require('azure-graph');
const client = new GraphkManagementClient(credentials, subscriptionId);
return client.users.get(principalID);
I want to use the Azure SDK also to send emails.
I know how to do that in low level using the API directly:
But I want to do it via the SDK like the rest of my project.
My problem is, I have not found any method for sending an email in the docs: azure-graph package. I need a method that allows me (with the proper privileges of course) to send email as any user in the organization.
You can use the Graph JavaScript SDK which is a wrapper around the Microsoft Graph API that can be used server-side and in the browser to send mails to users. Please refer to Graph Javascript SDK to learn more about the same. Also, refer to nodejs-connect-sample to use Microsoft Graph API and the Graph JavaScript SDK to send an email.

How to get user info using Office-js-helper's Authentication?

I am working on Excel Web Add-In. I am using OfficeDev/office-js-helpers library for authenticating user. Following code is working fine. But I don't know how to get user's email, user name etc.
Is there any function available in OfficeDev/office-js-helpers through which I can get user info ?
if (OfficeHelpers.Authenticator.isAuthDialog()) {
return;
}
var authenticator = new OfficeHelpers.Authenticator();
// register Microsoft (Azure AD 2.0 Converged auth) endpoint using
authenticator.endpoints.registerMicrosoftAuth('clientID');
// for the default Microsoft endpoint
authenticator
.authenticate(OfficeHelpers.DefaultEndpoints.Microsoft)
.then(function (token) {
/* My code after authentication and here I need user's info */ })
.catch(OfficeHelpers.Utilities.log);
Code sample will be much helpful.
This code only provides you the token for the user. In order to obtain information about the user, you'll need to make calls into Microsoft Graph API. You can find a full set of documentation on that site.
If you're only authenticating in order to get profile information, I'd recommend looking at Enable single sign-on for Office Add-ins (preview). This is a much cleaner method of obtaining an access token for a user. It is still in preview at the moment so it's feasibility will depend on where you're planning to deploy your add-in.
Once you have the Microsoft token, you can send a request to https://graph.microsoft.com/v1.0/me/ to get user information. This request must have an authorization header containing the token you got previously.
Here is an example using axios :
const config = { 'Authorization': `Bearer ${token.access_token}` };
axios.get(`https://graph.microsoft.com/v1.0/me/`, {
headers: config
}).then((data)=> {
console.log(data); // data contains user information
};

Google Analytics API access with a service account

Can I access Google Analytics data using a service account in a client-side application? If not, are there other ways of achieving the same outcome?
Must be entirely client-side, and must not require users to authenticate (hence the desire to use a service account).
Yes you can in https://code.google.com/apis/console make sure you say that its a Service account it will give you a key file to download. With that you dont need a user to click ok to give you access.
For a service acccount to work you need to have a key file. Anyone that has access to that key file will then be able to access your Analytics data. Javascript is client sided which means you will need to send the key file. See the Problem? You are handing everyone access to your account. Even if you could get a service account to work using javascript for security reasons its probably not a very good idea.
You can use the official (and alpha) Google API for Node.js to generate the token. It's helpful if you have a service account.
On the server:
npm install -S googleapis
ES6:
import google from 'googleapis'
import googleServiceAccountKey from '/path/to/private/google-service-account-private-key.json' // see docs on how to generate a service account
const googleJWTClient = new google.auth.JWT(
googleServiceAccountKey.client_email,
null,
googleServiceAccountKey.private_key,
['https://www.googleapis.com/auth/analytics.readonly'], // You may need to specify scopes other than analytics
null,
)
googleJWTClient.authorize((error, access_token) => {
if (error) {
return console.error("Couldn't get access token", e)
}
// ... access_token ready to use to fetch data and return to client
// even serve access_token back to client for use in `gapi.analytics.auth.authorize`
})
If you went the "pass the access_token back to client" route:
gapi.analytics.auth.authorize({
'serverAuth': {
access_token // received from server, through Ajax request
}
})

Categories