implement Auth0 into chrome extension with one time use tokens - javascript

I'm making a chrome extension where I want to create a security method for my chrome extension to stop it from getting shared without me in the process
I have an idea to generate a token somewhere (usually some backend, maybe server of the website that gets user registrations/payments my website which I am building with worpress), send token via email, get email+token in extension, make a request to the webserver to verify that they're valid. This seems like a typical auth flow except the password is now the token, which is generated instead of the set by the user. In other news, I have more ideas (Extension-side prng with shared seed, can check to see if the token is within X generations for eg.)
I want to be able to sell tokens on my website which only allow one user to prevent the token from being shared.
I tried to setup the Auth0 for the chrome extension but I keep getting errors and the process doesn't lead to how I would want to be done.
youtu.be/D0M1wid1L3Q?t=353
youtu.be/D0M1wid1L3Q?t=418
is a great example of what I want to be able to do. Can anyone help me doing this? I am building my website in wordpress not hard coding it so I'm not sure on How to do this exactly
If anyone can point me in a direction of what I am supposed to do or maybe provide some code that could help me?
I tried to
npm install auth
and put that in my manifest.json bit it doesn't work and it seems as if it doesn't do what I want.
I have found this url which might get me heading in the right direction:
https://auth0.com/docs/api-auth/tutorials/authorization-code-grant
I really appreciate the help.

Related

How can I get attachment content from an Outlook mail in a Node.js Outlook add-in?

First of all, being a student, I lack some experience to understand everything about what I tried and what I try. But still, I feel like I've tried pretty much every solution available on the net.
I'm developing a Yeoman based Outlook add-in (full javascript with Node.js) for my company, and I came to the point where I need to get the attachments from a mail, not just the informations like size, file type or name of the attachments, I need the full content, in base64 if possible (in order to produce a .eml file containing the mail body and attached files).
I've found multiple ways to do so, problem is none of them work :
first I tried with the messy microsoft documentation, and the first solution that I found is this one : https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/get-attachments-of-an-outlook-item, problem is that with this solution I need to make use of c#, but my add-in is full js, and I need to find a solution that works with JS and Node.js
then I looked for a solution that allows me to communicate a way or another with the Exchange Server to get the attachments content, and I found this : https://github.com/gautamsi/ews-javascript-api, but this was not working with browser oriented add-in (and I need my add-in to work on both client and browsers), so I made use of this : https://github.com/gautamsi/ews-js-api-browser. I found some code samples in the first link and here : Save outlook Email attachment using ews-javascript-api npm in node JS that helped me build something (using the second link's example's syntax on the third link's sample code) that was supposed to work, but coming to the point where I'm trying to get the attachments from the mail, I get a lot of informations from the attachment, but anything related to it's content is null, and the next step where I "Load" the file returns an error 500 from the "service" with "the document is empty", and I still don't know why yet.
finally, I tried to take a step back, looking on google for office api and how to get attachment content, and I've found this link : https://blog.mastykarz.nl/office-365-unified-api-mail/ that almost looked to good to be true, and I was right : according to microsoft doc, I need a token in order to make work the office 365 api url, token given by Azure AD when an administrator authorizes you to obtain it (or so do I think, this is the part where the microsoft doc is the messier). Problem is, while connecting on Azure AD, I get an error displaying on the screen from the website (absolutely no details about the error), and some places that I need to access in order to get my token just wont work, displaying another error message without any details or just never loading.
I've reduced as much as possible the size of my question, not wanting to drown you under informations, sample codes, links and pics so, sorry if it may look both too long and too poor in details.
Thank you for your time, feel free to give any solution, suggestion or advice that come to your mind !
doing the same thing, solution I found:
Get exchangeToken in client (Office.context.mailbox.getCallbackTokenAsync())
Send token, attachmentsIds, emailID to server (C# in my case, nodejs in your case)
Use EWS Managed API 2.0 or in your case ews-javascript-api to handle loading email mimecontent (contains email + attachments) or attachment mimecontent.
Upload file to another service or do whatever you want with it.
Before I switched to C# for serverside I was using a nodejs one for testing, so if you have questions feel free to ask.

Is there a way to mimic browser flow SSO authentication in a asynchronous JavaScript function?

I'm working on a problem at the moment in which I need to authenticate a user of a desktop application with a oauth solution.
I know I could implement a solution where I redirect a browser on the authentication server, ask for creds then redirect to the resource to pull the data.
But, if I didn't want to actually use an external browser, is it possible to mimic the browser flow using just JS? In other words could I handle the redirects within JavaScript to finally achieve the token and next the data.
I haven't started the project just yet so this is kind of a feeling out question to see if the above is possible.
Just a small bit of info about the application. It's an Electron application. I have seen some examples for electron online but theses all use the external browser to achieve this.
I'm totally new to this type of work so any pointers in the right direction or help would be great.
And as I'm new to this type of work, apologies if it is a dumb question
Thanks for any help

Is it possible to scrape a website with a login using purely javascript - on client side

I've managed to scrape websites that require no login using js only and a little help from websites that allow me to pass the CORS issues(like allorigins), but I just couldn't manage to get pass through the login problem.
I've seen many posts discussing of doing it using node.js and python beautifulsoup, but none on how to do it with javascript.
So how do I go about it?
Is it even possible doing it purely on client-side?
I'm willing to do all the learning and searching needed, but I need some direction in this vast subject.
Assuming you meant using in-browser JavaScript, how did you get around CORS? And if you did, then once the page refreshed after a successful login you code would stop running anyway unless you were a browser extension.
If you mean on your computer, then Node is what you're looking for, but unless you use a project like Headless Chrome then you'll run into the issue of saving the cookies between requests which is what keeps track of your session and actually keeps you logged in.
Login requires a direct interaction with your browser, like saving a cookie, returning a security token etc.
If you use JavaScript from a html page, it would theoretically require to visit the other page, at least inside a iFrame. There is a limit of how much you can do with javascript inside a iFrame.
With other words you try to imitate something like Selenium. Give it a try. It works with Java. You can control you browser, telling what to do, like a real user, and fetch the results, make even screenshots.

Incorporate LinkedIn to a webpage

I'm trying to create a webpage that can incorporate LinkedIn info's (profile,people,company, etc...).
The things that it can/would do are the following:
When the user enters a name that is registered in LinkedIn, he gets the following
*Name, Company, Email
*List of LinkedIn messages that are waiting for reply
The same process goes on everytime the user adds a profile, I'm planning to use the Profile API of LinkedIn to get the Name, Company and Email but I can't find a working example to be my basis.
As for the 2nd one I still don't know how to get the LinkedIn messages.
Here's my Layout and expected result.
How can I achieved this? Opinions and Suggestions are highly appreciated tnx
This is far to broad a question for me to invest the necessary time in to figure the answers (multiple) for you, but do let me give you some hints. First of all, from my experience with the linkedin API not all the data you wish to access is available (do double check this though, I used the API quite awhile back and stuff might have changed in the meantime). As this data is not available through the API the only alternative would be to somehow bypass the cross domain policy, which in conclusion would require the user to install a chrome extension/firefox plugin which will function as a proxy for your application or even 'better', make you entire application a browser plugin based web app. Not that I am a fan of those whatsoever but if you application is meant in any way whatsoever as a linkedin (dedicated) plugin (probably as part of a greater service you're developing) then it might make most sense.
The whole system you are describing is very long winded and requires a large amount of development time. Alot of the data is not accessible directly or indirectly too. You cannot get email address's out from the API as a security feature (bots could just harvest emails for marketing campaigns).
First of all, you will need to make an application that allows for oAuth2 connections with the linkedin API service. People will log onto your website, click to join their linkedin account with your website and your website will receive back an access token to do the calls.
You will then need to build the queries which will access the data you require. The linkedin API documentation (http://developer.linkedin.com/) isn't greatly indepth but it gives you a good understand and points you where you need to go. There are also a couple of pre-done php API's around such as https://code.google.com/p/simple-linkedinphp/.
I have worked with many API's from twitters, facebooks and LinkedIn's and they all require a lot of back-end work to make sure that they are secure and get the correct data.
It would take me hours to go through exactly how to do it and has taken me many hours to get a solid implementation in place and working with all the different calls available.
If you have minimal coding knowledge, it would be best to go to an external company with a large amount of resources and knowledge in the field who can do it for you. Otherwise it may take many months to get a working prototype.

Sails.js: Route Experiencing 'Too Many Requests' Error In Chrome

So I'm working with the new node MVC framework Sails.js (https://github.com/balderdashy/sails) and I'm getting a weird error I've never had before. I'm trying to implement the example passport.js authentication strategy (https://gist.github.com/theangryangel/5060446) Sails.js includes in the documentation, but when I try to access my homepage (http://localhost:1337/) while not logged in I get routed to http://localhost:1337/login but it doesn't load and chrome gives me this error:
This webpage has a redirect loop
The webpage at http://localhost:1337/login has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Here are some suggestions:
Reload this webpage later.
Learn more about this problem.
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
Does anyone know what's going on?
looks like that message is coming from Passport. Hop in the IRC (#sailsjs) if you want and we can take a look. In the mean time, #robertklep's suggestion seems like a strong possibility to me.

Categories