I'm building a register system where a user can login with Facebook, Google, or locally.
Whenever I post via any login strategy I get uknown strategy error. I think I did connect all files all together.
I did check every solution, on stackoverflow, but can't find anything that could help aht the moment.
My code:
https://github.com/ExadelPraktika/Back-exabook/tree/backend_full
added
require('../passport');
in passport.js
it works
You will also get this error if the strategy is not passed to the use command like so:
passport.use("google", strategy);
Related
I have integrated swagger in node and it is accessible on http://localhost:3002/api-docs. But the swagger ui is publicly accessible. I want to add authentication/security to access this route. When user hits http://localhost:3002/api-docs, it should show popup/prompt to enter username/password. If username and password is correct then only user should able to see swagger UI.
Possibly like as seen in below screenshot
I am using swagger-ui-express, and this is my code that I m using
import swaggerUi from 'swagger-ui-express';
import * as swaggerDocument from './swagger.json'
....
....
app.use("/api-docs",swaggerUi.serve,swaggerUi.setup(swaggerDocument));
I searched on the internet but didn't got any solution. I found one solution but that is in spring.
Thanks in advance !!
You can plug in a basic-auth middleware (e.g. https://github.com/LionC/express-basic-auth) to protect the swagger-ui route. If you use express-basic-auth, make sure to set the challenge option in order to force the browser to open a prompt:
const basicAuth = require('express-basic-auth');
app.use("/api-docs",basicAuth({
users: {'yourUser': 'yourPassword'},
challenge: true,
}), swaggerUi.serve, swaggerUi.setup(swaggerDocument));
EDIT : tried the authorized domain and it seems to be what i need, i'll try to go deeper with André's answer :)
Thank you !
Hi,
I'm new to firebase and i just finished a project but i had a question:
Since the doc says i have to put my api keys and else in the javascript, they are visible to anyone even if put into process.env
i've read here : Is it safe to expose Firebase apiKey to the public?
that making the api key public is normal and not a big deal.
I'm using the email/password auth and i'm scared
If someone takes my :
API_KEY_FIREBASE
AUTH_DOMAIN
DB_URL
PROJECT_ID
that are in the source code and use the createAccount function, is he gonna be able to create an account ?
Is yes, is there a way to disable this ?
I want to be able to create account only through the firebase console
I'm not using firebase database for my data, i only use it for auth so i don't have to create a user table in my database, but i use the IDTokens they provide to secure some routes on express.
thank you ! :)
Someone can only create an account when you have that option enabled in your firebase console. So If you have it disabled there is no problem.
You can look here in the "before you begin" section for how to enable/disable Email/password sign-in method.
I'm trying to delete a comment using a Graph API call.
https://graph.facebook.com/[comment-id]?access_token=[access-token]&method=delete
However, in terms of access-token, I'm not sure which one to use? I have used my App's "User Access Token", "Page Access Token" and "App Token". It doesn't work for any of these.
[PS, my app has all permissions, and I have even submitted it for review]
I just wanted to know if it was even possible to delete a comment which was not posted by the application? (Because I see that Delete is only allowed for page access tokens).
So, please do let me know if it is possible to delete a comment from a user's posts. And if so, which access_token to provide.
The docs list all the neccessary Access Tokens and permissions:
https://developers.facebook.com/docs/graph-api/reference/v2.10/comment#deleting
I tried it with a user profile, it does not seem to be possible to post comments or delete them - no matter if was created by the App or manually:
Publishing comments through the API is only available for page access
tokens
For Pages, you need to use a Page Tokens with the neccessary permissions according to the docs.
It looks to me that you're doing an HTTP GET call and just putting &method=delete at the end. That's not how it works
You should do an HTTP DELETE call. So instead of doing something like $.get(...), you should do $.ajax with type: 'DELETE'
Also, make sure your token has publish_actions permission
So, I'm trying to integrate the Login and Pay with Amazon widget, and I'm encountering some problems.
So, I have my seller account all set up on
https://sellercentral.amazon.de/gp/
I have access to my API credentials, and I need to get a LWA client.
So, I have registered on
https://sellercentral.amazon.com/gp/homepage.htm
in order to create an application. I have set up the application, on web settings I have completed the required URL's, and got my client ID.
In the js for the Login and Pay with Amazon widget, I have replaced all the info needed: Client Id, merchant Id etc.
But when I try to make a test login, I receive the following error :
400 Bad Request Unknown client_id
The Pay With Amazon documentation is not very clear, and I can't seem to find anywhere a list with the error codes.
If anybody has an idea, let me know.
Thanks!
you should create your Login with Amazon application using https://sellercentral.amazon.de instead of the .com site. They are separate accounts.
It sounds like you're missing this piece of code:
window.onAmazonLoginReady = function() { amazon.Login.setClientId('CLIENT_ID'); }
i have a little problem with Meteor and Twitter.
All i want to do is posting a tweet through a click on a button. For this I have to authenticate myself over Oauth to the Twitterservice.
At the moment i am doing the authentification in a really complicated way springing from client to server and back. But now I found the function Meteor.loginWithTwitter. Originally I thought this function is only for logging you into your own application with the Twitterkeys, now i am not so sure anymore. Probably I can also use it for my problem. Because it seems that the Oauth-Process is completely (and in a simple way) implemented in Meteor.
Sadly i cann't find any documentation or examples for just logging in and getting the final oauth_token. And so all i got from Meteor back then i try the following code, is this errormessage:
Erromessage: Accounts.ConfigError {message: "Service not configured"}
Meteor.loginWithTwitter( function(err){
if (err){
console.log(err)
}else{
console.log("yeah");
}
});
I know i have to enter somewhere my Appinformation like the Consumer key, but i have no idea where. Can someone help me out and knows some examples for me? Or knows if i am even on the right track?
Thanks and greetings
Philipp
The easiest way of doing this: Add the accounts-ui package:
meteor add accounts-ui accounts-twitter
and in your template do
{{loginButtons}}
On the first start of the application, a click on the login button will guide you through the setup process. You will create a Twitter application and copy the consumer key and consumer secret into a form, that meteor presents you. Afterwards you can log in using Twitter.
Make sure to use the latest Meteor version (0.5.2 at this moment)
You can also config your consumer key and secret with code, this is an example with weibo but its work for twitter, google etc... (server side) :
// first, remove configuration entry in case service is already configured
Accounts.loginServiceConfiguration.remove({
service: "weibo"
});
Accounts.loginServiceConfiguration.insert({
service: "weibo",
clientId: "1292962797",
secret: "75a730b58f5691de5522789070c319bc"
});
You need to add what #Tom31 suggested in your server side, i.e., I have a /server/server.js
Accounts.loginServiceConfiguration.remove({"service": "twitter"});
Accounts.loginServiceConfiguration.insert({
"service": "twitter",
"consumerKey" : "<yours>",
"secret" : "<yours>"
});
Finally, your access token are stored in your user at the database but this information it is not propagated to the client and, if you want to have access to it, you new to create a server side method and access it through Meteor.call or Meteor.apply
Updated: Example of my server side method
I've created my server side method like this:
Meteor.methods({
...
userGet: function(id) {
return removeSensibleFields( Meteor.users.findOne({ _id: id }) );
}
...
});
where removeSensibleFields is a method to remove all unnecessary/private information that may not be sent back to the client