Window Active Directory React JS Auto Authentication - javascript

I am trying to get it so that when the user on the local network opens up the webpage it will log them in with their active directory username and password through a react js system with a C# API back-end. would react just say someone has connected on load and then send a message to the web api telling it to pull the user and authenticated it pushing that to the webpage for me to use as the login details.

You can achieve by using common authentication/authorization protocol OAuth 2, which is commonly used.
for example google have different product like gmail, drive, doc etc which is hosted in different domain. But when you login in any of this domain, you don't require to login again in any of its product. it use Signle Sign on concept

Related

How to allow multiple login from one platform

I hope you are doing well!
We are working on a project that consists of 3 projects/websites. It's basically something like a Management Platform for the resources, a Platform to display information and updates, and a Platform to manage both those platforms. (Something like Office365 and PowerPoint, Word, Excel where Office365 is the main application between them).
In our project, we want to integrate a navigation drawer in which the user can navigate to the different application from our 3 websites without having to re-login. In this case it would be easy. However, would there be a way that if the user access the other website from the browser (ex:"www.exameplwebsite.website2.com") we login the user directly if he was already logged in to a previous application from ours?
We thought about local storage however the local storage and cookies accessible depend on the domain we are accessing.
Is there a way to make this happen? Or would using a navigation drawer the only way possible?
(For context we will be using ReactJS)
I think it wouldn't be that hard with JSON Web Token (JWT) for authentication. When you redirect the user from one site to the other do it with a post request and include a JWT token in it. The new site can capture that token and send the token to the browser and the browser can catch it and saves it into its own localstorage.
I can think of two solutions ->
Use micro frontends (Recommended)
If all three apps have different domain names (app1.com, app2.com, app3.com) then you're right you cannot share any token using cookies and local storage.
Here, You can take the login/signup pages and the navigation drawer into one parent app and load all your other apps using micro frontends.
Use SSO
SAML and OIDC are made for this specific purpose but this is a very complex topic. Basically, your users will need to log in once(at someplace like google or OneLogin or your own identity server)

Dropbox redirect URI does not redirect for login, instead returns code of last user

I am using Dropbox Code API version 2 from NodeJS application. I am using OAuth 2.0 with code grant approach. It seems to behave randomly. The use case is as follows:
My server generates a redirect uri and sends to my client.
User clicks on redirect uri from client.
Application redirects to Dropbox URI. (User has already linked my app to their Dropbox. My app has full Dropbox permission.)
Dropbox asks to sign in with google or email. I used gmail.
Dropbox calls the registered callback with the code. I use the code to retrieve bearer token.
Problem: now i try to register another user and require a different code from Dropbox. The problem occurs in step 3. After
user clicks on step 3, Dropbox does not show the sign-in with
google or email page, instead, calls back application with the
same code as for user 1.
I'm using the same machine for testing this scenario and two different gmail addresses. My server runs on localhost. It was working before but stopped working without any intentional changes from me. I have tried debugging but I am not sure why this is happening, trying restarting client, server, even restarted my computer. But it doesn't show me the sign-in with google or email page.
My question is how does Dropbox know that it should show the sign-in page when the redirect link is clicked. I generated the redirect link using core API functions.
Maybe there is an error in my workflow, I am new to web development and have tried everything I know, any insight would be greatly appreciated.
Thanks!

Node-Webkit: What authentication method should I use to authenticate user from google account

I am creating an application with node-webkit
In my index.html I have provided an option to user to login with google account
Problem
What redirect URI will I give while making client secret?
As you can see the NS js application runs directly from there location which means that that URL is always different.

Using Dropbox API with Node.js

Im working on an web application using the MEAN Framework, within that app I want to give the users the ability to upload files.
Now heres the main thing:
All users uploaded files should be uploaded to a SINGLE dropbox account (my account)
They will only upload files of with the max size of 20MB (I've already built the functionality to check the file size before upload)
What I've done:
Ive gone to a Dropbox developers and I have setup my app. And now I have access to my appKey, appSecret and also a Access Token
My questions:
Is it possible for me to connect a single dropbox account (my
account) to my app and give users in my app access to upload/download files from the dropbox but by using my apps interface?
As I already have the access token would I or every user in my app still need to go through
the OAUTH process?
Can I just send my Access Token with each request to Dropbox api every
time a user uploads a file through a specific form on my app?
If you can provide an example or a link that would be very helpful.
UPDATE:
I generated my token using the following button on the dropbox developers console:
Assumption: it is supposed the user of your apps are "legit" and that they won't do anything of your dropbox files that should concern you.
Yes, it is. You can configure your app to be the consumer of your dropbox; of course, your app will also have to make sure the users of the app are legit (check them with user/password login and so on) --note: consequences can be that any unauthorised person able to use your app can delete permanently all your files (or do anything as bad as possible according to the privileges)
The access token is part of OAuth, so I am not sure what you mean when you say "process". I will interprete your question as "how do I refresh my token?". Simply, before every call to dropbox API by your app, you check the expiration of your access token: if it is still valid you just perform the call, otherwise you request a new token. You do not need a Refresh token in this case: the OAuth mechanism (or 'grant flow' as per OAuth jargon, or 'process' to use your word) you are using is called "client credentials grant flow"
See above 2)
Some links for you: Here some overview of the grant flows.
Here a schema of that grant flow (note: MS uses another component called "ActiveDirectory" to grant permission; in your case, both "Azure AD" and "Resource API" are just "the dropbox server")

How to use HTTP POST request with the accounts-ui package in Meteor for a simple third party login

I am trying to create a web app using meteor. I am hoping to use the app on my college campus and I wanted to use the college's authentication service so students could login with their college email address and password. I need to query (with HTTP POST request) https://www.bowdoin.edu/apps/mobile/login.php to get a 0 indicating incorrect user info, or anything else to indicate the user can successful log in. I would like to use the meteor accounts-ui styling and login format and simply authenticate using the POST request. I also want to keep the functionality that allows users to have an id associated with their email address so any user content in the app will stay associated with that user when they log in again. I would like this to be implemented in a way that uses as much code from the accounts-base and accounts-password packages meteor has. The only unique login feature in this case is a post request compared to the Oauth typical of other services.
If you want to use Meteor's built in Accounts package, I think your college's authentication service needs to support OAuth. Per http://docs.meteor.com/#meteor_loginwithexternalservice:
Meteor.loginWithExternalService([options], [callback])
These functions initiate the login process with an external service (eg:
Facebook, Google, etc), using OAuth. When called they open a new
pop-up window that loads the provider's login page. Once the user has
logged in with the provider, the pop-up window is closed and the
Meteor client logs in to the Meteor server with the information
provided by the external service.
See that section of the docs and try to build your own accounts-bowdoin package similar to the examples (accounts-github, etc.); see https://github.com/meteor/meteor/tree/d477c8d03bb078f7e8e85dbe4b51db7ae5689573/packages/github and https://github.com/meteor/meteor/tree/d477c8d03bb078f7e8e85dbe4b51db7ae5689573/packages/accounts-github for example.

Categories