I am creating chrome app, I would like my users to login or create a user when they first enter the application.
The goal:
Maintaining login state on chrome packed app.
The problem:
Cookies - Chrome packed app have no cookie API, meaning that "document.domain" exists,
But you can't set cookies, at least not using http request.
Extension- There is not access to browser extensions (for a non-sandbox pages)
Couldn't think on other solution, Any idea?
You could store the session id in the application storage via chrome.storage.local.set chrome.storage.local.get methods.
Related
I hope you are doing well!
We are working on a project that consists of 3 projects/websites. It's basically something like a Management Platform for the resources, a Platform to display information and updates, and a Platform to manage both those platforms. (Something like Office365 and PowerPoint, Word, Excel where Office365 is the main application between them).
In our project, we want to integrate a navigation drawer in which the user can navigate to the different application from our 3 websites without having to re-login. In this case it would be easy. However, would there be a way that if the user access the other website from the browser (ex:"www.exameplwebsite.website2.com") we login the user directly if he was already logged in to a previous application from ours?
We thought about local storage however the local storage and cookies accessible depend on the domain we are accessing.
Is there a way to make this happen? Or would using a navigation drawer the only way possible?
(For context we will be using ReactJS)
I think it wouldn't be that hard with JSON Web Token (JWT) for authentication. When you redirect the user from one site to the other do it with a post request and include a JWT token in it. The new site can capture that token and send the token to the browser and the browser can catch it and saves it into its own localstorage.
I can think of two solutions ->
Use micro frontends (Recommended)
If all three apps have different domain names (app1.com, app2.com, app3.com) then you're right you cannot share any token using cookies and local storage.
Here, You can take the login/signup pages and the navigation drawer into one parent app and load all your other apps using micro frontends.
Use SSO
SAML and OIDC are made for this specific purpose but this is a very complex topic. Basically, your users will need to log in once(at someplace like google or OneLogin or your own identity server)
Am trying to make an app that runs both online and offline but i want my user to be authenticated or to be logged in once. So after the initial login i want them not to be able to see the login form again, i want to show them a new part of the app. They should be only to see the login form only when they decide to logout. My problem is that it would have been easier for me to do this if they are always online but they might be offline too so i just need them to login once and next time they boot up the app they wont see the login form again rather they would see something else.
There is no authentication offline. Authentication is made so that the server-side makes sure it is used by a given identity because you can never trust the client-side. If there is no server-side, there is no authentication process.
If you just want to let the user use your application, even though he is online, why don't you store a local copy of the user profile within the local storage after a successful authentication? (with only non critical data of course).
This way, your application can rely on its memory to fetch the user profile and not the server while it is offline.
You could save an kind of "userIsAuthenticated"-Flag to local storage (see https://facebook.github.io/react-native/docs/asyncstorage.html).
Based on this flag you could decide which screen the user see on startup.
But be aware, it could drive your Users crazy, if they have allways to relogin, if the network-connection (maybe cause of bad 3g/4g) was Interrupted.
You also give a notice if a user is offline, that they have to be online to use this app.
BTW: To request if a user has Network-Connection you can use: http://facebook.github.io/react-native/releases/0.48/docs/netinfo.html#netinfo.
Don't forget to set permissions in AndroidManifest.xml to be allowed to use the request.
We have a native Android app where we are using the the latest version of the Cognito SDK to authenticate the user.
The problem we have is that the Android app uses a Web view and in this web view we will need to fetch the current cognitoUser with its authenticated session.
We are using the latest Cognito javascript sdk in the web view.
How do we share the auth between 2 clients that uses the same user pool?
Update 04/10-2017
I managed to bypass this by sending everything Cognito related i had in my local storage as query string parameters. Then "in" the webview i saved the settings to that local storage.
It is not right but it works ;)
I believe this is not possible. The web-view has its own storage that is not shared with the device storage.
So the user context - users tokens, login state etc - is not shared between the webview and the Android SDK on the device
I have now been in contact with persons that are experienced working with Cognito.
The judgment was that we can bypass this by sending all Cognito related values as query parameters to the application behind the web view.
The application in handling the web view will then take all those values and save them to local storage.
Problems I had:
I found out that if you have multiple Clients you will have to pass the clientId of the application behind the web view.
I am making a chrome extension for my Meteor app. Is it possible for the chrome extension to check if a user has logged in the Meteor app?
I was thinking to send Meteor.user() data from Meteor app to chrome extension whenever a user tries to login and logout. But I am not sure if that's the right way to do it.
What is the best practice for this?
Updated
If your Meteor app stores login info in a cookie, you could detect if a user has logged in by checking the cookies for your Meteor app url.
Take a look at chrome.cookies and Document.cookie, you could either use chrome.cookies in background page or just use document.cookie in content scripts.
Previous
If you mean there are two ways to login your Meteor app, one is from normal web page and the other is chrome extension. Then I think you could check the login source by the analyse the http request.
You could check origin of the http request, if the request is sent from extension background, the origin would look like chrome-extension://xxxxx. Or you could send extra info as a flag when sending login info.
You won't have access to your app's objects from a Chrome extension but you will have access to the DOM. What I suggest you do is include a DOM element (even a hidden one) that indicates whether or not a user is logged in and have your extension look for that.
I'm working on a Python project on AppEngine and I just set up authentication via the app.yaml file (through specifying the option login:admin). The goal of this was to restrict a particular function of the app to only the specified app administrators. However, the persistent SACSID cookie that AppEngine sets upon authentication does not expire when the application admin logs out of his Google account.
Complicating things further, whenever I try to look at document.cookie, it comes up as "", witohut the SACSID cookie's information. How can I delete this cookie/how can I even access it?