I'm trying to build a bridge between two applications, so I am trying to use the same session that I get from Rails to authenticate a user in Node. The two applications have access to the same memcache, so one application just writes to it and the other one reads from it. Basically, I am authenticating the app from another application and I need to create a user session with Passport, how can I do that?
Edit: Right now, I'm leaning towards just writing a new strategy.
I ended up writing a new strategy for passport that would check memcached and then finish the authentication process.
Related
I'm currently working on my friend's (who is a photographer) portfolio website using the following technologies:
Node.js
Express
MongoDB and Mongoose
ejs
I'm a beginning developer and have been struggling for a while now with authentication. I know how to use the passport package to create an administrator user, but since I don't want to implement a user system for a portfolio website, I'm not sure how I should go about making an admin.
The admin would be my friend, and he and only he should be able to see express routes meant for replacing pictures, uploading them, and in short just making post requests to the database. I know I should probably use some form of middleware like with the Passport package, but else than that I have no idea how to go about this.
Thanks in advance!
You can use HTTP Auth for this purpose, check this NPM Module
What happens is, you will define a custom username and password, and use the package as a middleware for your routes, now whenever a user visits the page, the browser will automatically show a popup asking for username and password. In this case, you will not need to implement a user system.
A similar question and answer is posted here
I have one app on abc.website.com that authenticates users using devise with Ruby on Rails. I have to setup a react app on def.website.com that only works if the user is logged in on abc.website.com (abc uses devise)
We have to add a link in the navbar of abc.website.com that redirects to def.website.com.
Any suggestions on what the best way to do this is?
I'm a total ruby noob but good with javascript.
thanks a lot
appreciate the help
Here is one of a solution : Token Based Authentication.
JWT also is a fine idea.
The rails app can also store a cookie (for example use the rails session cookie) in the clients cookie store. This gets sent to the rails app on every request by the react app and you can verify the identity of the user by reading this cookie.
There are very few adjustments needed for this approach (and they would also be required for JWT - which I don't want to badmouth, it is also a viable and good approach).
An upshot of this is that almost no data needs to be stored at the client. Only an ID that makes it easy for the rails backend to identify the user and achieve all needed informations.
On the other side, if you want to store all the data at client side this is also possible.
I would say there is no clear advantage of rails session over JWT or vice versa. But generally this is how it should be implemented: By giving the client the necessary information which then gets passed over to the backend again.
I've built an iOS/firestore app. I'm now looking to create a web app to integrate with my database. I was going through the documentation and found a distinction between firebase for Node.js (https://firebase.google.com/docs/web/setup) and firebase firebase admin SDK (https://firebase.google.com/docs/admin/setup).
I believe that I will want admin privileges and control over the web app but since I'm learning this for the first time should I focus on the basics of getting user auth, access to the database, storage and cloud functions working? Or will be changing/adding the admin privileges down the line be such a hassle that it's better to struggle through it now?
I'm still new to the web side of firebase and I'm trying to get a feel for the approach I should take.
If you're building a web interface for your app, I'd encourage you to use the Firebase JS SDK and do most of the work client-side. It should be pretty similar to what you've already done in iOS.
You should only use the Admin SDK if you're specifically trying to create endpoints with custom trusted functionality that isn't available by using the normal SDKs.
I want to be able to sign into multiple accounts at the same time (think of how gmail lets you swap between signed in accounts). Is this possible/supported using Cognito? (I only need to be able to use one at a time)
Further, is there a way that I can give the user a challenge when swapping to another account such as a pin code (dumbing down my use case here).
This whole managed user accounts thing is very different to more traditional apps given that the authentication is no longer done on my server side... except for the challenge. Is it possible to mix the server/non-server based cognito authentication like this?
I'm going serverless with lambda and typescript.
Some guidance on how I could achieve this would be much appreciated
Suppose you have 2 applications and if both of them are authenticated using the same userpool, then I don't see an issue in this. All you need to do is store the access id post authentication in the Application 1 and look its validity before allowing the same user to use Application 2, which in turn is using the same userpool.
I believe that you can achieve the challenge usecase by customizing the userpool workflow using the pre-authentication lambda.
Customizing User Pool Using Lambdas
I am creating web-app with react. It is my first JS project so I decided to ask for advice.
I do not know how to manage user session.
I am using axios.post to connect with server but I do not know how should my app behave after successful authorize. Now app just changes page to for example /myaccount.
Please tell me what should I use ensure that user cannot access /myaccount without login.