So I'm working with the new node MVC framework Sails.js (https://github.com/balderdashy/sails) and I'm getting a weird error I've never had before. I'm trying to implement the example passport.js authentication strategy (https://gist.github.com/theangryangel/5060446) Sails.js includes in the documentation, but when I try to access my homepage (http://localhost:1337/) while not logged in I get routed to http://localhost:1337/login but it doesn't load and chrome gives me this error:
This webpage has a redirect loop
The webpage at http://localhost:1337/login has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Here are some suggestions:
Reload this webpage later.
Learn more about this problem.
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
Does anyone know what's going on?
looks like that message is coming from Passport. Hop in the IRC (#sailsjs) if you want and we can take a look. In the mean time, #robertklep's suggestion seems like a strong possibility to me.
Related
I am currently working on a project whose backend I will be writing using Flask (cannot change that), and the frontend will be developed using React by someone else (cannot change that too). I am currently working on the login functionality and I have a few questions. I am really just beginning backend development, so please excuse me if I have some redundant questions or beginner-level questions.
I am curious as to how the login-system as a whole will be handled, not just in terms of actual login - but more so when it comes to restricting access from non-logged in users.
The tutorials and online courses I have taken on Flask have done one of 2 approaches.
The first approach was using Flask-Login to login a user and ensure that they are logged in as they navigate to different websites. This was pretty straightforward to understand and relatively easy to implement. However, (and please correct me if I'm wrong), this would require all the navigation and redirecting to be handled server-side. Therefore, we would not be utilizing React's ability to create single-page websites (instead relying on hyperlinks from each page to the next), which is far from ideal and something that we'd like to avoid if possible.
The second approach was using JWT tokens. Again correct me if I'm wrong, but we would only be able to check that the JWT token is correct if it is included in an HTTP request, which again makes creating single-page websites not feasible. Another issue with JWT is that the tokens expire fairly quickly (around 15 minutes as far as my research tells me), which is not suitable for our project because it would require users to be logged in for a longer duration. I have read about refreshing JWT tokens, but I would like to know more about the feasibility of such a process given the short expiration time (we would have to do a lot of refreshes).
My main question is:
How can we create single-page websites while preventing non-logged in users from accessing restricted pages?
But also please feel free to give me any feedback or concerns about what I have talked about.
Thank you in advance and sorry for the long post
Just use JWT, you can add the token to the header of the HTTP request and you can set the lifetime (JWT_EXPIRATION_DELTA) of the token - check this link https://pythonhosted.org/Flask-JWT
I'm working on a problem at the moment in which I need to authenticate a user of a desktop application with a oauth solution.
I know I could implement a solution where I redirect a browser on the authentication server, ask for creds then redirect to the resource to pull the data.
But, if I didn't want to actually use an external browser, is it possible to mimic the browser flow using just JS? In other words could I handle the redirects within JavaScript to finally achieve the token and next the data.
I haven't started the project just yet so this is kind of a feeling out question to see if the above is possible.
Just a small bit of info about the application. It's an Electron application. I have seen some examples for electron online but theses all use the external browser to achieve this.
I'm totally new to this type of work so any pointers in the right direction or help would be great.
And as I'm new to this type of work, apologies if it is a dumb question
Thanks for any help
I'm making a chrome extension where I want to create a security method for my chrome extension to stop it from getting shared without me in the process
I have an idea to generate a token somewhere (usually some backend, maybe server of the website that gets user registrations/payments my website which I am building with worpress), send token via email, get email+token in extension, make a request to the webserver to verify that they're valid. This seems like a typical auth flow except the password is now the token, which is generated instead of the set by the user. In other news, I have more ideas (Extension-side prng with shared seed, can check to see if the token is within X generations for eg.)
I want to be able to sell tokens on my website which only allow one user to prevent the token from being shared.
I tried to setup the Auth0 for the chrome extension but I keep getting errors and the process doesn't lead to how I would want to be done.
youtu.be/D0M1wid1L3Q?t=353
youtu.be/D0M1wid1L3Q?t=418
is a great example of what I want to be able to do. Can anyone help me doing this? I am building my website in wordpress not hard coding it so I'm not sure on How to do this exactly
If anyone can point me in a direction of what I am supposed to do or maybe provide some code that could help me?
I tried to
npm install auth
and put that in my manifest.json bit it doesn't work and it seems as if it doesn't do what I want.
I have found this url which might get me heading in the right direction:
https://auth0.com/docs/api-auth/tutorials/authorization-code-grant
I really appreciate the help.
I've managed to scrape websites that require no login using js only and a little help from websites that allow me to pass the CORS issues(like allorigins), but I just couldn't manage to get pass through the login problem.
I've seen many posts discussing of doing it using node.js and python beautifulsoup, but none on how to do it with javascript.
So how do I go about it?
Is it even possible doing it purely on client-side?
I'm willing to do all the learning and searching needed, but I need some direction in this vast subject.
Assuming you meant using in-browser JavaScript, how did you get around CORS? And if you did, then once the page refreshed after a successful login you code would stop running anyway unless you were a browser extension.
If you mean on your computer, then Node is what you're looking for, but unless you use a project like Headless Chrome then you'll run into the issue of saving the cookies between requests which is what keeps track of your session and actually keeps you logged in.
Login requires a direct interaction with your browser, like saving a cookie, returning a security token etc.
If you use JavaScript from a html page, it would theoretically require to visit the other page, at least inside a iFrame. There is a limit of how much you can do with javascript inside a iFrame.
With other words you try to imitate something like Selenium. Give it a try. It works with Java. You can control you browser, telling what to do, like a real user, and fetch the results, make even screenshots.
no matter what I am doing(new account, new site, new app), its not saving any settings. That means I can't add a domain to the whitelist and also, I can't get a public key.
Their own site's Javascript is extreme messy and crashes all over the place. I guess they won't fix all this any time soon. I tried to reach them multiple times through their contact page, but as expected : no response.
I am wondering this is happening only to me. Can anyone confirm this ?
No I am facing the problem of receiving the data at all. I tried JSONP, JSON-REST over a proxy and some other things. When using JSONP without the api key (not the public), I am getting a HTTP 400 error.
Are there any alternatives to receiving the data through their API ? I can't use server side solutions.
well, any hints welcome.
thanks
This sounds like a bug, and you should definitely contact us with your shortname and the browser you're using: http://disqus.com/support/