My server returns a accesstoken and refreshtoken, I've setup iOS to correctly authenticate users using cookies (I do this by using credentials: 'include'). However when I try to run the Android version of my app, it won't persist any cookies and when I refresh the emulator, the backend server will return an error code causing my app to be logged out (the error code is being returned because it does not pass the cookies up!).
I had a look around to see what was up and I've came to the conclusion that it's not supported on the current version of react-native (0.59)? (check the link: https://github.com/facebook/react-native/issues/21795)
Are there any workarounds for this? I heard rumours that this will be fixed in RN 0.60, but there is no release date set for this yet so I'll need to find my own solution.
Yes cookies authentication is currently not in stable state in react native,for android device.
for more details you can go with this link.
https://facebook.github.io/react-native/docs/network
Related
For example if I executed code like this:
Firebase.auth.signInWithEmailAndPassword(email, password)
.addOnCompleteListener { task -> signInCompletedTask(task) }
I would like to see what http request (and with what headers) is actually sent to Firebase backend.
What I tried:
To find anything useful in logs, but I didn't see any information about this.
To run application with debugger, but inside FirebaseAuth.class everything went so complicated that I still couldn't figure out where is the actual http request made.
I tried to look for a source code for com.google.firebase.auth.FirebaseAuth.java, I found this https://github.com/firebase/firebase-admin-java/blob/master/src/main/java/com/google/firebase/auth/FirebaseAuth.java but this class seems wrong, it doesn't even have signInWithEmailAndPassword(..) method
In firebase doc I find this link https://firebase.google.com/docs/reference/rest/auth#section-sign-in-email-password, but I'm not sure is this the same thing or not.
So bottom line, how can I debug what data is moving between my android application and Firebase backend?
firebaser here
The source code you looked at is for the Admin SDK for Java backends, which doesn't have a way to sign in, but has lots of other useful calls for administrative/backend functionality.
For the Firebase Authentication Android SDK the code is in this repo firebase-android-sdk, but you'll find that the Authentication SDK is not in there (yet). If I recall correctly it was too entangled with Play to release it.
The Authentication SDK makes calls to the REST API though, and those endpoints are all documented here, like the API to sign in with email+password.
I am building an App API in Lumen, and I am a bit confused about how to lock down what/who can make requests to it.
At present I have no way of authenticating requests from the app, so anyone who knows the link could make requests from a browser and potentially cause havok. I know in the .env file there is an appkey variable which is currently empty, and after some research I can't seem to find a clear answer on what it actually does and if I need it.
So basically:
If request comes from my app, proceed.
If it comes from anything else, stop it.
That is what I am looking for.
I am using Ionic $http to make the requests.
Any help would be great
App Key is used for encryption which you can read at https://laravel.com/
use below command to generate key
php artisan key:generate
For more info on lumen auth check below github, Lumen 5.3 token auth
github link for lumen token auth
I have a jHipster project with Jwt Authentication but I can't get it to work outside de webapp. I'm currently developping a Android application and the authentication process get harder than I expected.
Basically I'm sending the parameters of the LoginDTO, to UserJwtController#authorize ('/api/authenticate'). At first I was getting Unauthorized, both on Android or Postman (I'm using it to test the requests).
If I change the '/api' to permitAll, I'm getting 405, Request method 'POST' not supported.
EDIT
It was a wrong typo on Android :/
It works fine for me against /api/authenticate, so either you use wrong URL (e.g. /api/authorize) or your JSON payload is wrong. The only issue you could have is with CORS. You should consider testing with curl as it is easier than PostMan for reporting here what you really do and also the curl options are already built for you in JHipster swagger page.
I have an android application that uses a symfony based api. I have users that login through the phone, send requests to the server and then logout. The problem is that unless I delete the cookies in the android(which I am storing) the symfony server would not log out the user, despite the fact that the user goes to the logout route.
This is part of my security.yml file (And I have tried a lot of combinations with this file to no avail)
firewalls:
api:
anonymous: ~
provider: users
access_denied_url: /user/accessDenied
pattern: ^/api/user
form_login:
login_path: /api/user/login
success_handler: Authentication_Handler
failure_handler: Failure_Handler
check_path: /api/user/login_check
remember_me: false
logout:
path: /api/user/logoutuser
success_handler: logout_handler
target: /
I have also tried triggering controllers manually that call $this->get('session')->invalidate(); and or that redirect to the logout path(some results around the web suggested that was a good idea, but it did not work) It just seems that, whenever cookies exist, the symfony server just logs the user in, that seems like a security issue to me considering that I am saving the cookies into shared preferences on android. Please help
I believe I have located the problem. On logout the cookie headers are not sent, so the server has no idea whose session to invalidate. Making the android httpclient behave like a full fledged browser can be tricky...
I try to use Google oauth to authenticate users on my android app.
Then I would like to send it to my app server so it can connect at any time with Google calendar.
I tried to use
GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);
Following this article:
https://developers.google.com/accounts/docs/CrossClientAuth
When I use it with scope
mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I get a token, which is valid for an hour
But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using
mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I receive either "invalid_scope" or "Unknown" exceptions.
What am I doing wrong?
EDIT:
OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token. When tying to resolve server gets an error about the redirection URL.
BTW, When I do the web flow with same parameters it works.
OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. A few things you have to know to work with Android and offline token
When you create google Client ID Don't create a service application before you create a web application
Must include https://www.googleapis.com/auth/plus.login in your scope
The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console.
That scope string is only documented to work when passed to GoogleAuthUtil(), see http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html, on Android. But it would be cool if it worked on iOS too; our infrastructure there is a little behind where we’re at on Android.
I have had the same issue then i realised that my app is not published and is in debug mode, so i had to add test users to the Google project -> Consent Screen, then i was able to fetch the token for the added test user.
You just need to follow the correct steps/format for specifying the scopes. Find them here https://developers.google.com/android/guides/http-auth#SpecifyingScopes