loopback-example-passport
loopback-example-passport copied to clipboard
strongloop
will this module work with Single page apps, and mobile iOS, android?
Does this support rest login and authenticating all requests for things like angular single page apps, iOS, android etc?
@bajtos I am also trying to use loopback-passport for login of iOS and android app, and I have the same question as @surfjedi asked.
could you answer this question ?
I am not familiar with loopback-component-passport, please ask @raymondfeng, he is the person who wrote that module.
I don't think handling login via native SDK and interaction via REST is supported (yet). The way I handle it is via WebView. Point the user to e.g. /auth/Facebook in a UIWebView, then do sth. like this to get the data:
- (void)webViewDidFinishLoad:(UIWebView *)webView
{
NSString *userId;
NSString *accessToken;
NSDate *createdDate;
NSHTTPCookieStorage *cookieJar = [NSHTTPCookieStorage sharedHTTPCookieStorage];
for (NSHTTPCookie *cookie in [cookieJar cookies]) {
if ([cookie.name isEqualToString:@"access_token"]) {
accessToken = cookie.value;
NSNumber *created = [cookie.properties objectForKey:@"Created"];
createdDate = [NSDate dateWithTimeIntervalSinceReferenceDate:[created doubleValue]];
[cookieJar deleteCookie:cookie];
}
else if ([cookie.name isEqualToString:@"userId"]) {
userId = cookie.value;
[cookieJar deleteCookie:cookie];
}
}
}
Can you tell me how to use the accesstoken? I am still unauthorised when i tried to make a secure call with this in the header.
Do you set the access token then to your LBRESTAdapter? [_adapter setAccessToken:existingAccessToken];
I figured this out. The token is signed so I had to get the unsigned value to make the secure call.
res.cookie('access-token', req.signedCookies['access_token']);
res.cookie('userId', req.signedCookies['userId']);
Thanks to everyone for their information and for making this example project.
I believe that loopback-component-passport needs to add support for passport-facebook-token (https://github.com/drudge/passport-facebook-token) so that we can just send POSTs from the iOS and Android Facebook SDKs, to login with Facebook at least in the correct manner, to then start interacting with the API via mobile. It'd be great if this were to happen and for this example project to be updated when it does.
Can anyone give update if this is now supported? I see the passport-facebook module being used.
@artmunro Its not.
But you can add passport-facebook-token to your package.json and update the module on providers.json to
"module": "passport-facebook-token"
Finally fork loopback-component-passport and do something like this https://github.com/wearescytale/loopback-component-passport/commit/1d2571d915f2108d706a575b2dd7711d90898c92#diff-0d9ea68c1756ce2fc5c960b5796850aaR516
@NelsonBrandao, I added passport-facebook-token to my package.json and changed facebook-login.provider to passport-facebook-token in providers.json. I also made the changes to passport-configurator.js as suggested. I am getting the following error when I start my server.
if (!options.authorizationURL) { throw new TypeError('OAuth2Strategy requires a authorizationURL option'); }
^
TypeError: OAuth2Strategy requires a authorizationURL option
at new OAuth2Strategy (/Users/Akshat/Projects/loopback-social-example/loopback-example-passport/node_modules/passport-oauth2/lib/strategy.js:82:42)
at PassportConfigurator.configureProvider (/Users/Akshat/Projects/loopback-social-example/loopback-example-passport/node_modules/loopback-component-passport/lib/passport-configurator.js:396:26)
at Object.<anonymous> (/Users/Akshat/Projects/loopback-social-example/loopback-example-passport/server/server.js:78:24)
at Module._compile (module.js:410:26)
at Object.Module._extensions..js (module.js:417:10)
at Module.load (module.js:344:32)
at Function.Module._load (module.js:301:12)
at Function.Module.runMain (module.js:442:10)
at startup (node.js:136:18)
at node.js:966:3
Do you have any Idea about the error ?
@always-akshat the "TypeError: OAuth2Strategy requires a authorizationURL option" is because of https://github.com/drudge/passport-facebook-token/issues/36
from PassportConfigurator.prototype.configureProvider:
var AuthStrategy = require(options.module)[options.strategy || 'Strategy'];
if (!AuthStrategy) {
AuthStrategy = require(options.module);
}
require('passport-facebook-token').Strategy throws the error
adding a "strategy" option to the providers.json for the passport-facebook-token module that causes !AuthStrategy to be true worked for me for now
I am not sure if this helps to answer the original issue raised, but I am personally successfully using loopback-passport so that my Android application can use Google OAuth to log into my Loopback backend. I had to spend quite a lot of time on this to get it to work, particularly concerning how to handle the various tokens.
I can do a more detailed write-up about this if anyone would like me to. However, briefly off the top of my head, it was something like this:
-
I used the Android SignIn library in my application. This allows the application to fire up an Activity for the user to confirm they want to allow sign in using Google. Then the library gets the token from Google.
-
I then call the Loopback passport endpoint with that token. I can't remember what it is from memory (something like /google/oauth/callback/)). If Loopback/Passport then successfully redeems this token with Google, the response to this endpoint then contains a
set-cookie:header. -
I have to parse/unsign the set-cookie header value to recover the Loopback authentication token. From that point I have a Loopback authentication token that I would use exactly the same as if I'd logged in using conventional username/password.
The only problem I have still to solve is dealing with the auth token TTL. Obviously because it's obtained using OAuth, my app can't store a conventional username/password to get a new one if it needs to. One solution might be to implement a rolling TTL, which I think is what I'm going to do.
+1
Trying to figure out how to use loopback-component-passport for third-party authentication with my SPA and can't seem to find any good examples.
@jackrvaughan Sorry for the confusion. Is it that this module doesn't support SPA? For my SPA (VueJS) with enterprise security service (no social networks), I need to use implicit grant type, hence no client secret needed. Will that be OK for this module?
Trying to understand before I spend time working with it for my SPA. Thanks.
I am not sure if this helps to answer the original issue raised, but I am personally successfully using loopback-passport so that my Android application can use Google OAuth to log into my Loopback backend. I had to spend quite a lot of time on this to get it to work, particularly concerning how to handle the various tokens.
I can do a more detailed write-up about this if anyone would like me to. However, briefly off the top of my head, it was something like this:
- I used the Android SignIn library in my application. This allows the application to fire up an Activity for the user to confirm they want to allow sign in using Google. Then the library gets the token from Google.
- I then call the Loopback passport endpoint with that token. I can't remember what it is from memory (something like /google/oauth/callback/)). If Loopback/Passport then successfully redeems this token with Google, the response to this endpoint then contains a
set-cookie:header.- I have to parse/unsign the set-cookie header value to recover the Loopback authentication token. From that point I have a Loopback authentication token that I would use exactly the same as if I'd logged in using conventional username/password.
The only problem I have still to solve is dealing with the auth token TTL. Obviously because it's obtained using OAuth, my app can't store a conventional username/password to get a new one if it needs to. One solution might be to implement a rolling TTL, which I think is what I'm going to do.
Hi I am interested and want to implement in my mobile app. can you provide writeup or more details
