meteor-restivus icon indicating copy to clipboard operation
meteor-restivus copied to clipboard

Published 20 hours ago verified publisher icon kahmali

Authenticate with external service

Open outaTiME opened this issue 10 years ago • 10 comments

Hi guys,

Its possible to authenticate with an external service like github / twitter or this feature is only available with local (loginWithPassword).

thks !!

outaTiME avatar Feb 10 '15 17:02 outaTiME

Currently there is no out-of-the-box solution for authenticating via an external service in Restivus. However, the next Restivus update (coming within the next day or two, if all goes according to plan) will allow you to override the default method of authentication. You just write a function that does the necessary checks yourself, and then return the authenticated user. Please check out Issue #6 for more discussion around this.

I will definitely look into configuring external authentication support in Restivus. It doesn't seem like it will be too difficult. I just need to think of a clean way to fit it into the API. If you have any suggestions or requests for this feature, I'd be glad to hear them.

kahmali avatar Feb 10 '15 19:02 kahmali

Update to the latest version, v0.5.8 (or above), and check out the new auth configuration option in the docs for more details on how to configure custom authentication. Let me know if this solves the issue for you (at least temporarily).

kahmali avatar Feb 11 '15 05:02 kahmali

Has someone come up with an OAuth flow for Facebook, GitHub or Twitter using custom authentication?

CC @Tolmark12, @ganySA

dandv avatar Jun 19 '15 07:06 dandv

Hi @dandv, we have working FB auth and Default Auth with email. It seems a little "hacky" but works well so far. The trick is that we send a custom header "vf-auth-type" to know how to return the token for login.

var API = new Restivus({
      useDefaultAuth: true,
      auth: {
       token: "services.resume.loginTokens.hashedToken",
        user: function(){
          var token = '';
          switch (this.request.headers['vf-auth-type']){
            case 'email':
            token = Accounts._hashLoginToken(this.request.headers['x-auth-token']);
              break;
            case 'facebook':
              token =  this.request.headers['x-auth-token']
              break;

          }
          return {
            userId: this.request.headers['x-user-id'],
            token: token 
          }
        }
      },
      prettyJson: true
    });

Cheers

rafadorado avatar Jul 30 '15 15:07 rafadorado

In my application I don't have to use accounts-password and restivus has it as a dependency so that adds a button to signup with username and password that I don't want my users to be able to do.

For now, I'l fork festivus and remove that dependency but I think it would be good to don't depend on accounts-password now that it supports custom authentication methods.

knoid avatar May 06 '16 22:05 knoid

@knoid If you don't want that button to appear you can simply remove accounts-ui package but leave accounts-password in place if you intend to allow logging in with a username and password.

nerdburn avatar Jun 22 '16 21:06 nerdburn

@rafadorado Thanks for the custom auth example! A couple of questions:

  • Are you setting the ['vf-auth-type'] on the iOS side?
  • How do you handle sign up in this context?
  • Do you still use the /api/login endpoint from Restivus? If so, are you sending a password?

nerdburn avatar Jun 22 '16 22:06 nerdburn

Hi @nerdburn,

  • Yes, we define that header in iOS/Android, so we can tell the API which service we want to use.
  • Signup & Login are default use case in Email Case, /api/login endpoint, ( with SSL, of course ;-) )
  • For Facebook, we defined a custom endpoint /fb/login where we handle the SignUp or Login of the user.
API.addRoute('fb/login', {authRequired: false}, {
            get: function () {
                return {
                    statusCode: 404,
                    body: {status: 'fail', message: 'Post not found'}
                };
            },
            post: {
                action: function () {
                    var accessToken = this.bodyParams.accessToken || this.urlParams.accessToken;
                    var email = this.bodyParams.email;
                    var name = this.bodyParams.name;
                    if (accessToken) {
                        return facebookLoginWithAccessToken(accessToken, email, name)
                    }
                    return {
                        statusCode: 400,
                        body: {
                            status: "fail",
                            message: "Unable to Post to FB Login. Values Received: accessToken: " + accessToken + ", email: " + email + ", name: " + name
                        }
                    };
                }
            }
        });

Check this post to see the implementation of facebookLoginWithAccessToken that actually does the job: http://stackoverflow.com/questions/18118503/how-can-i-login-to-meteor-with-native-device-facebook

Cheers!

rafadorado avatar Jun 23 '16 12:06 rafadorado

@rafadorado Thanks for your example. When using your auth example, how do we make authenticated auth calls? It might be a stupid question, but by sending the headers

vf-auth-type: 'facebook' x-user-id: 'theUserId' x-user-id: 'theFacebookAuthToken'

Authentication always seems to fail when sending the facebook auth token...

lucnat avatar May 18 '17 22:05 lucnat

From this section https://github.com/kahmali/meteor-restivus#authenticating

How to do something like this curl http://localhost:3000/api/login/ -d "googlehashtoken=sha-256-token"

It might sound duplicate to above question but it is not specify in authenticating section.

pacozaa avatar May 22 '17 07:05 pacozaa