I would like to implement OpenID Connect in my Perl web application so that I can authenticate users on a Mastodon instance I setup against my existing user database. I've found various OIDC libraries on CPAN, but virtually nothing in the way of documentation, so I'm struggling to figure out where to begin other than reverse engineering the process that I use (for example) when my app connects to Facebook's API and building my own.
Is there something I'm missing? For example OIDC::Lite and Net::OAuth2Server::OIDC look promising, but there's not much to go off of. I've been trying to locate someone actually utilizing one of these libraries online to study how they're implemented, but come up empty handed.
Can anyone offer a starting point to work with?
Related
I couldn't find information on how other people solve this, so maybe you can help me out.
What I have
Multiple Services with REST APIs, that are secured using OpenID Connect. Connections between the Services work fine.
Now I have multiple developers, who sometimes need to write and execute local scripts (Python, R, Bash etc.) for quick analysis and testing.
What I want
I want to enable the developers to use the services as easy as possible, but still respecting security concerns.
What I tried
I defined the script itself as a client. Therefore I created a public client in my OIDC product, which is called somewhat like 'developer-scripts'. Using a library which handles the oauth dance, I can then execute the script connecting as aforesaid client. First time, the browser pops up and requests the user to authenticate and therefore authorize the client to use the REST API on behalf of the user. After that, the tokens are cached and I can easily continue working on that script.
This simplified drawing tries to summarize, what I just described
That works perfectly fine and regarding security I'm glad that credentials are not saved on the local computers as it was before with e.g. Basic Authentication. Furthermore, I'm able to control the access to different services on a user level.
Other ideas, which didn't convince me:
every web service also has an public client which can then be used as a client by the scripts (so the scripts aren't defined as clients anymore)
token generation is done somewhere else and the developer just adds the generated access/refresh token to the script
My problem
What concerns me about my current solution is the definition of that client. In the described case it would be either a generic client used by all developers for all scripts, or a new client for every developer who want's to write a local script. The latter seems to be a lot of overhead, the former may be a security problem?
So finally I'm asking the question: Are there any known best practices for my described use case?
EDIT:
I found a small article by [Martin Fowler](https://martinfowler.com/articles/command-line-google.html), he is basically explaining, how he is receiving a token to use for a local script. But in his case, he's using it for one certain use case, and not as a general public client. So unfortunately it doesn't really contribute to my answer.
I am using OpenTokSDK for iPhone (using it Natively)
I have made the code for calling but just there is one problem.:-
I have to statically Add the SessionID. But i want to generate the ID Dynamically.
How can I do this ?
Please help!
Thanks In Advance
Full disclosure: I am a developer for TokBox.
The only safe way to get session ID and token credentials to the device is by developing an application server that suits the specific needs of your app. We have a number of server-side SDKs available on GitHub (link) that will interface with the OpenTok server API to generate this data.
Note well the server-side SDK is enough to get your credentials generated, but not all devices will be on the same session, so things like user management and application workflows are all considerations that cannot be easily written to an open source library.
That said, we did try to make some of these examples more clear by writing code examples on our blog (link). You can relieve much of the overhead of writing your own application server (no doubt a daunting task, especially the first time around) by leveraging one of the third party signaling services available, like Parse and Pusher, to name two.
Wobbals is correct, and In addition to what Wabbals has mentioned, generating sessions/tokens is very simple, the sample code required for each server language (PHP, NodeJS, C#, Ruby) is located in OpenTok's Github page.
Furthermore, if you choose not to have server side code and use Parse to handle your back-end, there is a wonderful writeup about how to use Parse's cloud code module for OpenTok to generate sessions and tokens.
Good Luck!
I strongly felt that the tokbox tutorial was quite basic but had steeper learning curve. So I ended up wrote out my own app-cum-tutorial.
Though late, I felt compelled to post here:
How To write your first iPhone Video Chat App using parse and opentok(tokbox)
I am to authenticate username and password credentials to a Active Directory through the iOS App?
I know that this post instructs us to include the openldap in the project, BUT this post here has indicated that there are inbuilt ldap protocol that I can use to connect with the Active Directory using PHP.
Can somebody shed light on both of the topics, and pick one which would be useful for the current version of XCode.
And also, are there any examples of this that any user can share?
P.S: This is my first question in stackoverflow.
Unless you are exposing your domain on the Internet, you'll need some sort of service layer. If you know php, that is probably a good route to go. Then, from the iOS application, you simply call the operations exposed through your php server. For creating the service, you may want to look into an ldap library for php.
I'm in the middle of working on my first native application with networking and I have a question regarding the best way for interacting with remote storage. In a perfect world I'd like to do the following.
Prompt the user for login information from the iPhone.
Verify the users credentials and connect to a MYSQL database hosted by myself.
Parse MYSQL data into a table view.
Allow the user to add or update information in the database.
I've read some similar questions posted, maybe something's lost in translation, but the two most common means I've come across are.
Create a web service for handling these requests using SOAP/REST/JSON (no experience doing this, but would like to learn if it's a better implementation)
Write PHP scripts (enough experience to get by) that will grab data username/password/requests securely from my NSURLRequest and echo the NSData as XML and parse it with an NSXMLParser.
Are there other options? Is one a better implementation over the other? (web services come up more in searches)
Thank you in advance for taking the time to read my question and possibly clearing up any confusion.
Whoa! Web Services! Oh wait, calling a PHP script that returns JSON is actually also a web service. Well, that makes things simpler :-)
Yeah, so I would go for this:
Write a PHP script that returns JSON data (many tutorials available)
Protect the PHP script by setting up 'Basic access authentication' (Apache documentation)
Tell Apache to take the user database from your mysql database
Run your service on secure (HTTPS) web server (important because basic auth is not secure)
This way you can use almost all standard components on the iPhone side. NSURLConnection will talk HTTP(S) and there are excellent open source JSON parsers for Objective-C.
I want to connect to a remote database(MySQL or SQL Server or Oracle) via internet from my native iphone app. I can't find any API or Framework in System to add. does any one know how to connect to a remote Database? pleased help me. Thank you very much
I'm not an iPhone programmer, but I would suspect you want some abstraction going on.
Instead of trying to make a native database connection work, consider writing some service layer that talks to the database on the back-end, and speaks HTTP to your client application.
Plenty of very good reasons for this. Security concerns chief among them.
One way to do it would be to setup an HTTPS server that wraps your requests. Submit your queries via HTTPS POST. The server setup would be pretty basic and it gives you the chance to do any post-processing before sending it over the wire.
The best alternative is to use webservices to access the information stored remotely.
Bye.
Disclaimer : Shamelessly plugging my own product :)
We've built an online system called Kumulos that allows iOS and OSX developers to build and host online databases in the cloud, while easily creating custom API methods for accessing it. It even builds all the Objective-C bindings for you.
Its really really easy to use and its free while in Beta. We'd love some honest developer feedback :)
Check it out here