I have a custom domain setup in firebase hosting that works fine. When I create a preview channel though it always creates it at the default "web.app" domain. I tried just replacing "web.app" in the preview channel url with my custom domain but got a site not found error. Does anyone know if it's currently possible to deploy a preview channel to a custom domain configured in firebase hosting?
Example: The preview channel is: https://project-id--channel-name-8rdxche4.web.app, and I want it to be https://project-id--channel-name-8rdxche4.my.domain
This is because my frontend project is hosted in Firebase, but my backend is on my own server that is also under my custom domain. So for cookies to be set properly I need the preview channel to be hosted from the custom domain too.
It is not possible at the moment and I don't think it will be possible in the future, as Firebase would need to connect to the APIs from your domain provider to create temporal subdomains.
Related
I was developing a medical application (meaning I have to store patient information) with flutter as the frontend and mongoDB as the backend. Is it safe to use the "mongo_dart" package for signin / signup? Or must I use another package such as "http" and build a backend?
This is my first time building an authentication system, so I am really lost. When it is possible to use "mongo_dart" for authentication, how can I do so? Will I need to add a separate cluster for users, such that when an email and password matches I will grant user access?
First of all MongoDB is a database, it isn't a backend service. You can only store your data there.
The description of the "mongo_dart" starts with this sentence:
"Server-side driver library..."
So this package can be used for creating an API in dart. And also it is highly recommended to have an own backend service for your app.
So you can use Flutter for the frontend and MongoDB as your database service. Now you have to choose a language for backend, such as Node.js, Python or you can go with Dart as well.
And with your own API you could have an own API url, such as like: "https://myownpage.com/api/*". And in your Flutter app you can call this route for various actions: logging in, querying data and so on.
So it is absolutely fine to use all the things that you mentioned, but you have to create a backend application for the magic happening behind your mobile app.
I have:
a Node.js app that uses the Box Content API, and...
a Box app, just so I can register an Oauth2 client_id, client_secret and redirect_uri with my Box repo.
My current redirect_uri is "http:/localhost:3000". The app works fine if I run locally, It fails miserably if I deploy to Bluemix (e.g. "https://myapp.mybluemix.net").
I believe you can register multiple redirect_uris for a single Oauth2 client_id/client_secret in Facebook and Google, But I can't see any workaround in Box. Except to create a second app...
These posts are similar, but I don't need to authenticate TO a separate OAuth2 server ... I just need to authenticate FROM two different ENVIRONMENTS (my Node app locally, vs. the same Node app on Bluemix).
Facebook login - how to develop on both localhost and in production?
Using OAuth for both development and production environments
Q: Is there any way that I can register multiple redirect_uris for the same Box app?
ADDENDUM:
Thanks to Murtza Manzur for his reply:
Box does not support multiple domain redirect URIs. To use different
domains (localhost and mybluemix.net), you would have to create a
separate app for each domain.
This means I need two Box apps, and I need to configure my Bluemix/Node app to use one or the other.
Here is an excellent discussion about how to do that efficiently and securely in Bluemix:
Keeping secrets – how your cloud application should access credentials and other private data, Patrick Mueller
Box does not support multiple domain redirect URIs. To use different domains (localhost and mybluemix.net), you would have to create a separate app for each domain.
I'm using .NET 4.5 with a MVC5 5.2.2 web site and a Web API 2.2 service. The web site is using Identity 2.0, and I'm using MachineKey as a data protection provider. In the web site, I'm able to create new users, generate an email confirmation token and then verify that token when it comes back.
In the web service, I need to follow the same process - create a new user, generate email confirmation token and email that token to the new user. The user should then be able to visit the site, confirm the email address and finish creating the account. The problem I'm having is the email confirmation tokens generated by the web service can't be verified by the web site.
Both the service and the site are on the same machine. I can also duplicate this on my local machine in Visual Studio. My first guess was the machine keys weren't the same, but changing both sites to use the same hasn't worked. I've tried and confirmed:
Both sites have <httpRuntime targetFramework="4.5"/> in the <system.web> section.
I've tried <machineKey compatibilityMode="Framework45"/> in both sites.
I've tried generating machine keys - using decryption=AES and validation=SHA1 - with and without setting compatibilityMode.
Per https://aspnetidentity.codeplex.com/workitem/2439, I tried capturing the data protection provider and using that instead of MachineKey.
What am I missing?
So my first lesson from yesterday is that it is best to play Russian roulette with as few bullets in the chamber as possible. Otherwise you end up with a sore foot...as well as a sore forehead.
My problem ended up being that while I knew the confirmation tokens were being url encoded correctly from the site since I was using UrlHelper, I was forgetting the service was not using UrlHelper which mean those tokens were not being encoded correctly. After fixing that, I was able to figure out the machinekey settings.
For anyone who finds this, if you need to share Identity 2.0 tokens between different sites, I can confirm that you need a common machinekey set in your web.config for each site. I wasn't able to figure out if a common machinekey can be configured in IIS Express, so I ended up putting the keys in the web.config in source control then using the config transforms to remove them to make sure they aren't included when the site is published. In production, I'm going to use IIS to set these keys for the default web site so they are shared across both sites.
I am plannig to create a FirefoxOS app using Deezer API. So it would be a WebApp but it doesn't run on a server.
My main doubt is about the chanel url for cross domain requests.
Which one can I use or how can I manage that as soon as I have not a server URL neither a native package name?
Thank you.
Auth necessarily needs a domain or a bundle id to work properly. API cross domain requests can work without the channel URL though, you'll find code snippets to make jsonp queries here: https://github.com/deezer/code-snippets/blob/master/deezer-sdk-js/simple-deezer-api-request.js
I am using Facebook Graph API. To set it up, I need to fill out the App Setting on developer.facebook.com.
I need to specify two URLs, one for local testing (localhost:3000), and another for live app. How should I do this?
Thank you.
I need to specify two URLs, one for local testing (localhost:3000), and another for live app. How should I do this?
That’s not possible – at least not if you want to use Facebook login.
You have two options:
Set up a second app for testing. This works quite well, as long as it does not come to things like Open Graph actions which need to be approved by FB and are tied to the app they were are proved for.
Set your local test environment up to be accessible from your local computer by the domain name used for the live site. F.e. when using Apache as webserver, by setting up a corresponding VirtualHost and manipulate your local DNS into resolving the domain to your local IP (via hosts file under windows). Also since your live app will most likely use port :80, you should set up your local server to answer to HTTP requests on that port.