I'm currently working on a VueJS project on which I've just implemented a SSO system designed by the Portuguese government using our national identity cards, but I'm having some issues parsing the response from the external authentication server.
Here's a small GIF of my problem: https://gfycat.com/threadbarepossiblebagworm
The workflow is as follows:
User clicks on Authenticate.
User chooses "Login via ID Card"
User gets redirected to the external Authentication Provider
User logins with his ID Card.
External Authentication provider then sends back a POST method to the callback URL that is provided.
I read/parse the callback
The issue lies in step 6... The external authentication provider uses the callback URL I provided but I get this error
Cannot POST /users/callback
If this was a typical NodeJS I could just use
router.post('/callback' ....)
Is there a way I can read that callback in VueJS?
I've found this similar issue https://forum.vuejs.org/t/cannot-post-handling-form-post-from-an-external-site/41194/1 but no one managed to offer him a solution.
Thanks in advance!
EDIT: Before you ask, yes, that '/users/callback' is defined on router.ts and if I go to that route it does show a page. It's just not designed for POST methods afaik
Vue is a front-end framework, which means it doesn't have direct access to POST requests by default.
For production, are you running an npm script like "npm run build" and then serving the files that appear in the "dist" folder on a webserver, say Apache? Then you would have to respond to the POST request in Apache.
You could then store their authentication result "farther toward the backend" than Vue and have Vue grab it with vuex.
Related
I am a bit confused. The requirement is that we need to create a REST API in Salesforce(Apex class) that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:
Making a POST request first with username, password, client_id, client_secret(that are coming from connected app in Salesforce), grant_type to receive access token.
Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.
However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API in Salesforce and submits lead request.
I am wondering how would that happen since we can't use POSTMAN for that.
Thanks
These "various different web forms" would have to send requests to Salesforce just like Postman does. You'd need two POST calls (one for login, one to call the service you've created). It'll be bit out of your control, you provided the SF code and proven it works, now it's for these website developers to pick it up.
What's exactly your question? There are tons of libraries to connect to SF from Java, Python, .NET, PHP... Or they could hand-craft these HTTP messages, just Google for "PHP HTTP POST" or something...
https://developer.salesforce.com/index.php?title=Getting_Started_with_the_Force.com_Toolkit_for_PHP&oldid=51397
https://github.com/developerforce/Force.com-Toolkit-for-NET
https://pypi.org/project/simple-salesforce/ / https://pypi.org/project/salesforce-python/
Depending how much time they'll have they can:
cache the session id (so they don't call login every time), try to reuse it, call login again only if session id is blank / got "session expired or invalid" error back
try to batch it somehow (do they need to save these Leads to SF asap or in say hourly intervals is OK? How did YOU write the service, accepts 1 lead or list of records?
be smart about storing the credentials to SF (some secure way, not hardcoded). Ideally in a way that it's easy to use the integration against sandbox or production changing just 1 config file or environment variables or something like that
Im writing a user registration mechanism by hand so I dont want to use existing plugins or something.
Im wondering what the best way would be. I planning to do the following abstract steps:
Writing an component which is in charge to output a button which calls the facebook-api --> login in via facebook (Im getting token and user name/id)
In my route im using that Data to call the REST-Server-Backend of my app. I will pass the token as well as the username/id to the Server. (POST api.myapp.com/users)
The Server recieves the request and will validate via Facebook-API
the user data and token on its own --> if valid: Add new user to
database.
If the user wants to login now (after registration) he will do again
step no.1 and than will ask the server if the user is existing. But
how: Since ember suggest that the REST-Server is somekind of a
CRUD-Server and using the store is for working for model data only, there
is no possiblity to do a "logic"-call to the server like "ask
him if user with id is existing". Should I call "GET ../users/" and than check in my route if the sum of the returned records are smaller than 1?
So is that a common pattern?
Sounds like a fairly simple OAuth workflow but obviously refer to the facebook docs. As far as point 4 is concerned, I would suggest that yes, on login you make a request for the login route on your server (which should abstract the facebook OAuth call), and if the user is authenticated, then send down the user resource, otherwise redirect them to the login and send down some sort of 401 HTTP error.
As all your API calls should be authenticated too your user won't be able to access any protected API resources.
I would also suggest you look into an ember plugin like ember-simple-auth which also supports OAuth.
You can find more information about OAuth2 workflows here.
I'm trying to use CAS as an SSO solution for my organization.
One of the application that use this solution is a GWT application, using GWTP as its MVP platform.
When trying to navigate to some internal place in my app, for example:
http://myapp.com/myapp.html#!somePlace
the CAS filter recognize I'm not authenticated, and I get redirected to to the CAS login page. This is expected.
But, as we know, the internal place state (#!somePlace) is not sent to the server so it is not kept in CAS redirect request. Therefore, after loggining-in in CAS, I'm simply redirected to:
http://myapp.com/myapp.html
So I cannot reproduce the internal place that was requested.
Does anyone have some experience with integrating CAS and GWT and solving or working-around this problem?
Thanks
There's pull request for your issue currently on GitHub.
Briefly, as far as the anchor part of the initial URL appends to the "service" parameter of the login page in CAS server application, the simplest solution will be to add "onsubmit" event handler to the form on the login page. In event handler function you should extract part after "#" in current location and you should then add that part to the value of form.action.
I have a GWT app to deploy to Tomcat on a Windows server, with the following requirements:
1- The app should work fully, whether the user is in the Windows domain or not;
2- If the user happens to be in the domain, the app should be able to identify the user in some manner. Presumably, this should be via getThreadLocalRequest().getRemoteUser(), but any other alternative is fine...
3- If the user happens to be in the domain, the app should be able to access the MS Exchange server in that domain, without requiring the user to enter their password.
I've scoured the web high and low for this, but unfortunately, it seems there's no way to get authentication without forcing authentication. There are many examples of exclusions for, say, a login form or other "public" resources, but that won't work for us, since all the resources in a GWT app are packed into the same "page".
Maybe it's my limited understanding that's making me fail in some basic way, but I've tried to look at JCIFS, Jespa, Waffle and SPNEGO, and I just can't seem to get working the way I want to...
Any help would be greatly appreciated.
Cheers,
J.
How about putting a Javascript on your front page and have a Kerberos/SPNEGO protected page. The javascript will attempt to request a protected page, if the user is on the domain you will get the correct result from the page otherwise you will get 401 access denied. In the former case you can redirect your browser to exchange page, or have another AJAX call to retrieve things from exchange server in the later case you either show a log-in form or a generic anonymous page.
What about using JNI to call the Win32Api function LogonUser?
By doing impersonation at the thread level you will have the NTLM token added to the current thread and you would be able to call exchange with no issues
I am new to WP7 and I am working on a WP7 app that communicates with a Rest service using C#. I have been able to successfully develop the async code using HttpWebRequest to interact with it.
However, I am having difficulty with the login aspect (the service abstracts out all the details of login to Facebook so I do not have to deal with them. All I need to do is to go through the service call for login).
The service does the login by providing me a URI that I can call where I need to include several parameters withing the QueryString (such as app and user login info). Another one of those parameters I need to send is a "Response URI" within my app code for receiving the Login responses back. So, as the service executes the login procedure, it will continually send information back to my "Response URI" to notify me of the status of the Login process.
The possible outcomes of the Login process include:
1- a success message in the Querystring to my "Response URI"
2- more interestingly, the service may need my user to enter additional information in order to log in in which case the service wants to display a web page within my app for the user to enter this info.
Due to #2 above, I believe I need the "Response URI" within my WP7 app to be a WebBrowser control. So login responses from the service can be sent there and I just monitor the Query string of the URI displayed on that WebBrowser until I determine that we have arrived at a "final outcome" of the login process. Meanwhile, my app just lets the service make use of the WebBrowser to interact with my user if needed.
My issue is that I do not know how I can set the "Response path" for the login call to be a WebBrowser. Any help or suggestions would be greatly appreciated.
Thanks in advance.
This response is based on my experience of RPX/JanRain Engage. It might help if we know which login system you are using (it's not facebook itself, or is it?)
If the login system sends you a "need more info" message, then that message will contain a URL to show.
At this point show a page within a WebBrowser and pass in a dummy ResponseUrl (e.g. http://myurl.special/reply)
Then keep monitoring the WebBrowser's OnNavigating event - when the WebBrowser navigates to http://myurl.special/reply then you know you are done
I hope this helps...