I have an application that uses IBM Cloud App ID for authentication and now we have come the the conclusion that we might need user-role authentication. I have found that there is nothing in the docs explaining if it is possible so I assume it is not but would like some clarification.
Basically just being able to have an account and login is not enough we need to see what type of user that person is so we can restrict some content to admins via IBM Cloud App ID. Have anyone accomplished this? And if so how?
Link to IBM Cloud App ID https://www.ibm.com/cloud/app-id
From my experience, adding user roles and management is not done with App ID directly, but it can be integrated. App ID is kind of a wrapper around different identity providers such as SAML, Facebook, Google or the built-in Cloud Directory.
There is a cloud solution tutorial using App ID. The code for that tutorial is multi-tenant ready and implements several roles, e.g., admin, tenant admin, viewer, etc.
Related
Probably a stupid question - I'm interested in building a mobile app that authenticates with a service using OAuth2 so that my app can use their API's. Documentation
To apply for an application key, I need to enter my application's domain name. What does this mean for my case? I am not building a website where users of my site will sign in to this service, I just want users of my mobile app to be able to get information from the service's APIs, using their account on that service. I don't understand what domain name would be required in this scenario.
I'm trying to make a chatbot with Dialogflow for Google Home. It requires the user to input a URL. Now it will definitely be a long and complicated URL which I can't recreate and I can't have the user speak into the google home.
The idea I had was that the user would input the URL on an agent on messenger. I store this on a Firebase database and then access it with a second agent.
Now the issue I have is authentication, I was hoping to use account linking on my google action with facebook. But I can't login to Facebook with google home. Or if I can, I can't find any documentation specific to that case. Facebook doesn't provide the necessary client ID and secret(as far as I can see).
I managed amazon and Gmail account linking with Alexa and an Amazon Echo. In those cases, you would have to login to google or amazon on the Alexa app or webpage. Then this will be integrated with your Echo and the skill will become usable.
Anyone have an idea of how I can make the link happen, if not then anyone have an idea as to how I can solve the overall problem?
This question has been left unanswered on other forums, but I was hoping to either get it solved or find an alternative.
There are three approaches to solving your overall problem - getting the URL manually entered and available to your Action. Two of them tackle it the way you've suggested - involving authenticating to Facebook and tying that to the Assistant account somehow. One solves it entirely inside the Assistant.
Account linking to the Facebook account
You've tagged firebase-authentication, so I'm going to assume that you're using it to do the auth and you've enabled Facebook login through it. This means your user has a "Firebase Account", but they log into that account using Facebook.
I will assume you have a way to get the URL from messenger once they're logged in.
The trick in this case is to setup Account Linking between their Firebase account and their Assistant account. This is done by setting up an OAuth2 server that has access to the Firebase accounts and will create authorization and refresh tokens that are given to the Assistant.
In the Action, you'll send the user to the Sign In helper, which will redirect them to your login page and send back a one-time auth code to the Assistant. The assistant will then use your OAuth2 server to exchange this code for auth and refresh tokens. Periodically it will use the refresh token to get new auth tokens.
When the user returns to the conversation through the Assistant, you'll be handed an auth token and you can use this to lookup the user. Since you also know their Facebook account, you can get the URL via however you planned to do so.
There are drawbacks to this method - it is very complicated, and setting up your own OAuth2 server is not for the faint of heart. You may be able to use something like Auth0 instead of Firebase Authentication to accomplish the same thing, but then you don't have the ease of access to the Firebase database.
Account linking to both Facebook and Google
In your Firebase account, however, you don't need to limit them to just logging into Facebook. You can have them use Firebase to record both the Facebook and Google accounts that they're using. This would "link" the two accounts together in your system.
With this, you don't need to setup an OAuth2 server. Instead, you can have the Assistant use Google Sign In for authentication. If the Google Cloud Project that Firebase is using and the Assistant are using are the same project, then once the user has logged in to your project's web page with their Google account, you'll get an identity token on the Assistant which will contain their Google ID. You can use this to match up with their Firebase account and get the Facebook ID and proceed from there.
But this is still a lot of work and kinda messy, jumping between systems.
Using just the Google Assistant (and maybe a web page)
If you're willing to make some assumptions about the devices your users are using, then you may be able to do it all just using the Assistant. The Assistant doesn't just run on the Google Home and other smart speakers, it also works on most current Android and iOS devices.
So you can detect if they have such a device available and, if they do and they're not currently on it, direct them to switch to that device when you need the URL.
If they don't have such a device available (perhaps because their version of Android is older), and you think this may be a common scenario, you may need to make another entry source available. This could be one of the solutions above, or you may want to just have a simple web page (done via Firebase Hosting and Firebase Functions, perhaps) where they log in using their Google account (so you get their ID) and you let them enter the URL. If you just need a URL - going through Dialogflow may be more complexity than you need.
I can already connect my conversation to my Facebook page and the bot is working.
My Problem is that i couldn't find a single tutorial on how to make calls to a server that is owned by a company and has information about accounts and payments, for example when i type to the Chat-bot that i want to see a list of accounts, the chat-bot would reply with a list from that API; Or i can login to that server with my account by typing the account's name and password in the chat-bot. I just wanted to know if anyone knows how to do that or if its even possible or knows a tutorial that explains it. I also would prefer if the tutorial was detailed because i'm new to this field.
As #Felipe Paixao said, you need to develop an orchestrating application.
I've found one example that explains step-by-step how to use Watson Conversation with Facebook Messenger.
Requirements:
Facebook page
IBM Bluemix
A Facebook Developer Account
Source code.
Step - IBM Bluemix:
Create a SDK for Node.js application
Create a Watson Conversation service
Create your Workspace for Watson Conversation and build your Dialog
Configure the JS app and integrate it with the Watson Service Connections -> Connect Existent:
In your App created in IBM Bluemix, access the Tools and go to IDE Eclipse, and create a new file: app.js with this code.
Replace with your credentials the username and password
You can see your credentials inside Service Credentials, or going to your workspace and access:
Step - Facebook Developers:
Enter to facebook developers with your Facebook account
In the Dashboard select Create a New App and Select Messenger
Put the URL from your Bluemix (Now IBM Cloud) app and select the options marked: messages, message_deliveries, messaging_options e messaging_postbacks.
Now, return to our app to configure the app.js file with our new FB token autogenerated and deploy it.
Step Final
Test your chatbot: If you made everything OK, we will have your chatbot available on your Facebook page.
Obs.: For built your example, you can add the lines of code for call your API in the app.js using the http module, using the Advanced JSON in Watson Conversation and create one "action": "callApi", and recognize with your code for do something, like this example.
See the Official Reference that I used to build Facebook Messenger with Node.js SDK (Back-end) source code based on Priscila Parodi codes.
You need to develop an orchestrating application, that would be responsible to connect the IBM Watson Conversation with your desired Fronted, Facebook in this case, and the Backend systems. I imagine that you are using the automatic deploy to Facebook from the Conversation Tooling, this option would not resolve your need to access a Backend.
The image passed by #data_henrik shows exactly that.
In conversation, you can create context variables that will be used as triggers in the Orchestrator to let him know when you need to call a Backend service to provide an information and then write the response into the Conversation context.
About using the Chatbot to login into a system, passing a password, this isn't a safe option since all information typed would go to Watson Conversation log and any person with access to the tooling/api could see the passwords.
I have a microservice which is running in docker container, can I integrate app id into my application? and do not change the application code.
Also, I only saw google and facebook login item on the log in widget,
how can I add IBM w3id to the widget?
can I store a username and password into appid? then clients can login using the pre-stored credential. how to implement this? thanks.
There should be no any problem to secure your application using App ID, but you need to update the application (backend) code if you need to protect REST APIs. If you need to authenticate your mobile app users only, there is no need to change the backend code (you can review our iOS and Android onboarding samples available in the service dashboard).
IBMid is not released to production yet, so currently there is no option to add it.
About customer credentials - we're working on Cloud Directory feature now, this scenario will be supported once we release it to production.
Thanks,
Vitaly
I making windows phone apps and i find out that windows azure have "identity" feature to authenticate user and getting userID,
what i want to know is:
can i use this userID to identify each user that login? (my app allow user to post a comment into the app and i looking for using this userID for tracking each user comment)
can i retrieve other data beside userID? like display name or picture and is it same like using their native sdk? (facebook or twitter)? to post into timeline?
My first approach is trying to integrate microsoft account but i don't know where to get client id and client secret
sorry for many question, i just getting very confuse about this... and after hours of watching channel9 and reading i just barely understand any of this...
have a look at the following blog posts using Azure Mobile Services and see if it helps you:
Getting user information on Azure Mobile Services
Enhanced users feature in Azure Mobile Services