I am very new to sailsJs and have gone through few online resources for applying authentication on the apis that I want to build.Most of the tutorials are either outdated or is a overkill like applying passport because I would just want to apply authentication on api that too on selective routes.I would just need a direction to start working upon.Any help or suggestion is most welcomed.Thanks in advance.
Related
I'm in the process of implementing an authentication + authorization system for my web application, and I'm struggling to decide how to implement the authorization part. This is what I've decided on, so far:
For the authentication process I'll be using Firebase. After some research it stood between Firebase and AWS Cognito, and Firebase seemed to be more mature. The solution is secure, saves me a lot of hassle, and there's no point reinventing the wheel.
For storing additional user data I'll use Firestore. It seems like this will make my life easier for performing user tasks, like updating personal information, and saving/retrieving user state in the onboarding process etc.
For the server side I'm using Kotlin + Postgres, mainly because I want to know these technologies better.
For the permission model I'll be using RBAC. This is mainly because it's flexible, and I've gotten some experience with it using AWS.
Now, for the RBAC implementation my idea is to keep the roles, policies and user groups in the Postgres database, while keeping my users in the Firebase (+ Firestore).
I'm really just looking for input on best practices, and if anyone has done something like this before.
There seems to be a lot of articles covering the authentication process, but not so many covering good authorization system implementations.
Any tips will be very much appreciated.
I'm developing an Ionic(3 / 4)(Angular 4 - 7)-Cordova / Capacitor Cross Platform Application(s). I'm interested in switching API env based on the current rollout track in the Google Play Store. For example, once an application has been successfully tested and recommended to continue staging/production. I would like to have the API env dynamically changed (e.g., using a different URI domain to connect to REST API ) dependent on the Google Play Store Track.
I'm aware that I can use Google Developer Play Store API to identify / list versions and available tracks yet, I'm unaware if there's already an implementation or solution. I'm perfectly willing to design a solution though, I figure I find out if it's been done already rather than reinvent the wheel.
I'm hoping to implement a solution either to the REST API BACKEND or in the ionic framework layer rather than an integration at the native layer for scalability per-project. The purpose of doing this would enable CI rather than rebuilding the project and change the API URI domain for every environment. Any assistance in this matter would be greatly appreciated.
So, if anyone's interested. The approach highlighted above is possible, couldn't get an answer so I just created something. Using Google Play Developer API. The process flow is as follows:
[]
For now it's a working prototype perhaps its not very efficient; I suppose it can be improved if the request was issued from a single server, or microservice. Though, I wanted to make the code recyclable and it's isolated from both the mobile application & Node Server.
If you are interested in learning more or would like to work on project. Please feel free to contact me.
Is there possibility to enable the multiuser mode for the REST server without using passport?
I don´t see the reason to use the passport authentification in my use case, because the restrictions from the acl file should be enough and passport would just make the whole process of the use case unnecessarily more complex.
Yet I can´t find any options for that.
Thanks in advance for any hints or help.
The MultiUser mode of the REST server requires that Authentication is enabled with a passport strategy.
It is the Authentication that identifies each user individually so that Multi-User can separate users and enforce the ACL.
The examples and Tutorials show using GitHub as an example Passport Strategy, but Passport is a Framework and you can choose a different Strategy, or implement your own custom strategy.
Being new to perfect server side swift, I cannot find any packages that help with role based access authorization. In Spring there is for example,
.antMatchers("/homePage").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.antMatchers("/adminPage").access("hasRole('ROLE_ADMIN')")
Is there something already existing in perfect to help with this? Is there a recommended way of handling access control in perfect?
As you use perfect server, you may take a look at:
PerfectlySoft Perfect-Authentication
perfect.org authentication
perfect.org Turnstile
Perfect provides system level of authentication.
Firstly, you can go to github and search PerfectlySoft/Perfect-LocalAuthentication for user identity validation, however, it doesn't contain the role control as you asked.
It can be done in other approaches. For example, you can use Perfect-LDAP to access an LDAP server for all kinds of roles and groups.
I'm using versae's neo4j rest client to access a neo4j DB but I stumbled upon a problem trying to figure out how to use the paths algorithms from a node.
In the neo4j documentation it says that there are built-in graph algos in the URL *db/data/node/NODE_ID/paths* but it seems like versae's API doesn't allow access to these algos, as I read in the docs it has access to "extensions" but not to the default built-in algos.
Anyone knows how to access these methods without having to create a server extension just to reimplement it?
piva,
Currently there's no way to access to algos factory from the neo4jrestclient. But I think it's the time to implement this. I hope to release a new version with this feature before the end of the next week.
Regards.