I just started using Parse and am very excited to get my app up and running, but am having an issue getting the current user in my server code.
I am using Parse.FacebookUtils.logIn to register and log in users for my Parse application.
After a user logs in, calling Parse.User.current() produces the correct result on the client side, but returns null on the server side.
Do I need to explicitly set the current user in my cloud code?
Thank you!
Calls to Cloud Code have the current user in request.user, you don't user Parse.User.current() server-side since they aren't logged in server-side.
var currentUser = request.user;
That's the code you use in the cloud.
Related
I had just finished the login process in Ionic 3 with the native facebook login plugin. Everything seems to work fine.
I get my facebook data and store them with the storage plugin.
Here starts the weird part for me.
I want the next time the user opens the app to be able to pass the authenticate phase automatically and i am not sure which is the proper solution.
Solution 1
When the user login for the first time a store the data so the next time he opens the app in the app.component.ts i check if the data i stored(ex userId) exists.
storage.get('userID').then((val) => {
this.isLoggedIn = true;
this.setRoot(MainPage);
});
Solution 2
I make use of the getLoginStatus function and if returns response.status === 'connected' i assume that the user was authenticated before and the data i stored exists.
Is one of them consider as a better approach?
Do you use a different solution?
Do i need the access token for some reason in this situation or this is useful for a web app only?
I would say it depends on the security you are looking for, is your app dealing with sensitive informations ?
If no then you can simply store the userId (your solution 1) and you are good.
If you are dealing with sensitive data then you should consider to have a more secure system (as an example you have to consider that the user may loose its phone and so the user may want to cut off the access...)
To secure the process with facebook a possible way to go :
send the access_token you get from facebook authentication to a remote server where you can check it (here a link for more info)
save a token to your sever corresponding to your new user (a json web token for example)
send back this token and save it locally
to every authentication check that the token is still valid server side
I recommend you to read the tutorials written by Josh Morony :
https://www.joshmorony.com/using-json-web-tokens-jwt-for-custom-authentication-in-ionic-2-part-2/
https://www.joshmorony.com/creating-role-based-authentication-with-passport-in-ionic-2-part-2/
https://www.joshmorony.com/basic-security-for-ionic-cordova-applications/
I would like to be able to login with my google account in my unity game.
I've tried using Play Game Services, which imo would be the best solution, and I can log in and get name and ID and stuff, but I can't get the access token used, so I can verify who the user is on my server.
I have a server with a lot of player-data, that I can't put in Game Services, so I need to verify it's the correct user, and the ID is not safe enough.
How can I log in with google and get an access token in unity?
cheers
You can use this code to get token :
PlayGamesPlatform.Instance.Authenticate(success =>
{
if (success)
{
Debug.Log("Token :");
Debug.LogFormat("{0}", PlayGamesPlatform.Instance.GetAccessToken());
Debug.Log("End Of Token");
}
});
But you have to add a client id to your Google play services unity plugin.
Have you tried writing a custom Android plugin for your game?
You could get anything in your Unity game that you would be able to on a native Android app, and then pass that data to reference against your server.
They have pretty straightforward documentation for it:
http://docs.unity3d.com/Manual/PluginsForAndroid.html
I hope that helps!
Edit: Elaborated statement.
The PlayGamesPlatform.Instance.GetToken() will give you a string token, but can take a while to download, even several seconds. If the app setup is correct, it should populate after a while. Keep polling it whether it's null or empty, and it should eventually yield a valid token. The token is only good for 1 hour.
In order to access Google APIs on a backend web server on behalf of the current player, you need to get an authentication code from the client application and pass this to your web server application. This code can then be exchanged for an access token to make calls to the various APIs. For more details on this flow see: https://developers.google.com/identity/sign-in/web/server-side-flow
To get the Auth code: 1. Configure the web client Id of the web application linked to your game in the Play Game Console. 2. Call PlayGamesPlatform.GetServerAuthCode() to get the code. 3. Pass this code to your server application.
I am able to get the AuthCode and this code is given to the server and they generate the access token and authenticate my account.
I'm trying to secure a Cloud function in my Parse app. This function doesn't create objects or anything. It just calls an external API and returns the result. However, to make it secure I'm trying to create an anonymous user using the iOS SDK like so:
PFUser.enableAutomaticUser()
print(PFUser.currentUser())
which outputs
Optional(<PFUser: 0x7fd3535570c0, objectId: new, localId: (null)> {})
So seems like the user is being created. But when I make a request using the PFCloud object, my parse function in Cloud gets a null user:
PFCloud.callFunctionInBackground("<endpoint>", withParameters:[<params_dict>], block: {(result) -> Void in
print(result)
})
Result on console log says "user":null. Does anyone know what I could be missing? Also, is this the best way to ensure requests are coming from my iOS client only, and not from some other source?
Thanks.
Your anonymous user is null because unless you save that user or an object related to it, it will not exist on the server. From Parse documentation:
Anonymous users can also be automatically created for you without
requiring a network request, so that you can begin working with your
user immediately when your application starts. When you enable
automatic anonymous user creation at application startup, [PFUser
currentUser] will never be nil. The user will automatically be created
in the cloud the first time the user or any object with a relation to
the user is saved. Until that point, the user's object ID will be nil.
Also you cannot simply check if a request is coming from an iOS client. The whole point of a REST system is that server does not keep any state, it just responds to the requests from different sources. The sources have to send in their credentials (usually in a from of a security token which is issued by the server during a login) with every request. Server verifies the token is genuine and has not been tampered with before serving the request. Parse provides you with user authentication which makes it easy for you to verify that a logged in user is requesting something. You can then build extra security measures on top of that to make sure only certain users are allowed to access certain data.
Context
I have a Azure Api App set as "Public (authenticated)" and have enabled Facebook identity. My Api App is protected and I am able authenticated with FB. In the Api App, I want to get the authenticated user information such as login provider, token and email to save in a database.
Problem
I can't find any documentation on how to obtain this info. I followed this article and tried
var runtime = Runtime.FromAppSettings(Request);
var user = runtime.CurrentUser;
TokenResult token = user.GetRawTokenAsync("facebook").Result;
var name = (string)token.Claims["name"];
var email = (string)token.Claims["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"];
I've made the changes to the apiapp.json file to allow facebook authentication "authentication": [{"type": "facebook"}] but it times out at GetRawTokenAsync when remote debugging the Api App.
Looking at other blogs/articles/posts, following is another way by referencing additional assemblies "Microsoft.WindowsAzure.Mobile"
var user = (MobileAppUser)this.User;
var facebookCredentials = user.GetIdentityAsync<FacebookCredentials>().Result;
But this also doesn't work as this.user is of type WindowsPrincipal user when remote debugging my Api App. And apparently "Microsoft.Azure.AppService.ApiApps.Service" is the only reference an Azure Api App needs.
Am I missing something? Seems like a basic scenario to get the authenticated user in a Api App web service.
Finally got it to work. When calling GetRawTokenAsync method we must await. Using Result or Wait from the Task object doesn’t work and times out. This is still unclear to me why, perhaps a framework bug?
Our application is using Symfony 2.0 and MongoDB with FOSUserBundle for user management.
Client wants to prevent login with the same username from different device at the same time in their application.
Our idea is to invalidate/delete all other sessions for the same user when the successful login occurs.
The problem is, that we cannot save session in DB, because Mongo Session handler was added later in the version 2.1.
The only solution we come up with is to iterate over the session files saved in file-system and check if the username of the user is saved in that file. If that is true, we just delete the file and login session on other locations are terminated. Of course we have to check that we don't delete the current session also.
Does anyone have a better idea how the problem could be solved?
If not, are there any hidden traps that we should know about?
You could add an IP address column to the user entity that stores the current user's IP upon login. On each page load (via an event listener), you could check the IP stored in the DB against the IP of the person requesting the page. If the IP in the DB doesn't match the current user's IP (someone logged in from another location), log them out.
To take it a step further, via ajax, you could make a call to the server every X seconds that performs the same type of check, and do a redirect to log the user out if the ajax request returns a bad match.