Right now i am developing an app for a real time chat communication that need to make an authentication of the users.
I read at various places that XMPP makes an authentication but i need to find out the database he works with , so does anybode know ?
Or can he make authentication of the users with any database?
Thanks
Related
I must mention that I have no prior experience in backend development, and I know that questions on the subject have been asked before but I need a specific answer to this one.
I was wondering if I could use Firebase authentication to register & sign in my users and store their data in Mongodb?
If so, what am I supposed to learn besides "firebase_auth" and a Mangodb package to make it work?
Yes, you can do that. Actually firebase auth will provide a uid after authentication that you can use in MongoDB to identify the user. To make it work you'll need to have your own backend or APIs that will help you retrieve the data from MongoDB after the user is authenticated via firebase. Whereas a backend or the API is considered you can use any framework to make it eg. flask(python), express(nodejs), ruby on rails, etc.
If you already have an existing authentication system and want to integrate it with firebase then firebase provides custom authentication, you can have a look at the same.
You can use python fast-api that makes your development faster
I am developing an app on unity3d and using firebase realtime database for user info and stats. The users need to authorize (via google) to read/write data to database inside the app. Since, users do not know the database address, which is embedded inside the app, do I still have security problem? If yes, what should I do? I do not want any user to change their own stats :)
Yes you still might have a security problem. Security by obscurity is not true security. It is still possible for people to snoop network traffic away from your app to get the address of the database. The firebase way of solving this is via Database Rules configured in the console/CLI. Making it so users cannot change their own stats will depend on how your app is structured and who IS allowed to change them. In any case, this can be expressed in Rules as well.
Just you have accessibility to database and its rules. Users just can read and write and change their data and they can't change another one's data.
I am wondering if it is possible to use just the Firebase authentication system together with your own API and database.
It has some nice features I want to take advantage of, however I do not wish to use their database or storage.
The application I am building is an Angular2 and express application with a MongoDB database.
Any answers will be greatly appreciated!
That definitely is possible: you can create your own identity provider that plugs into Firebase Authentication. This is often referred to as custom authentication. To implement this, you need a server (or other trusted process) where you authenticate your users and mint security tokens for then. You then pass this token to the user and have them pass it into Firebase.
But keep in mind: many Firebase features work fine without authentication. For example: if you use Cloud Messaging, Crash Reporting, Test Lab or many other features, you might not need to implement Firebase Authentication at all.
I am working on a news media website, and I am looking to add feature to allow users to register, login and make comments.
For example (New York Times login/register screen)
May I know what options are available, what are the common approaches publishers would choose ?
So far I have been looking at:
AWS Cognito: Allows to create own user directory, and authenticate.
Disquss SSO: also implemented commenting.
In house development: Code a new microservice to manage user directory and store/serve comments, alternatively using AWS Lambda. I am very keen to go down that path, example, but this might costs a lot to develop + maintain.
User data security is my top consideration, I would prefer to use a separate system to store user data. Either a robust third party service or complete in house development of a new system.
Any suggestions?
Thank you.
These are web-standards for single sign on:
OpenID
OpenID Connect
Companies like Google and Facebook provide authentication using Google-/Facebook-accounts. As far as I know, Google uses OpenID Connect which is based on OAuth. However, I don't know if you don't have to store user data any more at all when using this.
I believe it's worth checking again if authentication and commenting should be combined, especially when using a third-party-solution. It makes it harder to change one of the two.
This could give you some more ideas: https://en.m.wikipedia.org/wiki/List_of_single_sign-on_implementations.
I am building an application in which front end is iPhone and I am using ROR as my backend with mongoDB as my database. It is a kind of chatting application for which I am using jabber protocol and XMPP server. Now I want that when a user is created in my rails app, the same user should be created on the XMPP server. Any help would be much appreciated.
The ideal situation is to have only a single source for users and configure your XMPP server to use that same service.
For example it is common to have an XMPP server authenticate against LDAP, then all user management is delegated to the LDAP server. The XMPP server doesn't handle user management at all, but defers any user related queries to LDAP.
This would ultimately be more reliable than trying to keep two separate systems in synch. If the user management in your case is custom (which it appears to be), it might mean you will also have to add a custom module/plugin to your XMPP server (you haven't mentioned which one you are using) to use that service.