I have no front end. I want users to use my API e.g (postman) with a basic auth header (email:password) and then using this header I can get the users data from firebase.
however I find no method to authenticate the actual user?
<dependency>
<groupId>com.google.firebase</groupId>
<artifactId>firebase-admin</artifactId>
<version>6.11.0</version>
</dependency>
I have correctly connected to DB using
FileInputStream serviceAccount =
new FileInputStream("path/to/serviceAccountKey.json");
FirebaseOptions options = new FirebaseOptions.Builder()
.setCredentials(GoogleCredentials.fromStream(serviceAccount))
.setDatabaseUrl("https://DBNAME.firebaseio.com")
.build();
FirebaseApp.initializeApp(options);
I have tried to look into the methods:
FirebaseAuth.getInstance().
FirebaseDatabase.getInstance().
but I see no options to sign in the user from my server...
seems very easy from nodejs server... e.g
firebase.auth().signInWithEmailAndPassword(email, password)
does this method exist in java/ how can I do this in java for server and no client??
The way Firebase Auth generally works is like this. The client app should be signing in to get an ID token, and passing along that token to the backend for each call. The backend should verify the token received from the client with each request using the Firebase Admin SDK.
Typically, client apps will use one of the client SDKs for mobile and web apps. It will manage all the details of authenticating the user, getting a token, and refreshing the token every hour.
If you can't use one of the client SDKs, you will essentially have to write your own, or search the internet to see if someone else has already done it. If you write your own code, you will have to invoke the Firebase Auth REST APIs directly to get and refresh that token. You don't really have any alternatives to this with Firebase Auth - that's the way it was designed.
Related
So this is kind of puzzling. I have an iOS app that uses Facebook login. the app gets a user token and sends that token to the server, where I'm using restfb with that token like so:
FacebookClient facebookClient = new DefaultFacebookClient(facebook_token, Version.VERSION_2_3);
com.restfb.types.User fbuser = facebookClient.fetchObject("me", com.restfb.types.User.class, Parameter.with("fields", "email,first_name,last_name,picture.type(large),about,hometown,languages"));
This works fine in dev server but in production server it gets stuck at that first line. Nothing logs after that.
On iOS, the only line that changes from dev to prod is the api URL string.
I am building an AWS Lambda service for a small PoC. The flow in PoC is :
take a (text) input via POST,
performs a small string manipulation +
store the manipulated value into DynamoDB, and then
send the same (manipulated) value to a particular URL via HTTP POST
Seems like a simple lambda tutorial example, but the tricky part for me was the authorization. The URL that I have to POST to only allows requests that are mutually authenticated via a SSL cert. How can I achieve this in Lambda ?
I could not find enough answers to make this work. I looked at using the AWS API gateway 2-way ssl cert option. However, For that to work, I need to install the receiving part cert into cert store. Is the even possible ? Or the only way is to use a micro-EC2 box ?
At Lambda, I am okay to use Node.JS, Java, or Python.
How to implement mutual TLS in AWS Lambda?
First big applause for Hakky54 for this good tutorial on mutual TLS.
https://github.com/Hakky54/mutual-tls-ssl
I followed his tutorial to understand and implement MTLS for AWS Lambdas. You can also test your implementation locally before deploying to AWS by just running the spring-boot app which saves a lot of time.
Steps (all commands are documented on the above link)
Export server cert and import it to client trust store
Load your client key store and trust store, I saved both in s3 bucket
Create TLS Context
SSLContext sslContext = SSLContexts.custom()
.loadKeyMaterial(keyStore, stores.getKeyStorePassword().toCharArray())
.loadTrustMaterialtrustStore, (X509Certificate[] chain, String authType) -> true)
.build();
Create a new Jersey client
Client client = ClientBuilder.newBuilder()
.withConfig(new ClientConfig())
.sslContext(sslContext.get())
.trustStore(trustStore)
.keyStore(keyStore, keyStorePassword)
.build();
Make the call to the API
client.target(endpoint).get();
I am storing my keystore credentials in parameter store.
I was testing the following scenario. Sign in with GitKit and use Facebook as the provider.
All works well, but and the token cookie contains a.o.: "provider_id":"facebook.com","verified":false
Note that verified is false, albeit Facebook emails are verified by Facebook. I understand if GitKit might not want to hard code this assumption, but..
If we then send the user a verification email from our server using getEmailVerificationLink(gitkitUser.getEmail()) again all goes well.
(link is .../signin.html?mode=verifyEmail&oobCode=sFKXzFsKQ4ckr4A-HtofNPkRq_A&apb.cs=1)
The user sees "Success! Your email address has been verified."
But when then redirected to our server the token cookie still says "verified:false"!
My question is if this is the expected behavior?
Because if it is then I don't get it and I would very much appreciate some clarification.
Note, if I sign in with a simple password account, then the token cookie does give "verified:true" after the user followed the getEmailVerificationLink().
It sounds like a bug for social login account. The verified flag should be true after the verification. I will update here once we confirm the root cause.
I'm trying to use cross client authentication with google-endpoins. In my android client I'm successfully getting the authorization token for my server using:
String plusLogin = Scopes.PLUS_LOGIN;
String mScopes = "oauth2:" + plusLogin;
String token = GoogleAuthUtil.getToken(context, Constants.accountName, mScopes);
then i'm accessing the desired endpoint in an AsyncTask task and passing this token to the server. Now... i have this token on the server side but I do not know what i have to do to decode the user information from int. Basically i'm interested to get the user id and the user email on the server side.
It is true that i'm new to this but I'm struggling for more then 2 weeks.
The Google documentation on this it is only pointing in the direction that you have to follow but with no working examples that you can use as a model to start from.
https://developers.google.com/+/web/signin/server-side-flow
I think you cannot decode any user information from the tokens provided by the Google API server to your App, as these tokens are signed tokens which is sent by the Google API server to your application. It is a onetime token sent by the Google API Server to your application and then your application sending this to your server to get the refresh token from the Google Server.All these tokens are cryptographically signed JWT (Jason Web token) which is signed by Google, si you cannot decode those tokens.
Also, the docs you provided is for Google+ API and they have some sample code for how to implement the feature of onetime code in your project [1].
[1] https://developers.google.com/+/quickstart/
i'm trying to make an application with the Keberos protocol and the GSS-API in Java, and i've already made the authentication and the context establishement before calling the doAsPrivileged method.
In this method I get the mutual authentication sending a simple token from the client to the server, but after that i want to make some other things.
I want to open a new window with a table of products to let the client select them and buy something and that was connected to a database in the server.
my question is about how can a i use this context in other frames that are diferent from the original doAsPrivileged action class.
i get an error GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) and i don't know how can i find this TGT to send it more than one time to the server.
thank you.
I ran into a similar issue as well.
Your code fails because Java tries to use GSSAPI with the default login config name. Which is com.sun.security.jgss.initiate. To perform a GSS call for someone else or with another login conf name you have to use the LoginContext, obtain the subject and then do a doAs. As far as I can see, every action involving ticket exchange has to be done in a PrivilegedAction if you don't stick to the defaults. That's why our stuff's failing :-(