How to use JWT to ensure it captured logged in user? - mern

I am trying to follow a video to complete a Iventory management app. It started having problem when I am trying to getuser or update user, not sure my token or my code is wrong, but i follow exactly as the video taught, please help on this.
authmiddleware.js

Related

Getting "Route not enabled for account" error while sending api activity request

When trying to getting response from https://developer.api.autodesk.com/bim360/admin/v1/projects/:projectId/activities it rises 403 error with details - Route not enabled for account. But, for example, request https://developer.api.autodesk.com/bim360/admin/v1/projects/:projectId/users has successfully responsed. User has all admin permissions.
Can every one help with that? :) Are there another ways to get project activities?
Unfortunately, activity API is not released yet, so you cannot use it currently. Please stay tuned with our official announcement in the further. Apologies for the inconvenience!

Looking up values in html in background of iOS app

I'm new to iOS development and I'm trying to make an app that tracks my student loans. I would like to have the app simply display a balance found on the loan's website and build on that behavior. I've got my app to open up safari to the website but I'd like more of a web-crawling behavior so it's done in the background. This web-crawler needs to be able to login to the website and then find a field with the loan balance value..
I've looked up several ways on how to do this but I can't get any of them to work with my novice level of experience with swift. If anyone has a recommendation and a direction to go with this, that would be great.
Thanks in advance!
I've written an app to get my uni's schedules, payment records, and grades by bypassing the login and gain access to API used by the website.
The step you could take are probably very similar to mine
Find out how the website authenticate its users (could be by cookie, session id's etc) You need to have some knowledge on web too. You can use the network tab on Chrome/Brave/Safari or any other browser to see what the website is doing when you click on 'login' for example. You could use Charles too, 30 days of trial should be enough.
After authentication succeed, track what API route the website use to get the datas to html. See what information you need to access the API route. Postman would be very handy to see the JSON response by the API.
To parse the response, you can use URLSession or networking library like Alamofire to get the job done.
If you want to see how I did it, here's the GitHub repo.

authentication from mobile to backend django

Good day everyone. I am stumped at the moment and would appreciate some guidance. I feel like I am a great googler to usually find my answers or resources but for the life of me I can't seem to find any good learning material on JSON requests and responses.
So I took a course that builds a 3 part app. Web app with Django, and 2 mobile apps that make API calls to it. The instructor uses Facebook authentication from the mobile apps and I am trying to set up the apps for username and login and a registration page as well.
I have django models setup and and can make users from the web app but I can't seem to wrap my head around how to make JSON calls from app to Django. When I search for possible terms like authenticate django I get results that talk about only django usage.
Does anyone have some tips or links to resources that would help me understand the login process better. I realize that almost every app has a login which is why I'm surprised that I can't find any good learning material on how its done. Or I'm just searching for wrong keywords.
Any help would be great thanks.
It's really a general question, But i give you a brief on how mobile and django server should interact with each other:
First of all, in your situation I really suggest to use django rest framework, Because of it's rich modules and functionallity like serializers, routers and ...
read more about it from origin documentation here.
For authentication system, You should use a token based system (or session). I suggest use one of django suggested token based solutions for that. In my case i really suggest to use django-restframework-jwt library
(JSON Web Token Authentication support for Django REST Framework).
so whenever you want to send a request to mobile you should provide that token (based on token authentication backend you choose) in your headers of request.
And for login and register you should create APIViews that takes user input, then register or authenticated it with backend and then gives user the generated token for future requests.
And for social auth system like facebook, the main concept is to redirect user from app to facebook oauth links, which if the user authenticate in his facebook will redirect you redirect url of your backend server, then you should capture that request in callback, fetch data and create or get the user and generate the token for that user and return it. so that for furture requests, by sending token to server, server will know that which user is sending this request and handle response properly for that.
And if you want to create a login with mobile, then you need to setup APIs for login, register with django rest which is really easy and you can learn from it here.

Django Rest Framework(DRF) Json Web Token(JWT) Authentication and Login Process

I want to implement JWT authentication for my project since this seems to be the most simple one out of all the authentication procedures - but I don't quite understand how an User can actually login using the JWT-auth. It would be helpful if anyone could share some reading materials or provide some insights on the workflow of the login of an user using JWT.
My own thoughts were somewhat along these lines:
The frontend sends a obtain_jwt request to the backend via drf api
The api returns a token in json format, if username and password were provided
It's from here I don't understand what needs to done going forward. Does the backend need to do anything else to complete the authentication/login process? Do I need to do anything else with DRF Permissions?
If this completes the login process, then there is something else which bugs me. For example, I have an APIView LoginView which has a post method to handle the login process. Now, does the frontend need to call the obtain_jwt function to get the function and then do another post-method to the LoginView? Or is there a way to return the json-web-token from that LoginView?
It would be really helpful if someone could answer these questions for me or provide some reading materials which would help me better understand the total workflow for this login process. Thanks.
Edit: My login process is being made to handle a facebook login - just to let the viewer know :)
It's not that complicated after its explained to you. General workflow is:
Client sends a username and password with a POST request via javascript(ajax).
DRF receives it, authenticates and return a token to the client in json format.
Client receives the token and stores it. Token is stored on the header of ajax setup, so all subsequent calls in this app have the token in the header.
Now just make regular api calls, and authetication is submitted automatically through the header that DRF reads and accepts.
See this.

How to learn about web communcation standards (xauth rest soap oauth json)?

I am an android application developer (trying to be one) and I want to learn how to communicate with web sites from my applications. However, I don't know where to start. Can you point me in the right direction?
PS : I believe "web communcation standarts" is wrong term but i don't know how to call them.
I'd suggest that you learn by doing. Pick an idea - let's say you want to upload a picture from your Android phone to facebook.
Now go and research how to do that. Facebook exposes what they call the "Graph API" for all fb resources, including users, statuses, and photos, among other things. The Graph API is a REST API - in other words each item on the backend is modelled as a "resource" which is accessible from a URL. (Learn more about REST on wikipedia). Send a GET HTTP message to the given URL and you can get information on the resource. Send a POST to the container of that resource, and you can add another of whatever it is. In this model, to add a photo, you POST to the album URL. Read on FB for how to do that. They call it "publishing".
But reading that doc page you learn that in order to POST you need an authorization token.
Your app needs publish_stream permissions. How do you get that? Keep reading in the FB doc and you'll see a link to the Authentication and authorization guide. That tells you about how to use OAuth 2.0 in Facebook apps.
Your app will send its first feeble message out, and get an error response. Why? You'll want to examine the message. so you google and figure out that you can use an http debugging proxy to help you, something like Fiddler2 for Windows, or Charles for other systems. So you download that, set the proxy on your Android device, and now you can view outgoing HTTP messages and their responses on your PC.
Keep plugging along, learning what you need to accomplish the task in front of you: in this example, posting a photo from an android device to Facebook.
After you reach that goal, you will have learned quite a bit of practical knowledge for this domain of problem. Then you can try a new goal, and work on that.
After a few iterations of this, you will have learned how to learn, which is even better than learning REST or OAuth. If you know how to learn, the sky's the limnit.
Learn about HTTP first. There is far more to HTTP than there first appears. It is a building block for everything on the web.
You will not go wrong by getting very familiar with this http://www.w3.org/Protocols/rfc2616/rfc2616.html