Is there a way to get an example of implementing the 3 legged authentication process in React without using Redux?
The boiler plate is just way complicated for the majority and I guess is good to have something more simple for "the rest of us".
EDIT
To persist Redux states I can think of two options off the top of my head:
Open a new window session for the authentication and you can close the window and notify the parent window since they'd in the same domain once the callback arrives
Or persist all essential states to localStorage/sessionStorage to load back after direction
Although we don't exactly have a React sample to generate 3 legged tokens but the that very process has no more to do with your backend - you'd not want to generate a 3 legged token in your front end for security reasons.
So far as React or any front end framework is concerned it's a matter of redirecting the user to sign in to their Autodesk account and set up the callback handler in your backend properly to receive the access code - see our official tutorial for details and there's sample code for both front (albeit in vanialla JS) and back ends
Feel free to comment if you have any specific question re this process.
Related
Is there anyway to convert or import AIML files to Dialogflow or Lex for creating a chatbot? I am hoping for a way to incorporate open source AIML files into an NLP chatbot framework like Dialogflow or Lex, and so far my googling has produced no avail.
I found a way to create a Dialogflow bot using CSV, and I wonder if this is a case of converting AIML into CSV? Is it feasible or a fool's errand?
Much appreciation for your advice, guidance, and brainstorming!
Keith Sterling has a way listed on his github page using python 3. It also has a full step-by-step implementation with screenshots and was just updated a few days ago. It’s AIML 2.1 compliant as well.
Also, it is completely free. DialogFlow itself has both free and paid tiers (as you may know) but his program is open source.
Here’s the link:Program-Y github Repo
By way of background, this is an AIML Interpreter (which is to say it is a way for you to deploy your AIML files under various circumstances). So while the link in the OP is more direct, this gives you more options.
For example this allows you to use your same files in:
Google Assistant
A Web Client
Messenger
Telegram
Alexa
Cortana
DialogFlow
etc
And because this is REST you only interact with your main implementation and this in-turn updates all client bots.
This helps you keep an updated central set of AIML files and is also lower on overhead.
Set-up:
First sign in and then click Create Agent.
Give you bot a name, and ensure the language and timezone is what you need them to be, and then click:
Create Intents
First, delete the 2 existing intents:
Default Fallback
Default Welcome
Next, create the intents for integration with Program-y (the name of the Repo).
There are 4:
Launch
Quit
Help
Query
Launch Intent
Click Create Intent
Enter your training phrases
select event, and then,
under fulfillment, choose web-hook
Quit Intent
Carry out the same steps as above, this time naming it Quit, but this time do not select an Event and use the following phrases:
stop
exit
leave
quit
Help Intent
Again carry out the same steps as above, this time naming it Help. Again do not select an Event and use the following phrases:
help
what can I ask you
help me
what can you do
Query Intent
Finally carry out the same processes, but this time name it Query. Again do not select an Event, but this time we have one training phrase
query
This time, however, add a parameter as follows:
Connect Endpoint
Finally we need to set the endpoint that DialogFlow will call each time it identifies an intent.
On the left hand side menu bar, click Fulfillment link. Click Enabled and then enter the URL that should be called which Program-Y is running on as a Google client.
The API endpoint is always /api/alexa/v1.0/ask So combine this with the ngrok URL, gives you https://87e27269.ngrok.io/api/alexa/v1.0/ask
To save this click 'Save Endpoints' and you are ready to get your client up and running.
Scroll down to the bottom and click Save.
I know that’s a lot of info and it may look overwhelming however there are screenshots and a walkthrough at the link:
Program-Y github Repo
No, currently there is no way to do this. There is no straightforward way to translate AIML files to Dialogflow or Lex JSON import formats. The basic structure of how the conversation is handled is different. Although you can find the idea of Intent, Entities and Context in AIML (specially v2.0) you would need to do a lot of manual effort to adapt it.
I would recommend extracting the patterns -what the user says- and the templates -what the chatbot responds- from AIML, import it to the framework you want to use and adapt manually the context and entities.
Good day everyone. I am stumped at the moment and would appreciate some guidance. I feel like I am a great googler to usually find my answers or resources but for the life of me I can't seem to find any good learning material on JSON requests and responses.
So I took a course that builds a 3 part app. Web app with Django, and 2 mobile apps that make API calls to it. The instructor uses Facebook authentication from the mobile apps and I am trying to set up the apps for username and login and a registration page as well.
I have django models setup and and can make users from the web app but I can't seem to wrap my head around how to make JSON calls from app to Django. When I search for possible terms like authenticate django I get results that talk about only django usage.
Does anyone have some tips or links to resources that would help me understand the login process better. I realize that almost every app has a login which is why I'm surprised that I can't find any good learning material on how its done. Or I'm just searching for wrong keywords.
Any help would be great thanks.
It's really a general question, But i give you a brief on how mobile and django server should interact with each other:
First of all, in your situation I really suggest to use django rest framework, Because of it's rich modules and functionallity like serializers, routers and ...
read more about it from origin documentation here.
For authentication system, You should use a token based system (or session). I suggest use one of django suggested token based solutions for that. In my case i really suggest to use django-restframework-jwt library
(JSON Web Token Authentication support for Django REST Framework).
so whenever you want to send a request to mobile you should provide that token (based on token authentication backend you choose) in your headers of request.
And for login and register you should create APIViews that takes user input, then register or authenticated it with backend and then gives user the generated token for future requests.
And for social auth system like facebook, the main concept is to redirect user from app to facebook oauth links, which if the user authenticate in his facebook will redirect you redirect url of your backend server, then you should capture that request in callback, fetch data and create or get the user and generate the token for that user and return it. so that for furture requests, by sending token to server, server will know that which user is sending this request and handle response properly for that.
And if you want to create a login with mobile, then you need to setup APIs for login, register with django rest which is really easy and you can learn from it here.
This question comes from the following post:
OWIN cookie authentication get roles on client side
I've created a separate thread for the question since it is more general than one in the post above.
In short:
Let's say we have a web application with javascript as client side + ASP.NET web api as server side and also an identity server. Only authenticated users can access web api endpoints, some of them accessible only for specific roles of user.
Now the client side of application should show specific items based on what role user is in. For example: user in administrator role can see an extra tab: manage items. There are two approaches to achieve this:
When rendering client side application, one could call an endpoind in web api which would return what roles user have. Based on that result, show/hide items in html.
When application loads, an endpoint, which returns how the structure should look like (for example: json string) would be returned, and based on that structure client application would be rendered. No show/hide html on client side based on roles in such case.
Now regarding 1st point: some could argue that there is a security leak, since malicious user can modify html to see elements that he is not supposed to see. But in this case he will not see any content from database and will not be able to load/update it since he will not be authorized to do that based on his role which is checked in server side.
2nd point seems more valid since we keep all identity related information logic on server side. And also all unnecessary content is not in html (while in 1st point it's hidden) - so that leads to better performance? In this case though if for example developing angular application, the json structure of application should include such information as name of angular controller and route for example. Would that not add complexity to developing application?
Assume that the application itself have a lot of roles and a lot of items should be visible/not visible based on these roles.
Pros/cons between 1st and 2nd? Thanks!
I stick always with the first suggested point.
As you mentioned the second choice will add more complexity for developing. For the 1st there is no security leak. If you don't want your users to modify the html and to access forbidden areas in your application simply use ng-if instead of ng-show. If you are not familiar - ng-if will not just hide the content with display: none;. It will completely remove it from the DOM and this leading the user unable to show that content as it is not in the DOM.
Read this for more detailed explanation for ng-if and ng-show: what is the difference between ng-if and ng-show/ng-hide
I usually have an endpoint getting information about the user - including it's role and save that user into a service (factory). This gives me the flexibility to use it everywhere in the application and check if the user has access or not to certain parts of it.
I'm playing with the idea of having a completely decoupled HTML5 frontend, but still user authentication for a web app. Is this possible or will I run into some heavy browser security issues?
The idea is to have all static content delivered through a CDN on like example.com, and having it fetch dynamic data (and user authentication) through a separate subdomain, like api.example.com.
This would speed up the loading time of the site, and I could keep the frontend stuff in a completely separate repo so that the developers don't have to worry about setting up the backend to develop and test new features.
Is this already possible in some JS framework perhaps, backbone.js, angular.js, ember.js, knockout.js ?
It definitely is, but I think it is more about approach rather than technology. I have implemented what you describe for a project (it's online but don't want to do a shameless plug here, if interested to check it out I can post the link). My stack is java in the backend exposing a REST api for both autentication and business logic. The client is a backbone.js application. I explicitely decided NOT to use sessions at all. It is completely stateless. This of course means that the user must be re-authenticated at every request.
When the user logs in through a slightly modified OAuth endpoint, it gets a token that must be passed at every request. Cookie works in this case as they are handled automatically by the browser. If not passed as cookie, the backend expect it as a parameter. The frontend communicates using the REST endpoints. It's a single-page application, full client side, this means that the backend serves a page that is basically empty, that include few JS files that are the application itself. No other pageload occurs. Logout is done by simply deleting the cookie or not sending the authToken, the server cannot and doesn't have to "forget" about the user. Token are nice as they can be invalidated, both expilcitely or by changing the password. I've chosen this approach as it made it easy to develop desktop app and browser plugin for my webapp without touching a single line of backend code.
I am an android application developer (trying to be one) and I want to learn how to communicate with web sites from my applications. However, I don't know where to start. Can you point me in the right direction?
PS : I believe "web communcation standarts" is wrong term but i don't know how to call them.
I'd suggest that you learn by doing. Pick an idea - let's say you want to upload a picture from your Android phone to facebook.
Now go and research how to do that. Facebook exposes what they call the "Graph API" for all fb resources, including users, statuses, and photos, among other things. The Graph API is a REST API - in other words each item on the backend is modelled as a "resource" which is accessible from a URL. (Learn more about REST on wikipedia). Send a GET HTTP message to the given URL and you can get information on the resource. Send a POST to the container of that resource, and you can add another of whatever it is. In this model, to add a photo, you POST to the album URL. Read on FB for how to do that. They call it "publishing".
But reading that doc page you learn that in order to POST you need an authorization token.
Your app needs publish_stream permissions. How do you get that? Keep reading in the FB doc and you'll see a link to the Authentication and authorization guide. That tells you about how to use OAuth 2.0 in Facebook apps.
Your app will send its first feeble message out, and get an error response. Why? You'll want to examine the message. so you google and figure out that you can use an http debugging proxy to help you, something like Fiddler2 for Windows, or Charles for other systems. So you download that, set the proxy on your Android device, and now you can view outgoing HTTP messages and their responses on your PC.
Keep plugging along, learning what you need to accomplish the task in front of you: in this example, posting a photo from an android device to Facebook.
After you reach that goal, you will have learned quite a bit of practical knowledge for this domain of problem. Then you can try a new goal, and work on that.
After a few iterations of this, you will have learned how to learn, which is even better than learning REST or OAuth. If you know how to learn, the sky's the limnit.
Learn about HTTP first. There is far more to HTTP than there first appears. It is a building block for everything on the web.
You will not go wrong by getting very familiar with this http://www.w3.org/Protocols/rfc2616/rfc2616.html