I am using facebook login and user pool login for application. After registering user in user pool I send .getAccessToken().getJwtToken() to backend and verify using private $jku = 'https://cognito-idp.us-east-2.amazonaws.com/xxxxxxx/.well-known/jwks.json'
After facebook login which token I should use to authentication user? Is it possible to do without any changes to backend
Related
I have an AWS multi account setup with several user pools in one account ("auth account") and in the other account ("app account") there is a web app that needs to query the auth account for user pool client info (the "DescribeUserPoolClient" action).
The app account is deployed using CDK and the app uses aws-sdk to query the auth account (using the DescribeUserPoolClientCommand) for information about a user pool.
How do I give access, in CDK code, to the app account to query the auth account for this information?
(The set of user pools are not known at build time, because they will be created programmatically.)
I'm attempting to understand how spring boot uses http sessions to manage the oauth authorization code flow.
I understand that after the user submits their credentials via the /login form spring will persist the authentication object so it can be retrieved when the browser is redirected to retrieve the authorization code.
What I dont understand is if the browser needs to sends jsession cookie to the server or http basic authentication header when invoking this flow.
For example if I wanted to initiate the flow manually via curl do I need to specify any special headers ?
It doesn't use HTTP sessions to persist it, the client ID and authorisation code (the code that's passed back to the client app after the user authenticates) is used to identify the authentication object. The authorisation code is then used to obtain the access token.
So:
The client app redirects to the auth server, passing in their client ID.
The user authenticates with their username and password on the auth server , which stores the authentication against the code and client ID and passed the authorisation code back to the calling app as a request param on the redirect URL.
The client app calls back to the auth server, authenticating with it's client ID and secret and passing in the authorisation code. This is then swapped for the access (and possible refresh) token.
If the app needs the user details, the client app calls the user details endpoint authenticating with the access token it now has.
I am facing the following problem.
I have to log in users in Openshift using Keycloak and then these users should be able to use the Openshift API using a custom external Web GUI which I made.
When I log in, Keycloak returns a Keycloak JWT-token. But my problem is that with this Keycloak JWT-token I cant use the Openshift API, for that I need an Openshift token, which is a different token. I could get the Openshift token using an http request to -openshiftmaster-/oauth/authorize , But I don't wanna do this cause this second authentication would mean a second login screen for the user.
Is there a way, once logged in usingKeycloak and in possession of a Keycloak JTW-token, to get the Openshift token without having to authenticate again against Openshift with username and password?
You can set up keycloak as an open id provider. Link 2. Link 3.
I have implement SOS concept between two php application. it application it available different domain.
I have required following condition.
1.When user is login any appplication to login this user with check user name and password into mysql database table
2.When user is login another application not reenter password direct login with this system.
3.When user logout at time both application can be logout.
-->my first application can be created Yii framework and another is moodle
please give idea to implement this concept in my both application
You can use external database authentication for Moodle -
https://docs.moodle.org/27/en/External_database_authentication
Log into Moodle as an admin then go to site admin -> plugins -> authentication -> manage authentication.
Enable the "external database plugin" and then update the settings to use the external database and map the fields for username, password, email etc.
I was looking for a way to authenticate a user on my site against moodle web service.
It seems that there is no web service that recives username and password and returns the user data.
Is it possible to overcome this ? i need to authenticate a user on my wp site against the moodle system
Thanks
If you are looking for something like an SSO using a Moodle system, then it is not possible to authenticate from Moodle.
However, you can have a common external authentication system such as OpenLDAP or OpenID and authenticate both Moodle and Wordpress from the OpenID application.
If you would like to get the user information from Moodle, then you could use the External Services API to get it.
Hope this helps.