Zend Framework 2 Authentication/ACL via JSON requests - json

I understand how Database Table Authentication or Digest Authentication or HTTP Authentication works given the examples provided in the documentation. I would like to authenticate users to my application using Zend's \Authentication\Adapter, but am unsure how to do that by accessing a JSON Server rather than a local database.
Our users will pass their credentials into the application via a web post, and the application will send any and all request to a separate service via JSON to authenticate, query, etc. I have no problem hooking into the JSON Server, and writing the requests, etc. for that.
What I'd like to do is use Zend's built in Authentication mechanism to hook into the results returned by the JSON Server. Is there a way to do that using JSON rather than Database Table Authentication or Digest Authentication, etc.?
Thanks for any insights!

You should write your own adapter, implementing:
Zend\Authentication\Adapter\AdapterInterface
Take a look at the other adapters for instiration

Related

How to store data temporarily while redirectring within 2 OAuth Steps

I've read a lot of questions and look after a lot of sources, but I could not get the idea. That's because there is lot redirects happening with my application, let's see a quick look over the steps.
Step1. Login with [MyApp1]
1.1 get tokens via POST method
Step2. [Save tokens temporarily] < Stuck here.
Step3. Login with [MyApp2]
3.1 get tokens via POST method
Step4. Encrypt all tokens
4.1 Save it to MySQL Database
I do not know what is best to save the data temporarily, I looked over sessions and Redis, I am working on Node.js Web Application, HTML with a Server and MySQL Database.
Perhaps store them in the query? OAuth2 provides a state query parameter that is applied on redirect so your application can pass some information to itself after redirecting.

Pass Authentication Token to Service

I have used lifeary service builder to build my services. some of my services require that the user is authenticated before he can use them.
how can i generate an auth token and send it in the header or in the URL?
I have tried username#host.com:password#http://localhost:8080/PortletName-portlet/api/jsonws/?serviceClassName=com.service.NameServiceUtil&serviceMethodName=getMyNames&serviceParameters=[userid]&userid=1
and it did not work!
I have made sure i have added the below line in my portal-ext.properties and restarted the server.
json.service.auth.token.enabled=true
What more should i do to be able to pass Auth Token? is there a better method that i can use?
You actually want to use AuthVerifier. This is the best way how to access the Liferay API and be authenticated. It similar to the autologin concept.
Have a look at https://dev.liferay.com/es/discover/deployment/-/knowledge_base/7-0/authentication-verifiers and check out the PortalSessionAuthVerifier class in the source code.
The concept is quite simple. Read the request object and determine who the user is. Perform your custom authentication and return the auth result with the user identification.

Is it possible to build web Api application using dotnet core, MySQL with Authentication and Authorization?

I am trying to work out an application using
Dotnet Core 1.0
MySQL as the data store
Authetication and Authorization
Entity Framework
Ubuntu 16 machine
I have succeeded in creating a sample API to fetch data from MySQL database using entity framework. Now I want to introduce Authentication using email as username and Password.
I tried several method from different blogs but unable to achieve this.
What I am trying to achieve is Custom Authentication for the api where user will send username and password to login Api. The login Api will return an access token and refresh token. Using this access token, the user can call other APIs.
Later on I want to add Google and Facebook Authentication too.
Is there a way to do this?
Everything you want to achieve is possible. However there are some caveats.
Yes you can do this. You will need to use the resource owner grant which is turned off in identityserver 4 by default. I suspect the reason for this is because passing user credentials into an application is an anti-pattern, it is there to typically support legacy systems, also it does not authenticate users in the explicit sense because the credentials could come from an un-trusted source (as an example). You can read up about the grant's generic value here. You can find samples here.
The safer pattern is to use something like Implicit Flow which is good practice if you cannot guarantee trust between clients and your API.
As for social logins this is possible. There are tonnes of samples online but here are the official docs.
There is a project on github, https://github.com/diogodamiani/IdentityServer4.MongoDB and a corresponding nuget package that will send you in the right direction. It's obviously MongoDb, but the same premise applies.

Zend2 Web Services Auth and zfcUser

Once I have created my Web App with Zend2 , zfcUser and bjyAuthorize it's time to create the mobile App.
Our approach is to create and app with a json interaction with the Zend2 background.
The problem is that I don't know where to start in order to deal with a jSon Auth. Is possible wit zfcUser? any example out there?
Thanks in advance
ZfcUser module provides support for additional authentication mechanisms via plugins (Google, Facebook, LDAP, etc), but this feature seems to be in development now.
If you need that your mobile application to authenticate through some custom protocol based on JSON format, all you have to do is to create a controller action (say, mobileAuthAction()) which takes a JSON array with user credentials from POST, uses zfcUser API to authenticate the user, and return the response in JSON format. You may also look at view_manager configuration key to adjust the rendering strategy for your action to allow it to return JSON. Alternatively, you may call the $viewModel->setTerminal(false) to disable the layout rendering and echo your JSON to standard output.

mysql to android using soap

i know very well that android not support the mysql
but i need to connect mysql and get the information from database
i studied there are SOAP and REST services to connect mysql from android
is it possible?then give me one idea and if possible one example pls
i need to connect mysql and get the
information from database
You can get the data from the database with or without connecting to it. You can get it with or without SOAP. An agent on the server, usually a CGI sript makes the database request on the client's behalf. In SOAP, the the query and response are often encoded in XML, and always transmitted by standard Internet methods such as HTTP or SMTP.
Non SOAP methods include CORBA, simple RPC, and home-grown solutions. If the database is open to the Internet, then a direct connection to the database port on the server is possible.
It's only the security restrictions that limit what you can do. In an environment where only mail, HTTP and FTP are possible, SOAP is a good protocol. If the client is actually a web browser, then AJAX is ideal.
For a typical data request, all you need to know is the URL (and associated protocol) on the server to query for the data. For example, using HTTP:
http://dataserer.example.com/chart_data.cgi?chart_num=2
The server-side script, chart_data.cgi reads the query (from a GET request in this case), retrieves the information from the database and sends it, encoded in XML, back to the client, simply by writing the HTTTP header and XML content to standard output. It is Javascript and a browser protocol XMLHttpRequest that make the HTML request and XML receipt possible.
So even in Android, when you browse the web and see all that information, on Amazon for example. A lot of that information is retrieved by agents at Amazon from their database, formatted for the client(the browser on Android) and sent back to the client. No Android-specific coding is required.
Use a custom remote agent such as a CGI script on a server to access a remote database. Android only needs to communicate with the agent.
Write a SOAP server using the language of your choice:
Google: Soap Server
Call it from Android:
How to call web service with Android
Of course, you don't have to do it in SOAP. You can just output the data from your web service in any format like JSON, plain text, XML, CSV, (or even HTML?) ... and consume it from Android.