Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Loopback passport mobile login

Tags:

mobile

facebook

passport.js

loopbackjs

I'm developing an API with loopback and passport. I've seen this example, which is quite good:

https://github.com/strongloop/loopback-example-passport

In the documentation, they say loopback follows this step to authenticate users via third party providers:

  1. A visitor requests to log in using Facebook by clicking on a link or button backed by LoopBack to initiate oAuth 2.0 authorization.
  2. LoopBack redirects the browser to Facebook's authorization endpoint so the user can log into Facebook and grant permissions to LoopBack
  3. Facebook redirects the browser to a callback URL hosted by LoopBack with the oAuth 2.0 authorization code
  4. LoopBack makes a request to the Facebook token endpoint to get an access token using the authorization code
  5. LoopBack uses the access token to retrieve the user's Facebook profile
  6. LoopBack searches the UserIdentity model by (provider, externalId) to see there is an existing LoopBack user for the given Facebook id If yes, set the LoopBack user to the current context If not, create a LoopBack user from the profile and create a corresponding record in UserIdentity to track the 3rd party login. Set the newly created user to the current context.

So my question is, suppose some user get an access token using a mobile app, the how can I authenticate that user's requests using Loopback Passport?

Thanks

like image 883
danielrvt Avatar asked Jun 11 '15 18:06

danielrvt

1 Answers

I had opened a similar topic about same issue, How integrate loopback third-party login for android. Then found a solution for this.

First of all, its important to say that, a loopback user can able to have more access tokens in same time. When you logged in from your web site or mobile app, loopback creates an access token each time.

If you are asking about to get access token, there is already a way to do this, so you can get access tokens using login method like that

User.login({username: 'foo', password: 'bar'}, function(err, accessToken) {
   console.log(accessToken);
});

The only thing you have to do is calling this hosted method from your android app. You can use loopback android sdk (proper way) or posting username and password to server and handle, simply like that

app.post('/android/custom_login', function(req, res){
    var username = req.body.username;
    var password = req.body.password;

    User.login({username: username , password: password }, function(err, accessToken) {
      console.log(accessToken);
      return res.send(accessToken);
    });
});

If you are asking about, to make logged in users with social network account and then get access token, i can simulate a few things from google scenario. Also you can check extra loopback github test

app.post('/android/custom_login', function(req, res){
   var provider = 'google';
   var authSchema = 'oAuth 2.0';

   // oneTimeCode from android
   var oneTimeCode = req.body.oneTimeCode;

   // Make a request to google api
   // to exchange refreshToken and accessToken with using google apis
   var accessToken = 'FROM GOOGLE API';
   var refreshToken = 'FROM GOOGLE API';

   // external id is your google or facebook user id
   var externalId = 'FROM GOOGLE API';
   var email = 'FROM GOOGLE API';

   var credentials = {};
   credentials.externalId = externalId;
   credentials.refreshToken = refreshToken;

   var profile = {};
   profile.id = externalId;
   profile.emails = [{type:'account', value: email}];

   UserIdentityModel.login(
     provider, authSchema, profile, credentials , 
     {autoLogin:true}, function(err, loopbackUser, identity, token){
            if(err) throw err;
            // token is access token for thig login
            return res.send(token);
   });
});

In google scenario, i am obtaining a one-time code when the user clicked sign-in button. Then posted the one-time code to my server for exchanging with access token and refresh token. Also here, i am getting user profile info from google.

Profile and provider , are really important because UserIdentityModel.login() method creates an anonymous user with using provider and profile.id (if these infos not exist)

After all you will have an access token for android app, as you see

like image 134
blackkara Avatar answered Sep 27 '22 20:09

blackkara
Sign in to Comment

Related questions

What are the potential problems with exposing the Facebook API secret?
PHP Curl CURLOPT_IPRESOLVE
How to add facebook login to my own website?
How does Facebook auto display the image in the right size depending on user screens?
Fetching third party posts from the Facebook Graph API
How can I get all photos in one post using Graph API?
iOS application using Facebook -- rejected
How to Link Multiple Auth Providers to an Firebase Account?
How to turn off "Use Strict Mode for Redirect URIs" in facebook app
What are the open source alternatives for Facebook? [closed]
Implementing Facebook comments plugin in ReactJS app
Is there a Facebook Credits Ruby On Rails gem out there yet? Or ruby version of their Facebook Credits sample app?
How can I make facebook like buttons faster?
Posting/retrieving photo-comments using Graph API
Facebook SDK 4.6 login button on iOS doesn't use Facebook app for authentication
Load profile image from Facebook with Actionscript 3
Getting the facebook session at the server side if we login using JS SDK
if(session.isOpen()), facebook login on android always returning false
Is there a difference between Facebook's Open Graph API and its Graph API?
How to programmatically invite Facebook friends on a website

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!