I'm developing an API with loopback and passport. I've seen this example, which is quite good:
https://github.com/strongloop/loopback-example-passport
In the documentation, they say loopback follows this step to authenticate users via third party providers:
So my question is, suppose some user get an access token using a mobile app, the how can I authenticate that user's requests using Loopback Passport?
Thanks
I had opened a similar topic about same issue, How integrate loopback third-party login for android. Then found a solution for this.
First of all, its important to say that, a loopback user can able to have more access tokens in same time. When you logged in from your web site or mobile app, loopback creates an access token each time.
If you are asking about to get access token, there is already a way to do this, so you can get access tokens using login method like that
User.login({username: 'foo', password: 'bar'}, function(err, accessToken) {
console.log(accessToken);
});
The only thing you have to do is calling this hosted method from your android app. You can use loopback android sdk (proper way) or posting username and password to server and handle, simply like that
app.post('/android/custom_login', function(req, res){
var username = req.body.username;
var password = req.body.password;
User.login({username: username , password: password }, function(err, accessToken) {
console.log(accessToken);
return res.send(accessToken);
});
});
If you are asking about, to make logged in users with social network account and then get access token, i can simulate a few things from google scenario. Also you can check extra loopback github test
app.post('/android/custom_login', function(req, res){
var provider = 'google';
var authSchema = 'oAuth 2.0';
// oneTimeCode from android
var oneTimeCode = req.body.oneTimeCode;
// Make a request to google api
// to exchange refreshToken and accessToken with using google apis
var accessToken = 'FROM GOOGLE API';
var refreshToken = 'FROM GOOGLE API';
// external id is your google or facebook user id
var externalId = 'FROM GOOGLE API';
var email = 'FROM GOOGLE API';
var credentials = {};
credentials.externalId = externalId;
credentials.refreshToken = refreshToken;
var profile = {};
profile.id = externalId;
profile.emails = [{type:'account', value: email}];
UserIdentityModel.login(
provider, authSchema, profile, credentials ,
{autoLogin:true}, function(err, loopbackUser, identity, token){
if(err) throw err;
// token is access token for thig login
return res.send(token);
});
});
In google scenario, i am obtaining a one-time code when the user clicked sign-in button. Then posted the one-time code to my server for exchanging with access token and refresh token. Also here, i am getting user profile info from google.
Profile and provider , are really important because UserIdentityModel.login() method creates an anonymous user with using provider and profile.id (if these infos not exist)
After all you will have an access token for android app, as you see
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With