Is it possible to obtain a users clockify API token upon sign in, in order to make requests on the users behalf? I see it's possible with username and password by sending a post request to their login endpoint how about social login like Google sign in?
Related
I am building a Next.js application that uses NextAuth for authentication. On my landing page, I have an email input form that users can fill out and submit. When the user submits their email, they are redirected to a createOrSignIn page, and the email is added as a parameter to the URL.
On the createOrSignIn page, I have implemented a reCAPTCHA that verifies whether the user is a human. After the user is redirected, I extract the email from the URL and validate it. Then, I need to make an API request to my backend Next.js API to verify the reCAPTCHA token and sign in the user using email provider.
However, I am having trouble finding a solution to log in the user using the email provider from the backend.
Can anyone provide guidance on how to sign in a user using the email provider from the backend with NextAuth in Next.js?
Thank you in advance for any help you can provide!
I have tried several approaches to log in the user using the email provider from the backend with NextAuth in Next.js
What I expected to happen was to be able to log in the user using the email provider from the backend with NextAuth in Next.js without requiring the user to be redirected.
The flow I expect is as follows:
User fills out and submits the email input form on the landing page.
User is redirected to the createOrSignIn page, and the email is added as a parameter to the URL.
ReCAPTCHA v3 is displayed on the createOrSignIn page.
After validate email, a request is sent to the backend API to verify the reCAPTCHA token.
If the reCAPTCHA token is verified, the user is signed in using the NextAuth email provider, and a response is returned to indicate whether a verification email was sent to the user and whether the user exists or is new.
If the user is new, a new user form is displayed where the user can fill out their username.
Using .net core 3.0 mvc need to get users authenticated email from Google and nothing more. Final result should be:
User clicks the link to authenticate with Google
Authenticates with Google
Callback is called with user authenticated email
No user's database or user identity is needed just authenticated email.
I don't know why this thing is happening. I am using android with firebase auth. In sign in method Google and facebook are enable only. And I am allowing only one account per email. I am alos not merging accounts.
What I am doing is :
loged in with facebook. let my email is "xyz#gmail.com" for facebook login.
loged out from facebook.
now login with same email "xyz#gmail.com" but this time i am choosing google login.
now logged out from google
Now when I again login with facebook and email is same i.e. xyz#gmail.com.
It show an error that user is allready register with difrent auth
provider
I'm using Wordpress + WooCommerce in combination with the WP-API as a backend for my mobile ecommerce App.
My goal is to offer some social login (via Facebook, Twitter, Google etc.) within the app to register/login and then use the WooCommerce API to receive e.g. all the orders of that authenticated user.
Currently my plan is:
Use some client SDK so that the user e.g. can login using his FB account
From step 1 I get e.g. the users name, email and FB ID which is sent to a custom endpoint for adding the user to the Wordpress DB (like https://github.com/royboy789/wp-api-social-login)
Create a custom endpoint for orders with WP-API (e.g.: .../orders)
Inside the endpoint function check wether the user is authenticated
If user is authenticated, the endpoint returns the user's orders using a WooCommerce API wrapper
(https://github.com/kloon/WooCommerce-REST-API-Client-Library)
But I'm struggling at #3 because I don't really know how to check wether the user is authenticated.
I thought about creating another endpoint that will contact the OAuth authorization server to check the user’s credentials using e.g. Facebook's access token. And if the check is valid, I would create a custom Access Token for my API using some hashing of the userID, email etc. which is sent back to the client app. Then this Access Token is used for every call to my API which then reads out the User ID from the hashed token and returns e.g. all the orders for this User.
But somehow this feels just not right. Especially because this way I'd create an endless living Access Token...
Once you have done #2, the HTTP response from WP will include the auth cookie: see https://github.com/royboy789/wp-api-social-login/blob/master/inc/social-routes.php#L31 in the sample pointed to by the question.
Not sure what HTTP library you are using in the app but if you save the cookies received in the response and just reuse them in all subsequent requests to the server then authentication should be taken care of: you won't need an extra check/access point, as the login/registration automatically logs the user in, and the standard WP cookie checks take care of the verification on new requests.
I need to refresh the user linkedin access token without them having to go through the initial authorization process all over again. I have also looked at this documentation http://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens, but It doesn't work because my users authorize the app through regular OAuth and the article uses the JS OAuth. (Not sure, if there is a difference between two processes, and if there is a difference between access tokens received from each process). Even though, I'm already logged in another tab on the same browser,
it always prompts me to login to LinkedIn.
If I try IN.User.isAuthorized() it returns false though I'm logged in into LinkedIn and I can't seem to be able to refresh the token.
If I pass the user LinkedIn access token from my server to the JS and the user LinkedIn id IN.User.isAuthorized() always returns true even when I'm not logged in
So what I'm trying to ask is, is there a way to refresh the user linkedin oauth token thorguh JS when the user is logged in to linkedin on the same broswer like we are able do for facebook ? and what is it ?
You cannot refresh the token without the member being at your application.
If you want to refresh the token, the member needs to be there and you need to direct them through the authorization page. If they're signed in to LinkedIn, this will be a seamless refresh and we'll redirect page to your application.