I am trying to authenticate user login from some 3rd Party Api with same login credentials in case the login on Meteor fails.
I have tried to check for the username & password in Accounts.validateLoginAttempt, but it is not providing me the credentials which user just input from web app or mobile app.
Is there any work around to get plain username and password in that case?
Related
I am building a Next.js application that uses NextAuth for authentication. On my landing page, I have an email input form that users can fill out and submit. When the user submits their email, they are redirected to a createOrSignIn page, and the email is added as a parameter to the URL.
On the createOrSignIn page, I have implemented a reCAPTCHA that verifies whether the user is a human. After the user is redirected, I extract the email from the URL and validate it. Then, I need to make an API request to my backend Next.js API to verify the reCAPTCHA token and sign in the user using email provider.
However, I am having trouble finding a solution to log in the user using the email provider from the backend.
Can anyone provide guidance on how to sign in a user using the email provider from the backend with NextAuth in Next.js?
Thank you in advance for any help you can provide!
I have tried several approaches to log in the user using the email provider from the backend with NextAuth in Next.js
What I expected to happen was to be able to log in the user using the email provider from the backend with NextAuth in Next.js without requiring the user to be redirected.
The flow I expect is as follows:
User fills out and submits the email input form on the landing page.
User is redirected to the createOrSignIn page, and the email is added as a parameter to the URL.
ReCAPTCHA v3 is displayed on the createOrSignIn page.
After validate email, a request is sent to the backend API to verify the reCAPTCHA token.
If the reCAPTCHA token is verified, the user is signed in using the NextAuth email provider, and a response is returned to indicate whether a verification email was sent to the user and whether the user exists or is new.
If the user is new, a new user form is displayed where the user can fill out their username.
Currently, I am trying to develop a web portal where I want to allow specific users to enter in the site. This means I want to use specific username and password to enter my side without using any email address. How it is possible? I see that for custom login I have to use an authentication server and it is allowed in the Functions tab in Firebase. But I have to purchase it. Is there any workaround available to create my custom login without an email.?
Firebase Authentication has no username-password authentication. The best you can do is whenever user enters the user name you can append #yourapp-com to make the format like an email and use it with the password.
Use the same method when user tries to login, when they enter their username, append with that domain and use signInWithEmailAndPassword method. So technically you are using email and password (but the email cannot receive emails) but your users enter username and password only.
That was the easy work around but you can also store usernames and passwords in database. However make sure you properly hash the password in the database. You can use cloud functions to authenticate user. The auth flow would be like:
User enters username and password
A cloud function is triggered which then verifies the username and password
If the password matches, use the Admin SDK to generate a Custom Token and send it back to client
Use the signInWithCustomToken method and log the user in with that token.
When I login to to my firebase webapp using email and password then I still remain logged in even when I open the application the next day.
It seems to me that when we login to the firebase webapp using email and password based authentication the user will remain logged in until and unless he explicitly logouts.
Is it possible to timeout the login sessions so that if someone comes to use the same workstation after some time and the previous user has not logged out then the new user needs to reenter the credentials?
I want to use the Windows Live Id Authenticaiton in my Asp.Net/MVC web application, but I do not want to use the Login screen provided by Microsoft.
I want to have my custom page for login, take username and password from User and then send these credentials to the Windows Live ID, to Authenticate, and I get back the response if the user is authenticated or not.
Is this possible?
I want to have my custom page for login, take username and password from User and then send these credentials to the Windows Live ID, to Authenticate, and I get back the response if the user is authenticated or not.
You missed the point of single sign-on authentication. Using that, the user does not provide their credentials to your site, but to the SSO provider. That provider gives you a token which lets you act on behalf of the authenticated user.
The user's credentials are never received by your site.
So no, you cannot, nor should you want to, do this.
How to verify users login credentials using users login credentials of user's gmail account (like in stackoverflow on clicking gmail it takes to gmail login page and gmail verifies the user)
You're probably referring to OpenID. GMail is just one provider of OpenIDs - there are plenty of others and you can create your own.