Azure Mobile Services authentication client flow hook - asp.net

I'm using .NET backend on Azure Mobile Service. It's easy to set up authentication with social identity provider, so that the client can use e.g. Facebook iOS SDK to login, as illustrated in the official tutorial
In custom authentication, as I need to maintain my own Account table according to the official tutorial, I have full control over the registration & login.
I'd like to have a centralized User table to store information about all users, no matter which channel they used to authenticate.
My question is, is there a way for the .NET backend to be notified when a user register or login with a Facebook token? So that a new row can be added to the centralized User table even when the user is using Facebook to authenticate?
Thank you!

Yes - the User.GetIdentities() method contains the token and mechanism that was used to authenticate the user. You can use this to update your table. For an overview of how to use this token, see this blog post by the team: https://azure.microsoft.com/en-us/blog/custom-login-scopes-single-sign-on-new-asp-net-web-api-updates-to-the-azure-mobile-services-net-backend/

Related

Firebase custom auth provider I don't control/have access to?

Is it possible to use a custom authentication provider which I don't have any control over?
I develop an app in addition to a teachable course. Teachable is a platform like shopify where you can create online courses.
I want to use it as an auth provider, so a user, that already has an account can login with his teachable account.
To my knowledge custom authentications with auth tokes work like this: I send a request to my server with the entered user credentials. From my server I use these credential to login to teachable, if that was successful my server gets a callback and I return a token to my client, so the login was successful.
However as far as I know teachable doesn't have an api option for me to login and get a callback if it was successful.
What can I do about this? Also are there any security issues I didn't realized?
Your understanding of the flow to add a custom provider to Firebase Authentication is correct. You need to be able get the authenticated token from the provider, and mint a Firebase custom token from it.
If the provider you're looking to add doesn't have an API, you won't be able to add it as a custom provider to Firebase though.
I don't immediately see another way to connect the provider without an API.

AWS Cognito Federated Identities, User Registration and DynamoDB

I wonder if anyone can help. I'm trying to plan the AWS services that I'll need, and how they hang together, for a web application I'm planning.
Specifically I'm thinking about the user registration and login process using Cognito and DynamoDB.
Users will need to be registered and logged in in order to perform some actions. I'm thinking serverless, so these actions will be Lambda functions fronted by API Gateway. As with many websites, I'd like to use Facebook as the user authentication model. I'm thinking I need:
To create a Facebook application
To configure Cognito Federated Identities with the Facebook app id
To have a DynamoDB table to contain user information
To provide a facility to allow a user to register using their Facebook identity
On registration, create a record in the DynamoDB user info table with user's name, email etc as taken from their Facebook profile
To provide a facility for registered users to login with their Facebook identity
To somehow pass the user token (JWT token ?) on subsequent client requests to API Gateway endpoints
So far I've created the Facebook app and have an application ID. I've created the Cognito Federated Identity for the app and configured it with my Facebook app id. And I have set the Authorisation field for the Method Request for the API Gateway to "AWS_IAM"
Using the Facebook javascript SDK and the AWS javascript SDK, I've put together a very basic page that allows login via Facebook, then creates a new AWS.CognitoIdentityCredentials object with the facebook authResponse accessToken. Lastly it calls AWS.config.credentials.get to get the Cognito credentials. But this isn't really the steps above - it just proves that a user can login with their Facebook id and I can pass it to Cognito.
My specific questions therefore are:
What I'm trying to work out is how to do registration. Once the user has logged in via Facebook, how can I create a user record in DynamoDB?
And likewise, when a user goes to login (rather than register), once the user has logged in via Facebook, how can I ensure they have a user record in DynamoDB? (because if they dont have a record, then presumably they've not registered)
Lastly, how can I pass the user id / token from the client to an API Gateway endpoint?
I'm not looking for code samples etc - just pointers as to whether I'm thinking along the right lines or barking up the wrong tree. A high level of how the various components need to hang together would be great, as would any links or references to similar ideas of concepts.
Thanks

Is there any way to programmatically authenticate customers in Shopify?

We have a custom app hosted in Firebase (Google's Backend as a service). We would like to use Shopify's authentication so the user doesn't have to create an account in the app as well as the Shopify store (where we require accounts).
The key: I need to have some mechanism (like an API) that I can use to have Shopify authenticate a user. (Assume the customer has already created an account in the Shopify store. Account creation will be handled by the normal Shopify process.)
I can create a page in my app to ask for email / pass. Is there some way to send this info (perhaps along with some sort of token generated from a private app) to authenticate the customer? I just need Shopify to confirm whether the email / pass is correct, so I can then 'login' the user into my Firebase app.
Any direction / thoughts / suggestions are greatly appreciated.
PS. Firebase offers a 'custom authentication' option, along with email, Google+, Facebook. The custom auth option requires sending user / pass to the authentication server, which in this case, would be Shopify.
EDIT: Based on the responses, edited to clarify that I need some way to authenticate the user in Shopify. Handling the custom auth into Firebase seems like a fairly straightforward task, once I receive some sort of signal from Shopify telling me the users email / pass is valid.
This is a classic use case for custom Auth with Firebase. You send email/pass to your backend, authenticate with shopify, on success create a custom token with the user's id (most likely using shopify's user id), send it back to the client which would signInWithCustomToken signing in to Firebase.
Customer logs in to Shopify
Logged in Customer has an ID
Use App Proxy in your App to accept this ID using a secure callback
Use the Shopify API to look up the customer with the secure ID
If customer is found, they are then authentic and can use your App
Why is that not a useful and simple pattern for you to use?
You should take a look to Shopify MultiPass. Although, you need Shopify Plus that is very expensive.

Using salesforce as an authentication service and entitlements engine for third party application

I am the lead engineer on a web-based application that we would like to tightly integrate with salesforce. Specifically, we would like to:
Save email, hashed password / salt with contact record, and implement basic authentication service
Save entitlement information as part of the contact record
Basically, we would like to use salesforce as an authentication / entitlements service. Once a contact has been "converted" into a full fledged user of our system, we would like to be able to add user credentials to the contact object, and build an apex remote call that our system would use to authenticate the user. Furthermore, we would also like to enable / disable certain functionality on our site based on entitlements configured as part of the contact record.
I have read about using salesforce as an identity provider, but I don't think that this what we want. The contact record does not allow salesforce login.
Any direction would be appreciated.
They're probably going to need to be Customer Portal or Partner Portal Users.
I believe what you want to do may bypass SF's terms on users. If you want to authenticate users through salesforce, I believe you need a user license for every user (but there are some cheap licenses for high amounts of users, contact salesforce).
If you want access based on the contact object, you can map contacts to portal users, which creates an additional user object. From there on I do think the Salesforce Identity they are building, may be what you want ?
http://www.salesforce.com/company/news-press/press-releases/2012/09/120919-7.jsp
You don't need customer portal or partner portal, there are a set of tools that help you integrate Salesforce with third party application
look here :
http://wiki.developerforce.com/page/Integration
Hope this helps :)

After facebook login how to get User Information using javascript SDK in asp.net application

I have to implement facebook login and also want to get logged in user's information like birthday, firstname, Email address.
I have already done some other stuff like recent activities etc of facebook using javascript SDK of facebook.
i am developing application in ASP.Net (C#).
How can i get user information, Please provide me any idea.
Once the user's logged in and you asked for extended permissions (you can use Javascript to do that) you get an access token and then you can call the Facebook graph API. This is server side.
FB do not offer a C# SDK for their API so you will have to find one (or make you own)
see http://developers.facebook.com/docs/api

Resources