I am Creating a simple login, logout, signup flask web app using firebase auth and I successfully created login and signup but stuck in logout. So is there any way to log out or sign out from firebase auth?
Thanks
There is no way to invalidate a specific token, however you can invalidate the refresh token (refer this article)
But that doesn't seem to be your problem. So, Simply the best way to go about this would be to delete the token or forget the user from client side :
auth.current_user = None
After the user is set to None, the requests will not be authenticated and hence it's more like the user has logged out.
Still, if you want to implement this for some specific case, there is a workaround you can refer here
When you log in with firebase, it typically gives you a refresh token and an id token. These are JWT's that identify the user and the other refreshes the id token when it expires as the id token expires after 1 hour.
If you are using something like PyreBase
auth.current_user = None is not secure.
Instead, you should look at the sign out method provided.
import pyrebase
firebase = pyrebase.initialize_app(config)
auth = firebase.auth()
user = auth.sign_in_with_email_and_password(email,password)
auth.signOut()
Related
Because I'm mixing things up and just making myself more confused, maybe someone can actually guide me through it.
I need to make a Django REST API that requires login. However the User table already exists in a Postgres database. I think token-based authentication is most suitable, however, those tokens don't exist yet.
(Login once to retrieve/create a token, check the token on each request)
How can I use a POST request to submit login details purely for verifying the user?
How would I generate a token upon successful login, and should I store it in a new Token table?
After this, how can I use the token to provide authentication/authorization on API data requests?
All examples I can find use the default Django User model or don't go into enough detail, which I can't use in this case.
I've made a custom authenticator that checks the username and password, however I can't get through the next steps.
from api.models import LogonAccount
from rest_framework import authentication
from rest_framework import exceptions
import bcrypt
class ExampleAuthentication(authentication.BaseAuthentication):
def authenticate(self, request):
username = request.data.get('username') # get the username request header
password = request.data.get('password') # get the password request header
if not username or not password: # no username or password passed in request headers
return None # authentication did not succeed
try:
user = LogonAccount.objects.get(username=username)
if bcrypt.hashpw(password.encode(), user.password.encode()):
print("succes")
return (user, None) # authentication successful
except LogonAccount.DoesNotExist:
raise exceptions.AuthenticationFailed('No such user')
Don't get confused, you are simply trying to achieve token-based authentication with DRF. DRF already comes with this feature. This article will guide you through that https://simpleisbetterthancomplex.com/tutorial/2018/11/22/how-to-implement-token-authentication-using-django-rest-framework.html
Please help. I am trying to search for a specific user in Foursquare but for some reason I got Missing credentials error 401.
user_id = '484542633' # user ID with most agree counts and complete profile
url = 'https://api.foursquare.com/v2/users/{}?client_id={}&client_secret={}&v={}'.format(user_id, CLIENT_ID, CLIENT_SECRET, VERSION) # define URL
# send GET request
results = requests.get(url).json()
user_data = results['response']['user']
# display features associated with user
user_data.keys()
As documentation states, this endpoint is meant to be accessed on behalf of the user:
This endpoint requires user authentication.
User calls require a valid OAuth access token in the query string of each request instead of the Client ID and Secret (&oauth_token=XXXX).
For more information about this authentication method and how to obtain an access token, see the Authentication docs.
This means v2/users can only be accessed by your app, after a user (which can be you, using your own Foursquare account) goes through the OAuth login flow and grants necessary permissions. OAuth doesn't mean your app "logs in" as the user, rather that the user has given you permission to do something on their behalf.
To learn more about OAuth you can watch this talk: https://www.youtube.com/watch?v=996OiexHze0
To read more about Foursquare's API visit their documentation site: https://developer.foursquare.com/docs/api/
I am using the Grafana with my Django App and creating the user in the LDAP server. I wanted to make the user to Grafana admin at the time at the creating the user in the LDAP server. I found REST API Doc to set the user as grafanaAdmin, for this, it's required user-id and I am falling to find the user-id before the actual user logged in via browsers.
I tried some way to get the created user's :id
import requests
url = "http://localhost:3000/api/user"
auth = ("username","password",)
response = requests.request("GET", url, auth=auth)
print(response.text)
This code not giving me the user :id before the user actually logged in to the Grafana server.
Is there any other way to get the user :id
I am using Allauth to login with twitter in my Django app.
I have a problem to logout from existing account to login with different one.
I make logout in function logout in my views.py
and within it i tried to call:
from django.contrib import auth
auth.logout(request)
but it didn't work.
I also tried to expire session using this:
request.session.set_expiry(1)
to expire the session after 1 second, but it also didn't work.
By the way I use my own signup and login (I just save mail and password)
So Any ideas?
All auth takes care of it, jut build a url to:
/accounts/logout/
No need to write your own view. If you want to know what it does you could override their view.
I have an app, using this app in which user can sign-up via twitter and I have set permission of Read, write, and direct messages , So when user sign-up to my project he authorized me that I can post on-behalf of him. Also during signup I have got his oauth-token and oauth-token secret.
But I don't know how I can post tweet on behalf of that user. I try to submit a form at https://api.twitter.com/1.1/statuses/update.json with parmas like status , my app key and secret , user oauth_token and secret but in response I am always getting this
{"errors":[{"message":"Bad Authentication data","code":215}]}
I am using python-social-auth for sign up via twitter.
Any help would be appreciated.
Thanks
You need to specify the user access_token with your request, that's the way Twitter knows which is the current authenticated user. With python-social-auth you can do:
# given a user instance (and assuming Django ORM)
social = user.social_auth.get(provider='twitter')
backend = social.get_backend()
form_data = {
'status': 'The new twitter status goes here'
}
response = backend.get_json(
'https://api.twitter.com/1.1/statuses/update.json',
method='POST',
auth=backend.oauth_auth(social.extra_data['access_token']),
data=form_data
)