stormpath / loopback-stormpath Goto Github PK
View Code? Open in Web Editor NEWUser authentication for Loopback made simple.
User authentication for Loopback made simple.
I created the complete version of LoopBack tutorial intended to be the primary test for LoopBack-Stormpath interface you are working on. This tutorial will be the first encounter of a typical LoopBack user with Stormpath Account Management Services, so I believe that this should be rock solid before sharing with anyone.
At the moment, this sample fails because the ls-getting-started\client\js\services\lb-services
code which is generated by ng-lp
code generator is unaware of your StrongLoop-Stormpath interface. It seems that you will need to create the ng-lp-sp
equivalent generator, which should not be a big deal.
I believe that written issues should go way ahead of just bug reports. Not only that I want to add accolades, I want to start with sharing my mind even before touching this code and a few seconds after I read this announcement that just arrived to my mailbox
For about a month I am trying to think of a way to get Stormpath team to recognize something that is very obvious to me: Authentication & User Management API is a service that needs to be planned for before even starting to write a world class application (speaking as an app developer here), meaning that Authentication & User Management API service provider ought to be able to offer guidance to their customer that reached far beyond code snippets that show how access to some API should be allowed only to folks with this specific role.
As I did not see much impact from my several support posts like this I decided to make the real case that illustrates the real need for an integration of precisely the type you just did. Please check my blog as well as the forum topics Server Side Application Structure, Client Side Application Structure and Common Infrastructure. Then realize that all this was written without me knowing anything about Strongloop at all - and you should appreciate the size of the overlap you and I have without knowing that.
However the most exciting piece is the simplicity and elegance of this StrongLoop <----> Stormpath integration. With a few characters changed in a couple of JSON files you swapped out the whole massive "user thing" from StrongLoop and plopped it where it rightfully belongs (in Stormpath's care). This is also a big atta-boy to Strongloop architecture, let's not forget that.
I dare to say that you do not have the right assessment of the value of what you did here - you need to be app architect to fully appreciate this. I am that guy and I do appreciate this!!
Quote from API Explorer documentation
By default, only the User model is exposed over REST. To expose the other models, change
the model's public property to true in /server/model-config.json. See Exposing models for
more information. Use caution: exposing some of these models over public API may be
a security risk.
Can I assume that all of Stormpath models will exposed this way?
This will be used to assert that the User model stuff is working properly.
I have defined my own user called Student in Student.json like:
"name": "Student",
"plural": "Students",
"base": "StormpathUser",
and in model-config.json I define:
"Student": {
"dataSource": "stormpath",
"public": true
},
I get the following error:
'Account givenName is required; it cannot be null, empty, or blank.'
Is there a different way I should be defining my own user?
Without dependency "base" : "User"(Persisted in code) there are no login,logout and others methods(I see it in explorer). With User base work "logout" and "registration", but login didnt work.
What I have to do to fix the login?
on login i have resp - "login failed" even if credentials are correct
At the point
That's it! You've now fully configured your Loopback project to work with Stormpath.
attempt to run the app (either as node .
or slc run
) the app crashes with the error shown in the issue title.
The same application without the replacement for User
in the model-config.json
with '''StormpathUser''' works just fine, so this problem seems to be caused by not having the user
object present anymore.
Once the User is replaced with StormpathUser and the respected datasource replacedwith stormpath
entry defined as
"stormpath": {
"name": "stormpath",
"connector": "stormpath",
"apiKeyId": "xxx",
"apiKeySecret": "xxx",
"applicationHref": "https://api.stormpath.com/v1/applications/xxx"
}
what about the other objects in the model-config.json
file:
"AccessToken": {
"dataSource": "db",
"public": false
},
"ACL": {
"dataSource": "db",
"public": false
},
"RoleMapping": {
"dataSource": "db",
"public": false
},
"Role": {
"dataSource": "db",
"public": false
},
All of these are normally used by LoopBack's own "security layer" and should most likely be removed
True? - or the interface is not yet complete to the level that this can be done?
This method needs to be implemented so that a StormpathUser model can be generated given a username / password pair.
See: https://github.com/strongloop/loopback/blob/master/common/models/user.js#L164 for reference.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.