Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    ah, ok. so maybe try something like
    var mobileApp = azureMobileApps({ auth: { expiresInMinutes: 1234 } });
    ?
    Swapnil Tripathi
    @tripathi-swapnil
    okay
    thanks trying the same
    for 5 mins
    need to add 5 only right ?
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    for 5 min seems like it would just be expiresInMinutes: 5
    Swapnil Tripathi
    @tripathi-swapnil
    @ephemorality - have you implemented swagger with it ?
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    no, haven't really done anything yet, just started poking around
    Swapnil Tripathi
    @tripathi-swapnil
    same here
    looking some solution which can serve using code commenting :)
    Swapnil Tripathi
    @tripathi-swapnil
    @ephemorality - expiresInMinutes
    does not work :(
    this is my code
    var context = req.azureMobile;
    
        var validateAuth = auth(context.configuration.auth);
    
        // Validate api-key header against environment variable.
        if(req.get('x-zumo-auth') !== undefined && validateAuth.validate(req.get('x-zumo-auth'))){
    i want 5 min token
    Dale Anderson
    @danderson00
    Sorry for responding so late, it's been crazy busy here. Looks like you sorted out most of the issues. As far as getIdentity goes, you could certainly cache the values in memory; there would be little benefit in caching them to a database as they are cached on the server anyway, the call made by getIdentity is light-weight.
    With token expiry, the tokens are actually minted by the Azure Web Apps authentication ("EasyAuth") as opposed to the Mobile Apps SDK. Just checking with the Easy Auth team if this can be customized.
    @togonow Thanks for the link to Chris' page. I'll send it to our docs people and see what we can come up with.
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    the idea is to store an id in an AAD B2C custom property, and use that for "personal table" authorization rather than the user's id/email. then i can link other arbitrary users so that any users with the same id in the custom property have the same authorization. does that seem like a reasonable approach for linking arbitrary identities (or are you aware of a better approach)?
    Dale Anderson
    @danderson00
    @togonow Many of the scenarios should be covered in the how-to section of the docs - check out the Node.js howtos, .NET server and client SDKs are listed down the left. Is there something significant missing?
    @ephemorality That sounds reasonable. I was considering a similar approach for implementing data security / sharing, i.e. having a custom claim in the JWT token.
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    i've been experimenting with different auth flows. do you know: if i use the implicit grant flow, will ~AAD B2C~ the Azure Web App? still create sessions?
    that is, is stateless auth possible with a node Azure Mobile App + AAD B2C?
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    it looks like the js client is sending a query param to the authorize endpoint session_mode=token, but i haven't been able to find documentation for what that does
    ToGoNow
    @togonow
    Screen Shot 2016-12-02 at 2.50.16 PM.png
    @danderson00 seems something like this page is missing from the azure app service sdk
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    ToGoNow
    @togonow
    yep, that's what i was looking for, thanks a lot
    Dale Anderson
    @danderson00
    @ephemorality I think it should be supported, but I'm not sure. I'd recommend creating a question on stackoverflow - I'll keep an eye out for it and will put the Auth team on to it as soon as I see it.
    Dale Anderson
    @danderson00
    @ephemorality Word from the auth team is that Azure AD does allow setting the lifetime of tokens. Not sure how exactly, but it should be possible.
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    @danderson00 cool, thanks. cc @Anshdesire
    (that was his question, i had just been suggesting random things to try)
    as for my questions, the problem with stack overflow is that i inevitably have follow-up questions
    Auth team needs a gitter! =)
    really, a lot of the auth questions likely need someone w/ cross-functional expertise between mobile apps, easy auth, and aad b2c
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    it's been a year since this SO post. really curious to know if anything has changed wrt to the story for refresh with implicit flow: http://stackoverflow.com/a/34206424
    Swapnil Tripathi
    @tripathi-swapnil
    i implemented socket.io with my existing app .
    i added one file like this
    module.exports = function(configuration, app, io) {
            console.log(configuration);
            io.on('connection', function(socket) {    ... }));
    my concern is i need to do raw query to update chat into DB how can i get context here ?
    tried so many things but failed :(
    @ephemorality @danderson00
    @ephemorality - I already suggested so many changes, and found few bugs as well :) @danderson00 - knows :)
    Dale Anderson
    @danderson00
    @ephemorality No idea whether things have changed - I would guess CORS is still not an option, but I believe refresh tokens have been implemented. I like gitter as well, but the advantage of SO is that posts become like reference material. It's hard to go back through a gitter channel to find solutions.
    @Anshdesire The context object is created by express middleware - this won't be available on your socket as the middleware doesn't get executed. You could create a similar object yourself - use https://github.com/Azure/azure-mobile-apps-node/blob/master/src/express/middleware/createContext.js as a basis.
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    @danderson00 github wiki works great as a place for reference material to live. where i've seen that work for communities, topics for the wiki become readily apparent when they are asked about repeatedly in chat
    but chat is really important until the reference material is filled in, because it takes some back-and-forth discussion to come to an understanding of what the fundamental problems/questions even are
    also much more natural for maintainers and community to update/evolve wiki pages over time vs stackoverflow
    Ghost
    @ghost~55e35bf20fc9f982beaf176a
    sending requests to /.auth/login/aad, i'm ending up with the browser stuck in the oauth flow at login.microsoftonline.com, waiting for a response from the POST to /.auth/login/aad/callback. after 2-3 min, the browser displays 500 - The request timed out.. I have all logging enabled, but see nothing after Received request: POST https://mytenant.azurewebsites.net/.auth/login/aad/callback in the app service "Log Stream"