by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Robert Wilber
    @robert194w
    What's a security update? LOL.. guess I need to go laptop shopping ... Can't run newer OS on my tower, too small, too slow - will just keep it for internal housekeeping
    Lily Romano
    @Lilyheart
    @robert194w Don't forget you can always run the tower past Cletus as that's what he used to do for a living. @Ryzilynt My win 7 machine is actually a dual boot machine with ubuntu. I would like to say I'm pure linux by the time win 7 is out of it's (extended) support life cycle. I have a few years left to get everything settled.
    Lily Romano
    @Lilyheart
    funnies
    Robert Wilber
    @robert194w
    Hi! Anybody out there? I am baffled by these JavaScript challenges.
    Cannot find how to use function variable. Never covered anywhere. Couldn't find anything useful anywhere.
    Robert Marcy
    @Ryzilynt
    Does this help? Functions stored in variables do not need function names. They are always invoked (called) using the variable name. The function above ends with a semicolon because it is a part of an executable statement.
    I don't know anything about js yet , that's the top google return
    Robert Wilber
    @robert194w
    thx. problem is variable in function with value defined [apparently] after the code I am supposed to write. None of this was discussed inywhere in any lesson and nothing I find approaches the nesting and operation process in the challenge.
    This is one of the rearly Javaq script challenges in freecodecourse
    Robert Wilber
    @robert194w
    Spelling error...time for bed!
    Robert Marcy
    @Ryzilynt
    That's called a typo , happens to the best of us. Especially when autocorrect is involved
    Robert Wilber
    @robert194w
    [ :
    David Castner
    @davidjcastner
    @robert194w I help you if you still are looking for it. Just let me know what the problem you're working on and what you've attempted to do
    Lily Romano
    @Lilyheart
    @robert194w it looks like you are on "Escape Sequences in Strings". Is that the one giving you problems? If so, you will be adding to the line that is already written for you.
    Lily Romano
    @Lilyheart
    What's everybody working on tonight?
    Robert Marcy
    @Ryzilynt
    Maybe stuffed peppers
    Then later after that , prolly FCC
    I'll also login to black board and see if any of my classes are available , and attempt to complete any inevitable syllabus quizzes that read their ugly heads
    Possibly an intro post or 2.
    Or 3
    Lily Romano
    @Lilyheart
    I have two of four syllabi available at this point.
    I think imma go through www.commandlinepoweruser.com
    Lily Romano
    @Lilyheart
    What other classes are you taking @Ryzilynt ?
    James Peruggia
    @bereachad
    I am doing a code deployment right now, how thrilling
    Lily Romano
    @Lilyheart
    Welcome @bereachad . That is always a thrilling time :laughing:
    James Peruggia
    @bereachad
    And while this is building, im trying to understand how we can move away from our authorization and authentication in one spot for applications to a more "proper" flow
    We use openID but I don't think we are doing it correclty
    Lily Romano
    @Lilyheart
    I've had a battle any time I've dealt with openID. @davidjcastner might have had better experience.
    James Peruggia
    @bereachad
    Well I think the issue is we are using openID for authorization of users, and using it to store the security for teh application as well, which is where I think we are going wrong. In general though it works, but once we start adding more clients to this server it will become an unmaintanable mess
    David Castner
    @davidjcastner
    I just got home from work but I can explain what the recommended practices are in a couple minutes
    James Peruggia
    @bereachad
    otehr than that, thanks for hosting this group!
    Lily Romano
    @Lilyheart
    no problem :grin:
    @bereachad I sent you a PM here with some information.
    David Castner
    @davidjcastner
    @bereachad What do you mean that you are using openID for the security of the application?
    David Castner
    @davidjcastner
    The general practice is that you store your users in the database and give them a role. You can use openID for authentication but the authorization of what each role or individual user has access to should be controlled by the server.
    James Peruggia
    @bereachad
    so the way we have it setup right now is that we have the traditional work process of : user navigates to app -> clicks login - redirect to openId server w/ client_id -> they login with provider -> redirect back to application w/ openId token
    issue is that step where we have "login with provider" we also query for roles into a database that is specific to the application they loged into, but i feel as that needs to be decoupled
    And when you say store users in the database, you are talking about the database for the actual client application I assume
    David Castner
    @davidjcastner
    correct for the client application, where is the query taking place?
    Lily Romano
    @Lilyheart
    :thumbsup:
    James Peruggia
    @bereachad
    well we decouple our clients from the api as well
    sso we have say DataAccessAPI (WebAPI 2 C# backend) that several clients(applications) connect to
    but I am trying to get the [Authorize] tags to not use just claims, but security for the application they logged into, the thing is we didn't specify the data structure for how they handle security , it was an old legacy system that we are trying to make fit
    which is causing a headache
    Right now we have our openID server authenticate the user, and then once authenticated, we look them up in a table for users on the API that will be using that openID server for authentication, and then return associated roles in teh claims for the user
    David Castner
    @davidjcastner
    as long as the query is taking place on your servers you should be fine. But all API calls requesting data that requires authorization should send the openId token in the request to your server, then your server verifies the token before doing anything else
    one sec I'll put together some pseudo code
    David Castner
    @davidjcastner
    What is the openID server providing you? As in what does it return to you (the user, the role?)
    James Peruggia
    @bereachad
    well right now it returns say, claims info about the user, such as firstName, lastName and userName and email
    David Castner
    @davidjcastner
    okay and you can only call those methods from your server?