What's a security update? LOL.. guess I need to go laptop shopping ... Can't run newer OS on my tower, too small, too slow - will just keep it for internal housekeeping
Lily Romano
@Lilyheart
@robert194w Don't forget you can always run the tower past Cletus as that's what he used to do for a living. @Ryzilynt My win 7 machine is actually a dual boot machine with ubuntu. I would like to say I'm pure linux by the time win 7 is out of it's (extended) support life cycle. I have a few years left to get everything settled.
Lily Romano
@Lilyheart
Robert Wilber
@robert194w
Hi! Anybody out there? I am baffled by these JavaScript challenges.
Cannot find how to use function variable. Never covered anywhere. Couldn't find anything useful anywhere.
Robert Marcy
@Ryzilynt
Does this help? Functions stored in variables do not need function names. They are always invoked (called) using the variable name. The function above ends with a semicolon because it is a part of an executable statement.
I don't know anything about js yet , that's the top google return
Robert Wilber
@robert194w
thx. problem is variable in function with value defined [apparently] after the code I am supposed to write. None of this was discussed inywhere in any lesson and nothing I find approaches the nesting and operation process in the challenge.
This is one of the rearly Javaq script challenges in freecodecourse
Robert Wilber
@robert194w
Spelling error...time for bed!
Robert Marcy
@Ryzilynt
That's called a typo , happens to the best of us. Especially when autocorrect is involved
Robert Wilber
@robert194w
[ :
David Castner
@davidjcastner
@robert194w I help you if you still are looking for it. Just let me know what the problem you're working on and what you've attempted to do
Lily Romano
@Lilyheart
@robert194w it looks like you are on "Escape Sequences in Strings". Is that the one giving you problems? If so, you will be adding to the line that is already written for you.
Lily Romano
@Lilyheart
What's everybody working on tonight?
Robert Marcy
@Ryzilynt
Maybe stuffed peppers
Then later after that , prolly FCC
I'll also login to black board and see if any of my classes are available , and attempt to complete any inevitable syllabus quizzes that read their ugly heads
Possibly an intro post or 2.
Or 3
Lily Romano
@Lilyheart
I have two of four syllabi available at this point.
I am doing a code deployment right now, how thrilling
_
Lily Romano
@Lilyheart
Welcome @bereachad . That is always a thrilling time :laughing:
James Peruggia
@bereachad
And while this is building, im trying to understand how we can move away from our authorization and authentication in one spot for applications to a more "proper" flow
We use openID but I don't think we are doing it correclty
Lily Romano
@Lilyheart
I've had a battle any time I've dealt with openID. @davidjcastner might have had better experience.
James Peruggia
@bereachad
Well I think the issue is we are using openID for authorization of users, and using it to store the security for teh application as well, which is where I think we are going wrong. In general though it works, but once we start adding more clients to this server it will become an unmaintanable mess
David Castner
@davidjcastner
I just got home from work but I can explain what the recommended practices are in a couple minutes
James Peruggia
@bereachad
otehr than that, thanks for hosting this group!
Lily Romano
@Lilyheart
no problem :grin:
@bereachad I sent you a PM here with some information.
David Castner
@davidjcastner
@bereachad What do you mean that you are using openID for the security of the application?
David Castner
@davidjcastner
The general practice is that you store your users in the database and give them a role. You can use openID for authentication but the authorization of what each role or individual user has access to should be controlled by the server.
James Peruggia
@bereachad
so the way we have it setup right now is that we have the traditional work process of : user navigates to app -> clicks login - redirect to openId server w/ client_id -> they login with provider -> redirect back to application w/ openId token
issue is that step where we have "login with provider" we also query for roles into a database that is specific to the application they loged into, but i feel as that needs to be decoupled
And when you say store users in the database, you are talking about the database for the actual client application I assume
David Castner
@davidjcastner
correct for the client application, where is the query taking place?
Lily Romano
@Lilyheart
:thumbsup:
James Peruggia
@bereachad
well we decouple our clients from the api as well
sso we have say DataAccessAPI (WebAPI 2 C# backend) that several clients(applications) connect to
but I am trying to get the [Authorize] tags to not use just claims, but security for the application they logged into, the thing is we didn't specify the data structure for how they handle security , it was an old legacy system that we are trying to make fit
which is causing a headache
Right now we have our openID server authenticate the user, and then once authenticated, we look them up in a table for users on the API that will be using that openID server for authentication, and then return associated roles in teh claims for the user
David Castner
@davidjcastner
as long as the query is taking place on your servers you should be fine. But all API calls requesting data that requires authorization should send the openId token in the request to your server, then your server verifies the token before doing anything else
one sec I'll put together some pseudo code
David Castner
@davidjcastner
What is the openID server providing you? As in what does it return to you (the user, the role?)
James Peruggia
@bereachad
well right now it returns say, claims info about the user, such as firstName, lastName and userName and email
David Castner
@davidjcastner
okay and you can only call those methods from your server?