by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Huw
    @velsietis
    Hi, not sure if it's better to raise an issue on https://github.com/Azure/api-management-developer-portal or ask the questions here. Thought I'd try here first...
    I'm looking for some tips about hosting the designer on-line securely
    The way it works in Azure API Developer Portal seems pretty good, but there's no information on how to do something similar
    Mikhail Tuchkov
    @mtuchkov
    Do you mean to allow to edit content to authorized users?
    In this case the persistence layer should support authorization and your responsibility to issue the authorization information for the user.
    Huw
    @velsietis

    Hi Mikhail, that is what I mean, but perhaps my query is more specific to the Azure API Portal version.

    We've been using this wiki guide
    but there's no information provided about how to make the settings held in config.json available to authorized users only.

    Huw
    @velsietis

    How (I think) the integrated Azure API Portal designer is secured

    The launch button in Azure navigates to /signin-sso on the portal page, with a Management API Access token in the URL, e.g.

    https://<service-name>.developer.azure-api.net/signin-sso?token=<managementApiAccessToken>

    A gateway then validates this token.

    • If the token is valid, the gateway responds with the index page for the designer and sets an auth token in the response header

      Set-Cookie: auth=s%3Ae%3Aa19c164f348b0e783f52220e61c2c8ef...

      For all subsequent requests with this cookie, the gateway direct to the static files for the designer

    • If the token is invalid or not present, the gateway instead directs to the static files for the published site

    The question is how to implement such a gateway?
    Mikhail Tuchkov
    @mtuchkov
    Not sure how is this done in Azure API Management. You are probably correct. At least it was this way in past in the old portal when I was working there.
    In papersites (https://dashboard.papersites.io) we solved it in a different way. We use Firebase, it has token based authZ. We implemented the IAuthProvider (can’t recall the specific interface name) for firebase.
    What it does it acquires token from backend through OIDC with hidden prompt and keep the token in memory.
    If you need a gateway that will handle cookie based auth then I believe pretty much every web server has capabilities for that. For node there is express + passport js, or jest
    Huw
    @velsietis
    Thanks, I'll investigate the options a bit more, just thought it's worth checking if there's some "turn-key" solution out there before we start working in our own implementation.
    Alexander Zaslonov
    @azaslonov
    Hi @velsietis, in APIM there is a lightweight proxy that routes the request into different blob storages depending on user authentication. At some point, that proxy (or better say portal backend) will be open-sourced for the self-hosted scenario as well. It covers a bunch of other things like delegation, captcha validation, etc.
    Huw
    @velsietis
    Thanks, that's good to know it will be open-sourced. We won't spend too much time trying to replicate it then :)
    Mikhail Tuchkov
    @mtuchkov
    But I guess it is platform specific. I.e. you plan to use it for .NET (this is Azure’s code) then sure, otherwise you can use it as a guide.
    Sorry, not platform, the language runtime specific.
    Alexander Zaslonov
    @azaslonov
    Right, APIM dev portal backed implemented in NodeJS.
    Mikhail Tuchkov
    @mtuchkov
    I expected the .NET Core :smile:
    Keith Lawrence
    @keithl8041
    Heya :wave: I'm trying to follow the tutorial to set up Paperbits with Firebase but it looks like Google has updated Firebase and large bits of the authentication section are completely different. I'm happy to have a go at updating the docs if I can figure out how to set it up..
    image.png
    I'm following this tutorial (https://paperbits.io/wiki/getting-started#yUP6J) and I'm getting stuck on 4.5. I've configured as much as possible but when i run the project I'm getting this authentication error. I've configured email/password auth and Google auth.
    Alexander Zaslonov
    @azaslonov
    Hi Keith, thank you let me check, I'll get back to you.
    Alexander Zaslonov
    @azaslonov
    Keith, looks like they just renamed "Basic" to "Email/Password", all the rest seems the same and working (for me at least).
    Can you tell which provider you're trying to setup? Have you added the user (looking at your error, it tries to do user signup)?
    Keith Lawrence
    @keithl8041
    Hey, thanks for the response. I figured that email/password is the same as Basic auth and I set it up and created a user. What's not clear to me is where I'm supposed to add the username/password to the config? I don't have a /src/config.json as mentioned in the docs and I can't find an obvious place to add the user credentials.
    Alexander Zaslonov
    @azaslonov

    You're right, there is a change in Firebase UI: there is no WEB SETUP option anymore, and hence, it is not clear how to put it into configuration. Sorry about that, we'll fix the docs.

    So, what you need to do is to put this into design.config.json to run the designer:

    {
        "firebase": {
            "apiKey": "< your API key >",
            "authDomain": "< your domain >.firebaseapp.com",
            "databaseURL": "https://< your database URL >.firebaseio.com",
            "projectId": "< your project ID >",
            "storageBucket": "< your storage bucket >.appspot.com",
            "databaseRootKey": "/",
            "storageBasePath": "/",
            "auth": {
                "basic": {
                    "email": "...",
                    "password": "..."
                }
            }
        },
        "environment": "design"
    }

    For publlishing, there are also some changes not mentioned in our docs (another thing to fix) - it is about service account private key:

    To generate a private key file for your service account:

    1. In the Firebase console, open Settings > Service Accounts.
    2. Click Generate New Private Key, then confirm by clicking Generate Key.
    3. Securely store the JSON file containing the key.
    4. Fill repsective fields in publish.config.json:
    {
        "firebase": {
            "apiKey": "< your API key >",
            "authDomain": "< your domain >.firebaseapp.com",
            "databaseURL": "https://< your database URL >.firebaseio.com",
            "projectId": "< your project ID >",
            "storageBucket": "< your storage bucket >.appspot.com",
            "auth": {
                "serviceAccount": {
                    "type": "service_account",
                    "project_id": "...",
                    "private_key_id": "...",
                    "private_key": "...",
                    "client_email": "...",
                    "client_id": "...",
                    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
                    "token_uri": "https://oauth2.googleapis.com/token",
                    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
                    "client_x509_cert_url": "..."
                }
            },
            "databaseRootKey": "/",
            "storageBasePath": "/"
        },
    ...
    Keith Lawrence
    @keithl8041
    thank you! I will give your instructions a go and report back. I appreciate the help.
    Alexander Zaslonov
    @azaslonov
    sure, hope that helps.
    Keith Lawrence
    @keithl8041
    Great - that's helped with the authentication to the server. Now I have some issues with permissions to database content, but I'll try sort that out myself by reading up on database rules. I think the default permissions have changed since the documentation was written. The one thing I don't understand is how to distinguish between anonymous users and "CMS editors" - I assume I should actually be using something like gmail authentication. Can you provide the auth: {} config for specifying which gmail users should be allowed to edit content?
    Keith Lawrence
    @keithl8041
    I guess my next question is, if I load it in incognito mode, why am I getting the edit interface if i don't have edit permissions?
    Alexander Zaslonov
    @azaslonov
    image.png
    the permissions get assigned on the Rules, and right, it is better to read Firebase docs to better understand it.
    you're getting editing interface because there is no logic to handle authentication/authorization. basically "demo" project is for demo purposes :) and the real usage hardly depends on the model of your application.
    here the firebase got chosen for demo puposes because it is fairly simple to start with and it has free tier which is great for developers to make PoC
    Keith Lawrence
    @keithl8041
    Makes sense - thanks. I'll play around with it some more. Thanks for the database rule example.
    Keith Lawrence
    @keithl8041
    I am getting nowhere with this. I can't work out how it's meant to work. The edit/design interface is cool and I can scope it down to just a single google user, but I can't figure out how to only show the published version to non-authenticated users and checking for auth before showing content doesn't make any sense anyway. So ideally I want a design interface available on a special URL that is only available to selected google users, and some kind of npm auto-publish script on save which writes the published files out to the CDN. Seems a weird setup though, I'm definitely missing something. Any thoughts?
    Mikhail Tuchkov
    @mtuchkov
    Would the managed version work better for you? Try https://dashboard.papersites.io
    It is in Early Access Program mode now, but is quite stable.
    Keith Lawrence
    @keithl8041
    Thanks - looks very interesting but I really want to use a custom domain so wouldn't mind trying to figure out a proper custom solution. Thanks for all your help.
    Alexander Zaslonov
    @azaslonov
    Sure, feel free to ping us anytime shall you need help.
    Peeomid
    @peeomid
    Hi, I'm considering to add paperbits into our app as page builder (using react) but a bit lost. Are there any document on integration? I couldn't find it on the site. Basically what I want to achieve, is to use Paperbits as page builder, and take the json output after editing, the rest will be handled by our app
    Alexander Zaslonov
    @azaslonov
    But there is no documentation yet.
    Peeomid
    @peeomid
    Right, thanks @azaslonov, I guess I'll need to figure it out myself for now then.
    Curious though, if I get the license, will there any support on integration, or it's just general setup and use support?
    Alexander Zaslonov
    @azaslonov
    Right, the primary purpose of the license is the support.
    Dedicated support if to be presice.