I've created a FeathersJS backend app and a React frontend app. I'm using OAuth2 strategy to authenticate users to my own WordPress site. Everything is working fine. But now I'd like the users to be able to access my FeathersJS backend REST API, but as they authenticate through the WordPress OAuth2 server, thus following all the OAuth2 authentication process through my React frontend app, which would be the correct FeathersJS way to allow the users authenticate to my backend so that they can do REST API calls?
FeathersJS: REST authentication of an OAuth user
297 views Asked by Jordi Blanch At
1
There are 1 answers
Related Questions in OAUTH-2.0
- discord.py - Oauth2 - join user to guild
- Implementing Incremental consent when using both application and delegated permissions
- Verifying Google Identity OAuth2 token with Ruby
- spring security error Caused by: org.attoparser.ParseException: Exception evaluating SpringEL expression: s
- Encountering HttpError 403 and 500 When Using Google Sheets API with Service Account
- get refresh token in axios interceptor
- spring error exception with oauth2 and securityconfig
- What oauth 2.0 endpoint is used to validate a bearer token
- Not enough permissions to access API request https://api.linkedin.com/v2/me
- How to specify the client ID and redirect URI in Swagger OAuth2.0 configuration for Swagger UI?
- OAuth2 PHP change invalid_token response
- Call Databricks API from an ASP.NET Core web application
- Secure to share Access Token over public API using CORs?
- How to use Oauth in order to log‑in on .googleapis.com on almost any arbitrary endpoints domains from the web browser?
- OAuth access token attribute based reverse proxying of http ressources
Related Questions in FEATHERSJS
- FeathersJS + Knex: Types of parameters 'data' and 'data' are incompatible
- How to Handle File URL Encoding/Decoding in PATCH Request to Avoid GCS NoSuchKey Error?
- How to track the usage log of a FeatherJS gateway?
- How can I return a file using FeathersJS?
- how to read data from .xlsx file with exceljs
- worksheet.addChart is not a function
- Many to Many DB relationship feathersjs version 5
- how to get data real time with feathersJS, SocketIO
- error: while running "npm create feathers@latest feathers-chat"?
- After deploying my code in vercel, its showing my code instead of data
- In feathersjs how do I ensure my services always have the auth hook but then on specific services I can still remove it?
- How do I set a custom response header in Feathers V5?
- HTTP DELETE body
- Passing JWT on server FeathersJS 5
- How to create custom path for service in FeathersJS 5
Related Questions in FEATHERS-AUTHENTICATION
- How do I specify the login_hint in FeatherJS OAuth?
- feathers.js V5 How to check if user is loggedin without using authenticate hook
- protect user fields when returned via sequelize association
- Feathersjs link or unlink existing account (accessToken) oauth login
- Implement change password functionality in feathersjs project
- Feathers authentication.create throws 401 not authenticated error
- Feathers.js authentication service uses global entity and service variables when constructing the JWT instead of local entity
- Sign-up procedure design using Feathersjs
- How do I properly test permissions using Featherjs & Postman?
- @feathersjs Server Multiple JWT Authentication Services Not Allowed?
- How can I get specific errors when trying to login using feathers.js
- FeathersJs - Sanitize response from Find method in users service broke Authentication service
- How to add a users auth in feathers middleware?
- feathersJS custom authentication
- Change message in auth feathers js
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
To let people access your backend REST API (which I assume is only possible after they authenticate), you need to check whether the access token they have is, in fact, valid with the third party auth provider.
You can directly let them use the back end API. In case the API doesn't find a valid access token with the incoming request, it will redirect it to the login page. After which, now the backend can validate itself with third-party OAuth provider and return the result.
It is recommended to not do all the OAuth check from front-end since this exposes the access-token on the user agent, which might be a serious issue. See this: https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2#grant-type-implicit