I've created a FeathersJS backend app and a React frontend app. I'm using OAuth2 strategy to authenticate users to my own WordPress site. Everything is working fine. But now I'd like the users to be able to access my FeathersJS backend REST API, but as they authenticate through the WordPress OAuth2 server, thus following all the OAuth2 authentication process through my React frontend app, which would be the correct FeathersJS way to allow the users authenticate to my backend so that they can do REST API calls?
FeathersJS: REST authentication of an OAuth user
295 Views Asked by Jordi Blanch At
1
There are 1 best solutions below
Related Questions in OAUTH-2.0
- Not getting refresh token with google oauth2
- SoundCloud Authentication Consistently Returns 401 invalid_grant For Some Users
- How can I share Azure Active Directory authentication between server side and client script?
- OAuth2 and API Json request not working with jQuery Call
- Flask-Restful, oauth, and Salesforce
- Bearer token in MVC controller to access Web API
- Revoking OAuth tokens in Mule
- how to signup user using google-plus integradation in web?
- Need to run getAuthToken twice before receiving access token, why?
- chrome.identity.getAuthToken and refresh token?
- dropbox api authentication (Error: [400] 'invalid_client')
- Retrieve Google Sites's Domain Index feed using OAuth 2.0 with Service Account
- hello.js: Is it possible to set the provider's settings dynamically?
- How to share developer account at LinkedIn
- Linkedin Unsupported POST target
Related Questions in FEATHERSJS
- Using express-babelify-middleware with FeathersJS
- Feathersjs API ES6 class hooks and rest undefined
- How to share data among services in nodejs
- How to use feathersjs-primus to setup websocket connection
- Got a PrimusError when setting primus server with feathersjs
- Using service methods for feathers-sequelize (Unexpected token < in JSON)
- How to know whether a service path is invalid or not by feathersjs client?
- How to response error in feathersjs service to client?
- How to concat two columns for search with feathers-sequelize?
- Do something whenever authentication is successful
- How to use feathersjs to declare internal services without restful?
- How to separate middleware in feathers?
- featherjs callback is undefined
- Would FeathersJS be suitable to synchronize an offline javascript database with a backend api
- How can I set the `sub` claim of a JWT in FeathersJS?
Related Questions in FEATHERS-AUTHENTICATION
- How can I set the `sub` claim of a JWT in FeathersJS?
- How to join feathersjs jwt with mongoose?
- Feathers authentication not working
- How can I get specific errors when trying to login using feathers.js
- How can I check user authentication in server with FeathersJS?
- FeathersJs - Sanitize response from Find method in users service broke Authentication service
- How to get data from two or more mongo schema in a single api call in feathersJs?
- Change message in auth feathers js
- feathersJS custom authentication
- Login-in by roles feathers-authentication
- FeathersJS authentication using client certificate
- Hook to check if user is authenticate in Feathers (without send Unauthorized error if not, just check)
- Featherjs authentication: Login using OTP
- Two way SSL for FeathersJS using Socket.IO with custom authentication
- How do I properly test permissions using Featherjs & Postman?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
To let people access your backend REST API (which I assume is only possible after they authenticate), you need to check whether the access token they have is, in fact, valid with the third party auth provider.
You can directly let them use the back end API. In case the API doesn't find a valid access token with the incoming request, it will redirect it to the login page. After which, now the backend can validate itself with third-party OAuth provider and return the result.
It is recommended to not do all the OAuth check from front-end since this exposes the access-token on the user agent, which might be a serious issue. See this: https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2#grant-type-implicit