1. Home
  2. Development
  3. RE: Best method for Authentication in Rest portlet

RE: Best method for Authentication in Rest portlet

thumbnail
Vahid Kh, modified 5 Years ago.
Best method for Authentication in Rest portlet
Junior Member Posts: 54 Join Date: 8/6/19 Recent Posts
Hello
What is the best method for Authentication in Rest portlet ?
thumbnail
Christoph Rabel, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Liferay Legend Posts: 1555 Join Date: 9/24/09 Recent Posts
Could you be a bit more specific? What is your usecase? What are you trying to do?
thumbnail
Vahid Kh, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Junior Member Posts: 54 Join Date: 8/6/19 Recent Posts
I have a rest module in my Liferay as my backend, at other side as frontend, I have a full React or Angular  App (No React or Angular as portlet) that must communicate with my rest module, everything is OK but,
How can I authorize client request by username and password for Role and Permission , In fact I want a approach for login like JWT  
thumbnail
Christoph Rabel, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Liferay Legend Posts: 1555 Join Date: 9/24/09 Recent Posts
We usually require the user to authenticate normally in LIferay and sent the session cookie to the backend with each request. Then you get the user automatically. But I see, for you it is different.

Is OAuth 2.0 an option? I think, this works only in 7.1+, for 7.1 maybe even EE only.

https://portal.liferay.dev/docs/7-1/deploy/-/knowledge_base/d/authorizing-account-access-with-oauth2
thumbnail
Jack Bakker, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Liferay Master Posts: 978 Join Date: 1/3/10 Recent Posts
Hi Vahid, I am guessing you have a decoupled frontend React or Angular app which you want to connect to a REST api you developed. Have you looked at David Nebinger's blog https://liferay.dev/blogs/-/blogs/liferay-oauth-2-0-authorization-flows.  I think the PKCE section might be of interest to you. I wouldn't say JWT is a login approach though maybe you can describe more about what you mean.
thumbnail
Vahid Kh, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Junior Member Posts: 54 Join Date: 8/6/19 Recent Posts
But this is not a principles and satisfying solution, opening a popup window its not a lovely solution.
​​​​​​​On the other hand assume I want to use React Native as my interface, It is certainly not possible to open a window in that environment.
Liferay doesn't have a solid way to do it?
thumbnail
Mohammed Yasin, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Liferay Master Posts: 593 Join Date: 8/8/14 Recent Posts
Hi ,OAuth 2.0 would suit you , first you send a request with client id and client secret  and get the access token and then use access token for processing the following requests
thumbnail
Vahid Kh, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Junior Member Posts: 54 Join Date: 8/6/19 Recent Posts
How can I find client id and client secret in my React App or my Mobile  App ?
My user only have his username and password and 
thumbnail
Mohammed Yasin, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Liferay Master Posts: 593 Join Date: 8/8/14 Recent Posts
You need to create a client id and client secret from control panel->oauth2administration and share that with react app and mobile app .
thumbnail
David H Nebinger, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Liferay Legend Posts: 14933 Join Date: 9/2/06 Recent Posts
React native is nothing special, it does not preclude using PKCE at all.  If you google for "react native pkce" you'll get a bunch of hits for implementation details, including https://formidable.com/blog/2018/oauth-and-pkce-with-react-native/ but there are a bunch of other options too.
thumbnail
Vahid Kh, modified 5 Years ago.
RE: Best method for Authentication in Rest portlet
Junior Member Posts: 54 Join Date: 8/6/19 Recent Posts
Thanks dear David.
Assume I have a React app that I want to authorize it by PKCE method.
Now, I want to create a new OAuth 2 Application for this , what Client Profile  should I choose?
PKCE only exist in User Agent Application, Native Application and Other , but I have a problem when I choose one of this client profiles on saving new OAuth application I get this Error:
Grant type "PKCE Extended Authorization Code" is unsupported for this client type.