Best method for Authentication in Rest portletBest method for Authentication in Rest portlethttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=1181627722024-03-29T15:39:28Z2024-03-29T15:39:28ZRE: Best method for Authentication in Rest portletVahid Khhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1182570922020-01-11T06:42:22Z2020-01-11T06:42:22Z<html><head></head><body>Thanks dear David.<br>Assume I have a <strong>React</strong> app that I want to authorize it by PKCE method.<br>Now, I want to create a new <strong>OAuth 2 Application </strong>for this<strong> , </strong>what <strong>Client Profile </strong> should I choose?<br><strong></strong>PKCE only exist in User <strong>Agent Application, Native Application </strong>and<strong> Other , </strong>but I have a problem when I choose one of this client profiles on saving new OAuth application I get this Error:<br><strong></strong><pre><code>Grant type "PKCE Extended Authorization Code" is unsupported for this client type.</code></pre></body></html>Vahid Kh2020-01-11T06:42:22ZRE: Best method for Authentication in Rest portletDavid H Nebingerhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1181884512020-01-02T14:00:53Z2020-01-02T14:00:53ZReact native is nothing special, it does not preclude using PKCE at all. If you google for "react native pkce" you'll get a bunch of hits for implementation details, including <a href="https://formidable.com/blog/2018/oauth-and-pkce-with-react-native/">https://formidable.com/blog/2018/oauth-and-pkce-with-react-native/</a> but there are a bunch of other options too.David H Nebinger2020-01-02T14:00:53ZRE: Best method for Authentication in Rest portletMohammed Yasinhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1181862672020-01-02T11:26:04Z2020-01-02T11:26:04ZYou need to create a client id and client secret from control panel->oauth2administration and share that with react app and mobile app .Mohammed Yasin2020-01-02T11:26:04ZRE: Best method for Authentication in Rest portletVahid Khhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1181856382020-01-02T11:11:20Z2020-01-02T11:11:20ZHow can I find client id and client secret in my React App or my Mobile App ?<br />My user only have his username and password and Vahid Kh2020-01-02T11:11:20ZRE: Best method for Authentication in Rest portletMohammed Yasinhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1181852832020-01-02T10:13:21Z2020-01-02T10:13:21ZHi ,OAuth 2.0 would suit you , first you send a request with client id and client secret and get the access token and then use access token for processing the following requestsMohammed Yasin2020-01-02T10:13:21ZRE: Best method for Authentication in Rest portletVahid Khhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1181828912020-01-02T08:16:45Z2020-01-02T08:16:45ZBut this is not a principles and satisfying solution, opening a popup window its not a lovely solution.<br />On the other hand assume I want to use <strong>React Native</strong> as my interface, It is certainly not possible to open a window in that environment.<br />Liferay doesn't have a solid way to do it?Vahid Kh2020-01-02T08:16:45ZRE: Best method for Authentication in Rest portletJack Bakkerhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1181721512019-12-30T15:49:50Z2019-12-30T15:49:50ZHi Vahid, I am guessing you have a decoupled frontend React or Angular app which you want to connect to a REST api you developed. Have you looked at David Nebinger's blog <a href="https://liferay.dev/blogs/-/blogs/liferay-oauth-2-0-authorization-flows">https://liferay.dev/blogs/-/blogs/liferay-oauth-2-0-authorization-flows</a>. I think the PKCE section might be of interest to you. I wouldn't say JWT is a login approach though maybe you can describe more about what you mean.Jack Bakker2019-12-30T15:49:50ZRE: Best method for Authentication in Rest portletChristoph Rabelhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1181666402019-12-30T08:31:56Z2019-12-30T08:31:56ZWe usually require the user to authenticate normally in LIferay and sent the session cookie to the backend with each request. Then you get the user automatically. But I see, for you it is different.<br /><br />Is OAuth 2.0 an option? I think, this works only in 7.1+, for 7.1 maybe even EE only.<br /><br /><a href="https://portal.liferay.dev/docs/7-1/deploy/-/knowledge_base/d/authorizing-account-access-with-oauth2">https://portal.liferay.dev/docs/7-1/deploy/-/knowledge_base/d/authorizing-account-access-with-oauth2</a>Christoph Rabel2019-12-30T08:31:56ZRE: Best method for Authentication in Rest portletVahid Khhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1181676632019-12-30T06:17:08Z2019-12-30T06:17:08ZI have a rest module in my Liferay as my backend, at other side as frontend, I have a full React or Angular App (No React or Angular as portlet) that must communicate with my rest module, everything is OK but,<br />How can I authorize client request by username and password for Role and Permission , In fact I want a approach for login like JWT Vahid Kh2019-12-30T06:17:08ZRE: Best method for Authentication in Rest portletChristoph Rabelhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1181609582019-12-29T16:27:51Z2019-12-29T16:27:51ZCould you be a bit more specific? What is your usecase? What are you trying to do?Christoph Rabel2019-1