Security

Learn to acquire an access token in the native apps with the help of OAuth 2.0 Authorization Code flow with PKCE.

Labels
AJAX(112) Apple(1) Application Builder(244) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(11) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(99) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(4) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(17) OAuth(7) OAuth Scopes(1) OAuth2(10) Offline(19) Offline Apps(4) Offline Sync(5) Oracle(10) PKCE(2) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(168) Reports(48) REST(28) RESTful(26) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(77) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) Stored Procedure(4) Teamwork(15) Tips and Tricks(84) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(335) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Security
Sunday, May 28, 2023PrintSubscribe
Lesson: Native App Authorization

Developers rely on a variety of platforms to deliver mobile apps. It is easy to set up the user authorization with an application created with Code On Time. The embedded RESTful API Engine implements OAuth 2.0 protocol with multiple authorization flows. Native applications can be programmed to have enterprise level security with little effort. The lesson explains how to configure Postman, the popular API development tool, to get the access tokens from the RESTful Backend Application. Any native client app will implement a similar pattern of authorization.

Learn to acquire access tokens in the native app via OAuth 2.0 Authorization Code flow with PKCE.
Configure New Token section allows setup of a separate request to capture a new access token from the backend application.
Postman provides the means of capturing the access tokens from any OAuth 2.0 compliant identity server. RESTful API Engine of apps created with Code On Time has the built-in support for OAuth 2.0 authorization flows. Developers can configure Postman to capture the access tokens from a Code On Time application.
Configure New Token section allows setup of a separate request to capture a new access token from the backend application.
Postman provides the means of access token capturing from any OAuth 2.0 compliant identity server. RESTful API Engine of apps created with Code On Time has the built-in support for OAuth 2.0 authorization flows. Developers can configure Postman to capture the access tokens from a Code On Time application.
Postman exchanges the authorization code for an access token with the backend application. The response is presented in the Manage Access Tokens window.
Developers can name the new Access Token and use it for development purposes in the Manage Access Tokens window. Typically the name of the token is the username.
Labels: OAuth2, Security
Tuesday, May 23, 2023PrintSubscribe
How To: Debugging With Any User Account

The Debugging With Any User Account tutorial explains how to impersonate users without a password when debugging an app. Application framework allows easy overriding of the login mechanism. You will learn to ignore the password on the localhost address and how to use a master password to “unlock” any user account.

image1.png

Monday, October 4, 2021PrintSubscribe
Custom User Login Responses

 The introduction of the 2-Factor Authentication in the application framework has required changes to the login process. The framework challenges the users to enter a verification code to confirm their identity. Method CreateUserLoginResponse(username, success)  in the ApplicationServices partial class creates the JSON object with the instructions for the client-side code when the verification is needed.

Developers can take advantage of the new method to provide custom responses informing the user about the remaining login attempts, locked account, and other special cases. Otherwise the framework displays a generic message “Your user name and password are not valid.”

The sample code below will let the user name if the account is locked or display a notification at the bottom of the screen. The code executes only if there is no login response created by the base implementation to avoid conflicts with the multi-factor authentication.


Invalid username or password will yield a notification message when the JSON object with the notify property is returned.


A more prominent response is provided if the responses includes the alert property.


If the event property is returned in the response, then the framework will raise the client-side event on the document object with the response passed as the args property of the event. 2FA implementation uses this method to pass extended information to the client library.