authentication | full stack user authentication flow | Authentication library

try require('dotenv').config()

First note that a token must be obtained from the server ! A token is required to make some API calls due to security concerns. There are usually at least two types of tokens:

• Access token: You use it to make API calls (as in the Authorization header above). But this token usually expires after a short period of time.
• Refresh token: Use this token to refresh the access token after it has expired.

You should use requests-oauthlib in addition with requests.
https://pypi.org/project/requests-oauthlib/
But first, read the available token acquisition workflows:
https://requests-oauthlib.readthedocs.io/en/latest/oauth2_workflow.html#available-workflows
and choose the right workflow that suits your purposes. (The most frequently used is Web App workflow)
Then, implement the workflow in your code to obtain the token. Once a valid token is obtained you can use it to make various API calls.

As a side note: be sure to refresh token if required.

Only some user claims provided by the IDS will be passed into the User.claims collection. You need to explicitly map those additional claims in the client application, using code like:

Starting with 6.4 RC5 (which is the version you run as of this writing and should provide this in your original post):

The collection of thymeleaf user interface template pages are no longer found in the context root of the web application resources. Instead, they are organized and grouped into logical folders for each feature category. For example, the pages that deal with login or logout functionality can now be found inside login or logout directories. The page names themselves remain unchecked. You should always cross-check the template locations with the CAS WAR Overlay and use the tooling provided by the build to locate or fetch the templates from the CAS web application context.

https://apereo.github.io/cas/development/release_notes/RC5.html#thymeleaf-user-interface-pages

Please read the release notes and adjust your setup.

All templates are listed here: https://apereo.github.io/cas/development/ux/User-Interface-Customization-Views.html#templates

firebaser here

Firebase itself passes the ID token with each request, and then uses that on the server to identify the user and to determine whether they're authorized to perform the operation. This is a common (I'd even say idiomatic) approach to authentication and authorization, and if there's a security risk that you've identified in it, we'd love to hear about it on https://www.google.com/about/appsecurity/

From reading the blog post it seems the author is making a distinction between authentication (the user proving their identify) and authorization (them getting access to certain resources based on that identity), but it'd probably be best to ask the author for more information on why that would preclude passing an ID token to identify the user.

One way of doing this is using grpc.WithInsecure(), this way you don't have to add certificates to your services, since istio-proxy containers in your pods will TLS terminate any incoming connections.

Client side:

While editing my initial question to add more context as Jay proposed I think it found the issue.

What probably happens? The view where the crash is, contains a table view. Each cell will be configured before being presented. I use a flag which holds the information, if the amount of weight for this cell (it is a strength workout app) has been initially set or is a change. When prepareForReuse is being called, this flag has not been reset. And that now means scrolling through the table view triggers a DB write for each reused cell, that leads to unnecessary writes to the db. Unnecessary, because the exact same number is already saved in the db.

My speculation: Scrolling fast could maybe lead to a race condition (I have read something about that issue with realm) and that maybe causes this weird crash, because there are multiple single writes initiated in a short time.

Solution: I now reset the flag on prepareForReuse to its initial value to prevent this misbehaviour.

The crash only happens when the cell is set up and the described behaviour happens. Therefor I'm quite confident I fixed the issue finally. Let's see. -- I was not able to reproduce the issue, but it also only happens pretty rare.

I'm struggling to understand how that code fits together, but this part strikes me as definitely wrong:

Users of external identity providers have to be registered before the can login.

You can find the details here: https://developers.tapkey.io/api/authentication/identity_providers/#working-with-users

When it is necessary for your use case, that these users are automatically created when they login, please send a request to tapkey support and they will enable this feature for you.