I want to be able to utilize Cognito to authenticate a user while offline. So, if the user has no connection or is in airplane mode, they will still be able to login with the app.
What I thought of trying so far is to cache the idToken and accessToken somewhere on the phone, but I was not sure how that would work with code. The app would then retrieve these tokens from the cache and use that to authenticate with. It also checks the refresh token to see if it expired or not.
I'm using boilerplate code from https://ui.docs.amplify.aws/flutter/connected-components/authenticator/customization
under "Full UI Customization"
Related
So on my mobile app, I wish to use Google login API for users registration. I'm saving the user details like first name,Lastname, email. The above data will be stored in Firestore.
My question is
will this uid and OAuth Token be useful later? if yes in what way it'll be useful?
After registration what should I do to verify the user and make the user login? Since we don't use any passwords for verification.
and what is the professional way of storing user data in a database?
The Oauth Token allows you to make calls to google API based on the authorised scopes. When working with identity attach make a call to...
https://www.googleapis.com/gmail/v1/users/me/profile
Attach the Oauth token to the Authorization Header. If you get a response then it means the user is signed up.
With the Google Login API this is pretty much all you can do with the token. :)
I am developing a Flutter application and I am using OAuth2 for authentication. The application can't be used if you are not logged in, it just shows a login screen and forces you to log in.
When I log in, I receive the following information from the authentication server:
access token
access token lifetime
refresh token
refresh token lifetime
When the access token is about to expire, I want to get a new one by sending refresh token to authentication server.
How would I implement the refresh token mechanism? I want to update the access token every time before it expires, even if user is not using the application (it is closed). If user needed to log in every time he opens the application, it would be very bad user experience. To avoid this, I want to refresh the token in background.
How can I achieve this to work on Android and iOS? Preferably without writing any native code for each of the platforms.
You can use Future.delayed to refresh the token before the expiration.
You can also run this part of code in background with background processes but your application must be in background.
I am developing an application using xamarin.Here I am using xamarin auth component for facebook authentication.I am able to login and get users info and able to save them in local DB.Xamarin auth component has provided option for storing account object so that when user relaunch app ,we can use that account object to login.
Here comes my question: If user changes password on facebook account from site then what should be done when app is relaunching,as stored account is local we can't use that info to login again.
Thanks.
Any suggestions are appreciated.
Actually you are supposed to use the access_token for subsequent queries towards Facebook after the first successful authentication. With OAuth, you won't store password in your app. I would expect that when a user changes the password within Facebook, the old access_token might expire. In this case, you'll have to make the user manually re-login. This is the case anyhow when your access_token expires for any reason; keep in mind that all access_tokens expire after some time.
You can easily verify if the access_token is still valid by sending some basic request in the background. If you get an autherror response, just prompt the user to login again when it makes sense in the flow of your app.
I'm trying to create a server side access to a user's Facebook resources (photos/albums/etc).
I want that the user will authenticate once using its native mobile application, and that the server will be able to access user's data without the user interaction.
I'm trying to understand the steps I need to take in order to make it work.
I've read Facebook's: Login for Server-side Apps but I can't understand how to use the scenario proposed in there - because my server has nothing to do with user interaction (I cannot redirect the user to some login dialog) - the server is performing its own operation in the background whether the user is using its mobile application or not. What should I do upon token expiration for example?
More then that, I want that the user will be able to perform direct Facebook operation on the mobile itself, without the server intervention.
As I see it, this is the flow I would expect:
User's launches a native mobile application.
The user authenticates using Facebook's SDK on the native mobile app.
The user received a special token, that can be converted at server side to an access-token.
The token will be sent to the server and stored there.
If the server needs to access user's Facebook data, it uses this special token and converts it to an access token.
When the token expires - the server can extend it, using the special token, without any user interaction.
What data should be sent to the server from the mobile application after authentication. And how should the server use this data to access user's Facebook resources anytime?
I'm using the C# Facebook SDK for the server. But I think it is not that important, I need to understand the mechanics.
Tokens expire if the user does not continue to use the application. This is by design--an application should not continue to access the user's account if the user stops using the application.
When a user logs into your application, a token is given to your application, along with an expiration date for that token. You can use that token from your client or your server until it expires. However, there is nothing your server can do to extend the token if the user does not continue to use your application.
If the user continues to use your application, you will have an opportunity to update your server token. For example, in the Android and iOS SDKs, tokens are automatically refreshed if the user uses your application to make a facebook request. At that time, you can transmit the refreshed token to your server.
A lot of apps keep user logged in until user manually logs out like facebook, dropbox, etc.
I am wondering how they achieve it? There might be several approaches:
1)Do they store the username and password in a local storage, and automatically log the user in when they open the app again after a long time?
2)Or do they get a long-lived token from the server, and once the user login at very first time, the app gets a token from the server, later on they just use the token? The token will be valid until user manually logout from the app.
For #1, it will only work for native login, if an app supports "log in with facebook or twitter" it won't work.
So I just want to get an idea about how people achieve this feature? Is there any articles talk about it?
Most services like Facebook and Twitter use OAuth to manage the user session.
I use this external framework... https://github.com/nxtbgthng/OAuth2Client
It took me a while of reading and setting up to get right but it works now.
When the user logs in they get an auth token that contains an expiry date. When the expiry date comes the system automatically refreshes the token.
When I send a request to the server I send it via the OAuth framework and it adds the authorisation automatically.