Is it possible, to view the app check token used by my flutter web app?
When I check the inspect page of chrome, there is no X-Firebase-AppCheck header.
I thought there was supposed to be one, or am I looking at the wrong place?
You can find it in Developer Tools -> Network
You will need to pick one of the requests that needs that token (for example a call to firestore)
Once you pick one look in the Headers of the request
Related
I'm a beginner developer. I am writing an iOS application using Flutter. I need to use an API to identify my user. The provider of that API asks me to send them a redirect URL. From what I understand, when an user identify themselves on my app, a request will be send to the API provider, and once the user is correctly identified, the API provider want to know where to send the user (the redirect URL). But I want the user to stay on my app.
How should I set up that ?
Thanks
The usual way to implement this is via the AppAuth pattern, where the app invokes an ASWebAuthenticationSession window, which is a secure browser. From a UX viewpoint it looks integrated and remains a part of the app.
As a next step, maybe have a look at my iOS AppAuth Basic Tutorial to see what this looks like. The simplest option is a private URI scheme based redirect URL that looks like this:
net.openid.appauthdemo:/oauth2redirect
Once the concepts are understood, and your team has reviewed the user experience etc, the next step would be to implement this behaviour in Flutter.
I'm working on authentication for an Ionic 4 app. I'm using the in app browser plugin to login. After successful login an access token is sent back to the client. I can't figure out how to get the token from the In-App Browser to the app.
You can use an event listener such as :
this.browser.on('loadstart').subscribe(event => { this.checkForToken(event); })
Where checkForToken can look at your "event.url" and parse the token to be stored to localStorage or some other method to be used to login with once the in-app browser is closed.
Using events to listen for load start and stop was an awesome idea. I was, however, facing another issue. Google doesn't allow sign in using the In-App Browser and I really needed that. After asking around and looking at similar past issues I came across a Cordova plugin called BrowserTab. This was awesome as it's an instance/Custom Tab from chrome so it worked fine with google sign in. Another problem came up. You can't inject Javascript into BrowserTab and there was no way to programmatically close it once done. I looked around some more and that's when Deeplinks came to mind. I used the Deeplinks plugin and passed my access token as a parameter. When the user logs in, the BrowserTab redirects to a Custom URL scheme link for my app with the access token in the URL. Now it works perfectly. I've read somewhere that IOS is getting rid of Custom URL Scheme links. Luckily, it still has support for Universal App Links
I have an android app working this way:
User read QR-code with my specific URL
If the app installed it intercepts this URL and handles it somehow.
If app not installed standard browser opens this URL and it leads to Google play on app page.
When user install and run app first time it read browser's history and look for my URL.
If app found URL in browser's history then it handles this URL again.
Is it possible to implement this behavior on iPhone/iPad?
I suppose key features here are to read browser history and to intercept http URL's.
If this is impossible how would you implement this thing on iOS?
Thanks in advance for your help.
You can use custom application URLs in the form: myApp://... iOS will automatically launch the application if present. The logic for handling the 'not-installed' case has to be in the QR code scanning app. can be handled by the scanned website via a forwarding link using the iOS custom URL scheme (this might be useful for usage stats).
Additional info on implementing Custom URLs...
I'm trying to glue information from a web page to an iPhone app that said web page suggests to download. I control both the web page and the downloadable app.
Scenario is like this:
User visits my web page, on which I recognize the user (he may have logged in, and I store his info in a cookie). I then present a link to him to an app in the App Store that he should download for "enhanced experience" of this web service of mine.
Now, when the user launches the downloaded app on his iPhone, I like to re-identify the user who previously visited said web page.
All would be easy if an iPhone app could read Safari's cookies. But it can't.
A somewhat lame solution could be that the web server stores the visitor's IP address and uses that to recognize him once he launches the iPhone app. But that's not reliable.
Another one would be to give the user a token (code) that he needs to remember and then re-enter in the app. Still quite awkward, I think.
Any better suggestions?
Simply put, you can't do this.
One thing you could consider is a custom URL scheme to launch the app. You could send the user an email that uses this custom link. However there's a couple of problems with this:
the user may not have the account that they used to register for your site set up on their iPhone. This might seem unlikely, but say the user signed up for your site 5 years ago with their Hotmail account and they have since switched to Gmail.
it's unlikely that the email would fit into their workflow. They would probably download the app and just launch it by touching the icon instead of clicking a link in a received email.
You could also put the custom URL as a link on your web page, but again, this won't fit into the workflow because they have to go to the App Store app to do the download.
Consider this - if you've got some sort of website that has an authentication step, it's probably a fair bet to say that the user is the type of person who already has an application such as Facebook installed on their iPhone. They are already used to the paradigm of having to enter their credentials into an application despite the fact that they may have already done it in Safari.
If you could read the unique iPhone device ID from javascript on your web page, you could look for that again when the application connected...
But I cannot find any means of reading this from Javascript in Mobile Safari, I thought I'd post in case there is a way now to give you another option to consider.
OK, we found a somewhat working solution: The html code can create a cookie. Later, when the app runs, it can't directly read that cookie, of course (due to the sandboxing of iPhone apps). However, it can connect to the server, then open a http URL pointing to the server and including a unique token that it has gotten from the server beforehand. This leads to launching Safari, accessing the server. The server can now read the aforementioned cookie and finally establish the connection with the help of the token.
Just stumbled over this question and I'm curious if you thought about using a UIWebView.
Where the question is - does UIWebView share cookies with safari?
If it does the rest should be easy.
UIWebView's DON'T share cookies with Safari. So unfortunately that is not an option.
from the scarcely documented FB api, I have thus far learned that I need to do the following to get the StreamPublish working:
I am making an iframe app
setup xd_receiver.htm. DONE.
put the FeatureLoader.js.php at the top of the body tag. DONE.
configure the api key and xd_receiver.htm. DONE.
configure the connect callback URL. NOT DONE -> what URL should I specify here?
I am unable to use the function. i have a specific link which shuld call for the FB.Connect.StreamPublish function.
can someone please explain the working of this by some example?
Check out this page for complete instructions on setting up Stream Publishing for iFrame apps (or Connect pages) using FB.Connect.streamPublish():
http://thetechnicalexperience.blogspot.com/2010/02/how-to-use-fbconnectstreampublish.html
In the facebook application settings, the description is:
Your Connect site's main URL.
And that is exactly what it is, the main URL for the site where your app resides.
If your app would've been a canvas app, you could use the FBJS function FB.streamPublish, but in an iframe app you will have to use the FB.Connect.StreamPublish.
More info at http://wiki.developers.facebook.com/index.php/Facebook.streamPublish
It seems that you have a conceptual error.
Iframe apps are canvas apps, NOT Connect apps.
Canvas apps are applications that work inside the Facebook site, eg: from a tab from your profile.
Canvas apps require you to configure a callback URL, which is the URL where your application resides. You shouldn't do steps 1-3 because Facebook will proxy the calls to your application so they can send your application session information about the user (through a POST or GET params).
Connect apps are external sites, like Digg, where you must do steps 1-3, but not step 4. Steps 1-3 are required to establish a communication channel with Facebook.
Please read http://wiki.developers.facebook.com/index.php/Connect/Setting_Up_Your_Site for a step by step guide for installing Connect in your site. After you are done with it, you can call FB.Connect.StreamPublish.