Parse Firebase Dynamic Link for Password Reset IOS - swift

My issue is that I’m trying to parse my deep link for information to then change a users password. When I send the password reset email I included the users email address within the deep link parameter, however is there a specific way to parse this using FDL library once the link is opened in app? For security purposes there must be a way to verify the generated action code in the deep link to verify the link is legitimate aswell? I know that the fire base docs touch on this for web applications, but it doesn’t go into specifics for IOS.
Best,
James

Related

Firebase Email Verification

I'm quite a noobie at Firebase. I'm asking for a sort of step by step guide to setup email verification.
Currently, my app uses basic email password login. I want users to be verified so I'm hiding content based on a user's emailVerified property. I'm calling the .sendEmailVerification() and it sends to the current user's email but, whenever I click the link in the email it says the link has expired or someone has used it, this also doesn't change the property. I suspect it has something to do with the api manager. I currently have my website hosted to the built-in Firebase hosting URL.
Based on this link in the docs (which refers to a similar function but not the exact one): https://firebase.google.com/docs/reference/js/firebase.auth.Auth#sendPasswordResetEmail
p.s. I can't find anything regarding this exact function in the docs.
I think I need some sort of listener at the link of the email or on my website?
Thanks in advance, any answers are appreciated.
there could be an issue with your browser api key. You may have some referrer restrictions on it. This could cause the misleading error (code expired or used) to occur. Either fix that issue or generate a new one in the Google console.

Ejabberd: How to limit the fetching of jabber user directory (JUD)

I'm developing a client jabberd application for mobile(android) using (a)Smack.
Since, in my application, the users are registered by their phone numbers, the application should be able to recognize which contact has a jabber account on the server and suggest him/her for chatting.
After googlling the web I found that there is a jabber user directory (JUD) which I can use to check there is an account for a specific mobile number or not. (I'm using UserSearchManager).
My questions:
1- It seems that there is no record in JUD for a user who has not updated his vCard yet, so I cannot find him. Is there any solution to check the existence of this kind of users?
2- It seems that by using JUD, everyone outside of my application can fetch some important information of users such as mobile numbers, emails, etc. Is there any solution to limit JUD search engine? (for example, getting only "user field" as a input and returning only "full name field" of existing accounts or other useful limitation).
So by this way, I can recognize which person from the contact list has an account on the server and also other people cannot fetch important information of the exiting users.
Any command or advice is appreciated. Thank you.
I do not think it is possible as default, without customizing ejabberd application code.

iOS user authentication (restrict to specific domain name)

I'm developing my first iPhone app to make what is effectively an app version of a fantasy league I created for work colleagues.
I am using Parse for the backend of the app. I only want people to be able to register with their work email address ie only if their e-mail address is _#mycompany.com
I'm sure this would be quite easy to someone who knew what htey were doing but I'm kind of new to this so any advice would be much appreciated.
Thanks
You could do this in a number of ways. The easiest way would be to have the validation happen on-device - just check the e-mail address the user has put into the app, and only allow the registration to happen if it matches the domain you want to limit it to.
However, although this is very easy it's also open to abuse and it's not very flexible (if you want to add additional domains, you have to update the app).
Fortunately, Parse offers cloud code, which lets you validate data server-side. Cloud code is written in JavaScript, and you then upload it to Parse. There is full documentation on Parse's website, including examples for validating data.

App Rejected on 17.2 clause. Asking for email ID

My app is a sync solution (imagine dropbox).
The user needs to sign in to access the app's features, and if he does not have any account already created, he can sign up.
The sign up asks for email id verification, and this email id is also used if the user has forgotten his password to send him one.
but Apple has rejected this app saying:
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
We found that your app requires customers to register with personal information to access non-account-based features, which is not in compliance with the App Store Review Guidelines.
Apps cannot require user registration prior to allowing access to app features and content that are not associated specifically to the user. User registration that requires the sharing of personal information must be optional or tied to account-specific functionality. Additionally, the requested information must be relevant to the features.
Although guideline 11.6 of the App Store Review Guidelines requires an application to make subscription content available to all the iOS devices owned by a single user, it is not appropriate to force user registration to meet this requirement; such user registration must be made optional.
It would be appropriate to make it clear to the user that registering will enable them to access the content from any of their iOS devices, and to provide them a way to register at any time, if they wish to later extend access to additional iOS devices
Please help me solve this. Many apps like dropbox/facebook require login.
I don't get the exact reason why they rejected my app.
Also, please guide about the in app purchase, why registering cannot be mandatory
Asked App Store Review people for clarification on their rejection.
They accepted it. and the app got approved :D
Its on Appstore now :)
I also Faced this kind of Problem and my app also Rejected due to this.And Again I Changed my App flow Like User Registration will be Optional. User can See all the Feature of the app with out Registration by skipping this step.If he want to do something user-specific then you can ask to register such as : (user like,comment,photo upload etc) or else he can use the contents and features which are public.
in Case of in-app Purchase You can Prompt user that if He will Register with your app he can able to use this Content in his all devices.
It would be appropriate to make it clear to the user that registering will enable them to access the content from any of their iOS devices, and to provide them a way to register at any time, if they wish to later extend access to additional iOS devices
Apple does not allow apps that require you to share person information to work, like an e-mail address.
You options are, remove the need for an e-mail address or remove account creation form you app and move it to a website.
It also states that you app is asking to create an account to access the full app and even needs the account or acces features that do not require the user to have an account. You can make those features available with out the account creating you might be able to get thru the review.
The reason apps like Facebook and Dropbox got thru the review proces is because they don't have a register option which is in app only. They redirect to a website.
I recently spoke to an Apple Rep over the phone in regards to an app of mine that was also accused of violating clause 17.2.
I explained to him that the email would be used for password recovery, monitoring transactions within the marketplace, and managing any inappropriate behavior (such as users uploading offensive or copyrighted content). The rep responded, "Sir, the clause states 'Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected'. I cannot allow you to require your users to submit their emails if its not account-based". He did not seem to understand that the emails are account-based for the very sole purpose of security.
I did mention to him that Instagram and Facebook alike require logins at startup. He simply replied, "Yes but those apps are entirely account-based."
Honestly, I felt he was blindly following Apple's Guidelines ("Because that's what it says we must strictly follow!"). He had little understanding of how social networking apps operate, and even less understanding of the law (specifically the DMCA - on a separate issue). Explaining to them how all that works proves to be futile; they wont budge because they are asked to follow Apple's BROAD Clauses as strictly as they do.
My conclusion: I had to compromise the app's user flow such that the app's registration page can be skipped, and all other functions within its marketplace were locked to non-registered users. It makes no sense.
The sign up asks for email id verification, and this email id is also used if the user has forgotten his password to send him one.
Apps cannot require user registration prior to allowing access to app features and content that are not associated specifically to the user.
It seems to me that the point is that you are asking the user to provide his email address as a step towards the creation of a user account. This is different from what dropbox and other apps do (i.e, you provide your credentials for your dropbox account, which is different from your email address, although it can be the same).
You may either remove altogether email verification, or you could postpone it to a later point when you have made clear to the user that this is required to access private information.
I got the same thing last week and this is Apple's reply:
As for the 17.2 issue, a nickname, avatar, or sharing are not inherent or specific features of those social networks, and thus, the user should not be required to register with those services, or provide you with access to their social network accounts. The user should not be prevented from using your app and service if they do not provide this information.
Instead, it would be appropriate use your own authentication method and give users the option to create a nickname and upload an avatar, independent from those networks.
Moreover, we realize that these social networks may be very popular. However, the popularity of the social network is not an appropriate reason to force a user who has not, or chose not to register and provide their personal information to those services, before they can use your app.
Therefore, we ask that you to include your own authentication mechanism to allow the user the option to register only with you, creating an account with only the information needed and relevant to your app's features.
Best regards,
App Store Review
So in short, you have to provide custom authentication and not just use Facebook. Although I've seen many Apps who do require you to login with Facebook.
Thanks,
James
It happened same for me, although the first version was approved, the second version was rejected for this reason, I added the Skip button at the landing view.
It's all summarized in the last paragraph. Apparently, your application doesn't inform the user (in a clear way) that registering is for syncing and from their reply, it seems that your application is useless without the Sign Up.
If that's the case, you should be more specific why you need the user to register.
On a side note, I personally don't like the applications/websites that force you to register before you see or try anything. I hope your application isn't the same.

Supporting multiple social sign-in methods

I have performed a number of searches on this topic and found some related questions however none of which provided a clear picture of the best practice for developing a sign-in system on a site that relys on 3rd party server-side OAuth.
We have opted not to offer a traditional member sign-in method, allowing users to log in to the site via Facebook or Twitter (we may choose to offer further support for other networks at a later date).
We are keen to provide a seemless user experience for both new and returning users and would appreciate some advice & best practice from anyone who has successfully done this in the past.
The initial plan was as follows
- When a user signs in via Facebook we require them to provide a username which will be used throughout the site
- When a user signed in via Twitter we use their Twitter name as our username
This approach has an obvious flaw. What if a Twitter user signs in only to find that their username is being used by another member who chose it via signing in with Facebook?
This is unacceptable user experience therefore we need to re-think.
New approach
Currently our new approach is upon initial sign-in to present the user with a form to provide the remaining required information
For Twitter sign-ins:
- Display name. Pre-populated with Twitter username if available or suffixed with 0,1,2,3 etc..
- Email address. This will be confirmed via a verification email to complete the sign-up process.
For Facebook sign-ins:
- Display name. Pre-populated with Facebook Display name if supplied & available or suffixed with 0,1,2,3 etc..
- Email address. Pre-populated from Facebook account, no need to verify unless they decide to use a different email address, in which can the process will be the same as above.
It would be great to hear your thoughts on this matter.
I think second style is the simple one and user can feel less burden .
my vote for second only .He can pushed to login in the that same page and felt free.
hey ! just post weather which style you decided at the end ..because I need to know the result of this $100 question :))