I'm trying to create an apple watch only app besides our app. This would be a standalone app without ties to the base app.
I can't use Firebase SDK-s, or other Google SDK-s as none of them support the watch.
I am trying to use the REST API-s and I hit a road block.
I can successfully retrieve a token for a user/password account with the identitytoolkit domain "https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key="
which gives me a token I am trying to use for the endpoint:
https://www.googleapis.com/upload/storage/v1/b/mybucketid/o?uploadType=media&name=test233
however this endpoint tells me that I'm unauthorized. When I use the token I get with from OAuth 2.0 playground it works.
The problem is that that one expires and I cant build the app with a new token every time obviously.
Could you tell me what I'm doing wrong? I can't open webviews on the watch to approve a sign in, also can't communicate with an iPhone as this is a standalone app. I need something thats just hardcoded pure code. This is still an experiment and wont go out to real users. A non-expiring token would also work for my use-case.
I changed my buckets policy in a way that my user should be able to write into it but its still giving me authorization issues.
I don't think you can upload to a Cloud Storage bucket that is secured by Firebase through the REST API with a Firebase Authentication user. Essentially the REST API doesn't know how to execute Firebase rules, and only accepts operations that come with an OAuth2 token from a collaborator on the project.
Can you authenticate with the iPhone app and get a token from there when the old one expires? I know you are building a standalone watch app, but maybe this is a compromise worth making. Then you could use Firebase Functions to upload the image, validate the token (admin.auth().verifyIdToken(token)) and push the image to Cloud Storage. I have not tried this with an image but have successfully submitted authenticated payloads to the Firebase Realtime Database REST endpoints from a watchKit app.
Related
I have an app with SwiftyDropbox that function correctly, but I need to insert email and password for Dropbox every time that I use the app.
The app it's only for my use, it's not a security problem if the app auto-login in my account.
I don't find examples or documentation to make an auto-login with SwiftyDropbox. It's possible?
While the Dropbox API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files, it is technically possible to connect to just one account. We generally don't recommend doing so, for various technical and security reasons, but those won't apply if you're the only user anyway.
So, there are two ways to go about this:
1) Implement the normal app authorization flow as documented, and log in and authorize the app once per app installation. The SwiftyDropbox SDK will store the resulting access token for you, which you can programmatically re-use after that point each time using authorizedClient.
2) Manually retrieve an access token for your account and hard code it in to the app, using the DropboxClient constructor shown here under "Initialize with manually retrieved auth token".
I'm trying to make a chatbot with Dialogflow for Google Home. It requires the user to input a URL. Now it will definitely be a long and complicated URL which I can't recreate and I can't have the user speak into the google home.
The idea I had was that the user would input the URL on an agent on messenger. I store this on a Firebase database and then access it with a second agent.
Now the issue I have is authentication, I was hoping to use account linking on my google action with facebook. But I can't login to Facebook with google home. Or if I can, I can't find any documentation specific to that case. Facebook doesn't provide the necessary client ID and secret(as far as I can see).
I managed amazon and Gmail account linking with Alexa and an Amazon Echo. In those cases, you would have to login to google or amazon on the Alexa app or webpage. Then this will be integrated with your Echo and the skill will become usable.
Anyone have an idea of how I can make the link happen, if not then anyone have an idea as to how I can solve the overall problem?
This question has been left unanswered on other forums, but I was hoping to either get it solved or find an alternative.
There are three approaches to solving your overall problem - getting the URL manually entered and available to your Action. Two of them tackle it the way you've suggested - involving authenticating to Facebook and tying that to the Assistant account somehow. One solves it entirely inside the Assistant.
Account linking to the Facebook account
You've tagged firebase-authentication, so I'm going to assume that you're using it to do the auth and you've enabled Facebook login through it. This means your user has a "Firebase Account", but they log into that account using Facebook.
I will assume you have a way to get the URL from messenger once they're logged in.
The trick in this case is to setup Account Linking between their Firebase account and their Assistant account. This is done by setting up an OAuth2 server that has access to the Firebase accounts and will create authorization and refresh tokens that are given to the Assistant.
In the Action, you'll send the user to the Sign In helper, which will redirect them to your login page and send back a one-time auth code to the Assistant. The assistant will then use your OAuth2 server to exchange this code for auth and refresh tokens. Periodically it will use the refresh token to get new auth tokens.
When the user returns to the conversation through the Assistant, you'll be handed an auth token and you can use this to lookup the user. Since you also know their Facebook account, you can get the URL via however you planned to do so.
There are drawbacks to this method - it is very complicated, and setting up your own OAuth2 server is not for the faint of heart. You may be able to use something like Auth0 instead of Firebase Authentication to accomplish the same thing, but then you don't have the ease of access to the Firebase database.
Account linking to both Facebook and Google
In your Firebase account, however, you don't need to limit them to just logging into Facebook. You can have them use Firebase to record both the Facebook and Google accounts that they're using. This would "link" the two accounts together in your system.
With this, you don't need to setup an OAuth2 server. Instead, you can have the Assistant use Google Sign In for authentication. If the Google Cloud Project that Firebase is using and the Assistant are using are the same project, then once the user has logged in to your project's web page with their Google account, you'll get an identity token on the Assistant which will contain their Google ID. You can use this to match up with their Firebase account and get the Facebook ID and proceed from there.
But this is still a lot of work and kinda messy, jumping between systems.
Using just the Google Assistant (and maybe a web page)
If you're willing to make some assumptions about the devices your users are using, then you may be able to do it all just using the Assistant. The Assistant doesn't just run on the Google Home and other smart speakers, it also works on most current Android and iOS devices.
So you can detect if they have such a device available and, if they do and they're not currently on it, direct them to switch to that device when you need the URL.
If they don't have such a device available (perhaps because their version of Android is older), and you think this may be a common scenario, you may need to make another entry source available. This could be one of the solutions above, or you may want to just have a simple web page (done via Firebase Hosting and Firebase Functions, perhaps) where they log in using their Google account (so you get their ID) and you let them enter the URL. If you just need a URL - going through Dialogflow may be more complexity than you need.
I am creating an iOS app with Spotify playback with a django backend. This is my first programming project, and I am a little hung up on oauth2. I know that I need to do the authorization code flow on the server side to obtain refreshable user tokens.
I set up django-allauth on my django project, and managed to get it working to authenticate Spotify users despite the limited documentation for Spotify. I can call localhost:8000/users/spotify/login and the code will be refreshed and a vlid access token is stored in the database (made authorized request on Postman). I believe this will work when I deploy the changes to heroku as well, I just have not yet.
Getting back to my iOS app, I am trying to use the sdk to stream songs. I start the SPTAudioStreamingController.sharedInstance() with my client ID, no problem, and then try to login with access token hard coded, with no success. I know that I am missing something, probably involving the session that is returned when authentication is handled completely through iOS. I am hoping for clarification on how to complete this implementation and log in on the SDK properly using the access tokens stored in my django backend. This is the function that attempts to set up spotify and login. It is called in the app delegate.
print("Setting up spotify")
SPTAuth.defaultInstance().clientID = "hardcodedclientID"
SPTAuth.defaultInstance().redirectURL = URL(string: "hardcodedredirectURL")
SPTAuth.defaultInstance().sessionUserDefaultsKey = "spotifySessionKey"
SPTAuth.defaultInstance().requestedScopes = [SPTAuthStreamingScope, SPTAuthUserLibraryReadScope]
do {
try SPTAudioStreamingController.sharedInstance().start(withClientId: "hardcodedclientID")
} catch {
fatalError("Couldn't start Spotify SDK")
}
print("shared instance started")
SPTAudioStreamingController.sharedInstance().login(withAccessToken: hardCodedAccessTokenFromDjango)
print(SPTAudioStreamingController.sharedInstance().loggedIn)
I have set up all the app settings I need to, per the two tutorials I followed here and here. I know that I will not be able to hard code the information like that, but I was under the impression that I should be able to login(withaccesstoken:) simply using the access token I had. I am trying to find the best practice for sending my acces token through My Django REST API and then authenticating the SDK with it.
I ended up being able to get the same code to work. I added a session variable and set it, but the main problem was that django-allauth defaulted to requesting no scopes, I changed the source code to the scopes I needed and the process went much smoother. I believe I can access my access token through my api and that will be enough to initialize everythign client side, which is wa
I have been making Google Home apps, but now I want to make apps that are connected to Firebase server and DialogFlow API. How is it possible to integrate user authentication in an ios app to identify that user who is using Google Home with that login state?
For example, if I make a restaurant ordering app, I want any user to make a request through Google Home and the user can check his/her ordering history on an ios app.
A user logs in through an app and then how does google home detect that user as a logged in user? I have been searching how to implement this, but nothing hits.
You will need to implement account linking for Actions on Google. This will require two server-side components that you'll need to build:
You'll need to create an OAuth server that will allow the user to authenticate to your service (and use Firebase auth as a component of this) and authorize the Google Assistant to access your service. It does this by generating tokens that it hands to the Assistant.
Your Dialogflow fulfillment webhook will get this token passed to it as part of the conversation. It uses this token to determine which user is making the request and confirm it is valid.
There are OAuth services that are available that work with Google's auth that you should be able to fit in here, or you can write your own using Firebase Hosting and Firebase Cloud Functions. The Dialogflow webhook can, of course, be done using Firebase Cloud Functions.
I am writing an iPhone app that uses Facebook extensively. Right now, I'm getting the access token using the iPhone Facebook SDK. This returns me a standard access token.
I'm sending this token server-side and using it for many queries successfully. However, there are some queries that require an access token signed with the Application Secret, which the iPhone app sdk can't do client-side due to security vulnerabilities (specifically I'm trying to use dashboard methods).
So my question is: is there some way I can have Facebook upgrade this iPhone access token server-side to contain the signed secret? Or do I have to validate server-side from the beginning to do this?
The docs say that with the 'Server-side flow' method, once the user allows your app, you get a code generated by the server that you must send back with your App Secret to get your access token. The iPhone SDK uses 'Client-side flow' method, and it seems to skip this step, so I'm not sure how to get this code. So I guess the question boils down to, is it possible to upgrade a token gotten with the 'client side flow' method to one that can be used fully server side.
The answer is no.
The user token and app tokens are different and you can't convert one to the other.
Because you have a client app, I don't recommend that you embedded your app secret (as you point out).
For your app, I recommend that you create a web page on a server you control that gets and use app token that makes the calls you want.