I have successfully enabled webservices on Moodle and also developed my own.
In order to use the webservice from client, I had to create a user token.
That token is automatically generated. It happened that for some unknown reason, the token I had in my production site is gone. The problem is that all apps currently using the webservice have the token hard-coded. So If I generate a new token in moodle I'll have to distribute a new version of the App and this could be a problem. But if I find where Moodle saves the tokens (perhaps in moodlebd?) I can try to force the new token to the one that is currently hard coded in my App.
ok, I've found it. It's mdl_external_tokens table of Moodle database
Related
I have an app with SwiftyDropbox that function correctly, but I need to insert email and password for Dropbox every time that I use the app.
The app it's only for my use, it's not a security problem if the app auto-login in my account.
I don't find examples or documentation to make an auto-login with SwiftyDropbox. It's possible?
While the Dropbox API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files, it is technically possible to connect to just one account. We generally don't recommend doing so, for various technical and security reasons, but those won't apply if you're the only user anyway.
So, there are two ways to go about this:
1) Implement the normal app authorization flow as documented, and log in and authorize the app once per app installation. The SwiftyDropbox SDK will store the resulting access token for you, which you can programmatically re-use after that point each time using authorizedClient.
2) Manually retrieve an access token for your account and hard code it in to the app, using the DropboxClient constructor shown here under "Initialize with manually retrieved auth token".
I am creating an iOS app with Spotify playback with a django backend. This is my first programming project, and I am a little hung up on oauth2. I know that I need to do the authorization code flow on the server side to obtain refreshable user tokens.
I set up django-allauth on my django project, and managed to get it working to authenticate Spotify users despite the limited documentation for Spotify. I can call localhost:8000/users/spotify/login and the code will be refreshed and a vlid access token is stored in the database (made authorized request on Postman). I believe this will work when I deploy the changes to heroku as well, I just have not yet.
Getting back to my iOS app, I am trying to use the sdk to stream songs. I start the SPTAudioStreamingController.sharedInstance() with my client ID, no problem, and then try to login with access token hard coded, with no success. I know that I am missing something, probably involving the session that is returned when authentication is handled completely through iOS. I am hoping for clarification on how to complete this implementation and log in on the SDK properly using the access tokens stored in my django backend. This is the function that attempts to set up spotify and login. It is called in the app delegate.
print("Setting up spotify")
SPTAuth.defaultInstance().clientID = "hardcodedclientID"
SPTAuth.defaultInstance().redirectURL = URL(string: "hardcodedredirectURL")
SPTAuth.defaultInstance().sessionUserDefaultsKey = "spotifySessionKey"
SPTAuth.defaultInstance().requestedScopes = [SPTAuthStreamingScope, SPTAuthUserLibraryReadScope]
do {
try SPTAudioStreamingController.sharedInstance().start(withClientId: "hardcodedclientID")
} catch {
fatalError("Couldn't start Spotify SDK")
}
print("shared instance started")
SPTAudioStreamingController.sharedInstance().login(withAccessToken: hardCodedAccessTokenFromDjango)
print(SPTAudioStreamingController.sharedInstance().loggedIn)
I have set up all the app settings I need to, per the two tutorials I followed here and here. I know that I will not be able to hard code the information like that, but I was under the impression that I should be able to login(withaccesstoken:) simply using the access token I had. I am trying to find the best practice for sending my acces token through My Django REST API and then authenticating the SDK with it.
I ended up being able to get the same code to work. I added a session variable and set it, but the main problem was that django-allauth defaulted to requesting no scopes, I changed the source code to the scopes I needed and the process went much smoother. I believe I can access my access token through my api and that will be enough to initialize everythign client side, which is wa
I'm creating an iPhone application that uses salesforce as it's server-side data component, I need to access the database from the application to retrieve data for whichever user logs into the app, to do this I need to authenticate with Sales force.
I'm using the Rest API Template that was available in XCode after installing SalesForce, but I keep getting this:
Is there any way I can login to salesforce programmatically? I'd like our use of Salesforce to be 'behind the scenes' so to speak, so that our users never have to directly interact with salesforce themselves, is there any way to do this?
That looks like the OAuth challenge. You should be able to bypass this by providing a Session Id. In order to get a Session ID, you have to login with the user's username and password. You can use the SOAP API for this.
Yes you can do the login behind the scenes.
Follow this Self login in Salesforce API in iPhone?
I was stuck with the same issue and finally figured it out.
I'm currently making a CMS and I would like to use some Facebook functionnalities.
The problem is that I need an API Key for that. So I'm wondering that if I have an API Key can I share it with my open source cms project to anyone? And can anyone use it with my CMS?
You have two options.
Create an app for each installation of the CMS, then set app secret and ID in the CMS configuration file.
If you want all installations to use the same app securely you will need a loop back server (i.e. the CMS installation makes a call to your server, which in turn makes a call to Facebook and returns the results).
Do not share your App Secret with anyone. The App Secret is used to sign the signed_request that is passed to you after Facebook authentication. With the App Secret, a hacker can impersonate anyone to use your app because he can pass anything and sign it as if it is from Facebook.
I am writing an iPhone app that uses Facebook extensively. Right now, I'm getting the access token using the iPhone Facebook SDK. This returns me a standard access token.
I'm sending this token server-side and using it for many queries successfully. However, there are some queries that require an access token signed with the Application Secret, which the iPhone app sdk can't do client-side due to security vulnerabilities (specifically I'm trying to use dashboard methods).
So my question is: is there some way I can have Facebook upgrade this iPhone access token server-side to contain the signed secret? Or do I have to validate server-side from the beginning to do this?
The docs say that with the 'Server-side flow' method, once the user allows your app, you get a code generated by the server that you must send back with your App Secret to get your access token. The iPhone SDK uses 'Client-side flow' method, and it seems to skip this step, so I'm not sure how to get this code. So I guess the question boils down to, is it possible to upgrade a token gotten with the 'client side flow' method to one that can be used fully server side.
The answer is no.
The user token and app tokens are different and you can't convert one to the other.
Because you have a client app, I don't recommend that you embedded your app secret (as you point out).
For your app, I recommend that you create a web page on a server you control that gets and use app token that makes the calls you want.