I am plannig to create a FirefoxOS app using Deezer API. So it would be a WebApp but it doesn't run on a server.
My main doubt is about the chanel url for cross domain requests.
Which one can I use or how can I manage that as soon as I have not a server URL neither a native package name?
Thank you.
Auth necessarily needs a domain or a bundle id to work properly. API cross domain requests can work without the channel URL though, you'll find code snippets to make jsonp queries here: https://github.com/deezer/code-snippets/blob/master/deezer-sdk-js/simple-deezer-api-request.js
Related
I'm currently working on a VueJS project on which I've just implemented a SSO system designed by the Portuguese government using our national identity cards, but I'm having some issues parsing the response from the external authentication server.
Here's a small GIF of my problem: https://gfycat.com/threadbarepossiblebagworm
The workflow is as follows:
User clicks on Authenticate.
User chooses "Login via ID Card"
User gets redirected to the external Authentication Provider
User logins with his ID Card.
External Authentication provider then sends back a POST method to the callback URL that is provided.
I read/parse the callback
The issue lies in step 6... The external authentication provider uses the callback URL I provided but I get this error
Cannot POST /users/callback
If this was a typical NodeJS I could just use
router.post('/callback' ....)
Is there a way I can read that callback in VueJS?
I've found this similar issue https://forum.vuejs.org/t/cannot-post-handling-form-post-from-an-external-site/41194/1 but no one managed to offer him a solution.
Thanks in advance!
EDIT: Before you ask, yes, that '/users/callback' is defined on router.ts and if I go to that route it does show a page. It's just not designed for POST methods afaik
Vue is a front-end framework, which means it doesn't have direct access to POST requests by default.
For production, are you running an npm script like "npm run build" and then serving the files that appear in the "dist" folder on a webserver, say Apache? Then you would have to respond to the POST request in Apache.
You could then store their authentication result "farther toward the backend" than Vue and have Vue grab it with vuex.
Greeting everyone, may I ask your help for following question?
I'm using following code to call external browser in my current iPhone apps:
[[UIApplication sharedApplication] openURL:urls];
urls = "http://myhost.net/home.aspx"
Assume user is already logged in to the apps,
I can to pass the user name password to "home.aspx" if security is not a concern...
e.g. urls = "http://myhost.net/home.aspx?username=xxx&password=123456"
Question 1: Can I pass some information to home.aspx by "post" instead of "get" method?
Question 2
If above solution is not possible, I would like to set basic authentication in IIS 7.
When the external browser called by apps, can users access to "home.aspx" without 2nd login? (e.g. use code to bypass it)
For Q2, here is my current situation for your reference:
1) I have video steaming service provided by Windows IIS, when user type the URL from browser, the login form will prompt. a. e.g. xxxx/video.htm b. The IIS is configured with SSL and basic authentication
2) After user login succeed, the video should be properly displayed in the HTML 5 page.
3) We have the iPad/iPhone apps will open the external browser (i.e. Safari) to see the video page, but I don't know how can by pass the authentication (i.e. user should not see login form) if user already logged in the app within 15 mins.
Many thanks for your attention.
Re: August
About question 2, "[[UIApplication sharedApplication] openURL:urls];"
In theory you can do it for non-video streaming hyperlinks, but there are no solution or workaround for video streaming in similar passthough scenario.
Please also see:
Stream MP4 Video From Seek Position in ASP.NET
Both handler or REST web service require header handling but that might be product limitation because no existing APIs work for it.
Hope this helps.
As far as your question is concern, you can only pass variables to a web url if and only if you a Web Service like REST or SOAP installed on your local or remote server. You can search for Web Service API's for ASP.net that suits your need. From there, you can authenticate any variables by setting the response in every request. You can start with this.
On the other end (in the iphone), you can't just use your code above to send request, this can be done using the native iOS url connection but I do recommend to use libraries like RESTKit or probably ASIHTTPRequest. Both handle requests like get, post, delete and update.
ANSWER: The problem is that I am trying to make a cross-domain call using Ext.Ajax.Request().
I'm designing an app that will be making http POST and GET requests to a RESTful service. The service is already in place and if I use a utility like soapUI or the Chrome Rest Client to make the calls they are successful. Someone might ask: "Is this a cross domain call?" My answer: I don't know. I can tell you that the service is not hosted on my own computer but again, if I use soapUI or the Chrome Rest Client plugin for my Chrome browser I can successfully make the calls.
However, If I try to do them using Ext.Ajax.Request() they fail, almost immediately.
If I use Ext.util.JSONP.request() it won't let me do a POST. What is the solution?
You can specify the request method in the Ajax call:
new Ext.Ajax.request({ url:'http://foo', method:'POST', ... });
See also: http://docs.sencha.com/ext-js/4-0/#!/api/Ext.Ajax
Hope this helps.
The answer is that it is impossible to use Ext.Ajax.Request() to make a call to a service not on the local machine/device. This is called cross-site/cross-domain scripting and is blocked by all browsers by default. It is possible to disable this security feature, but ONLY use that for development purposes.
If you are developing for a mobile device, I recommend developing with disabled browser security on your computer, and then using PhoneGap to package your app. PhoneGap allows cross-domain/cross-site scripting and so Ext.Ajax.Request() to an outside service will work using PhoneGap.
I am working with an app that is querying a JSON API on a server running Drupal. I used this tutorial and have changed the code a bit to work with my program, but every request just sends me to the not authorized page that the server generates. Any ideas why?
Why not use the drupal ios sdk? https://github.com/organizations/workhabitinc
I guess you haven't set the permissions in the Drupal service.
First go to permissions, and set the desired ones for the modules you're using (I guess you're using the default ones that are included within the services module).
Next, go to Site Building->Services, and authentication. Check if you have any authentication module set, and if so, add the methods that you're using to that key.
At our company we've made several apps which uses Drupal (but using XMLRPC instead of JSON). So feel free to ask everytime you need :)
I'm diving into web development and I've built a few basic rails apps, but now I'd like to begin learning how to securely connect my iOS apps with my Rails apps. For example, if I want my iOS app to query my Rails webapp for some data from the DB by passing parameters in the url...
http://mywebapp/mycontroller/search?q=keyword
...what are some common web development methods I can use to prevent anything (or anyone) other than my iOS app from successfully executing that search query?
I'm sure this type of forgery that I'm trying to prevent has a formal name, but I'm very new to web development and I'm still learning all the jargon. Thanks so much for your wisdom!
Use the trick that Rails uses in the protect_from_forgery by generating a unique key for you iphone app. Then ensure that your app passes that key in the requests to the server. You can then write a before_filter to ensure that the request possesses the key. If it does then you process the request. If it does not then you return an error with a custom message explaining why they can't have access.
You could create a hash and use it as a token which would be passed with each call to identify your application (hard coded value in the app) and the session (current ip address of the client.) So: hard_coded_value + ip_addressed -> MD5/SHA1 (whichever) = token. Your server would also have a copy of the hard coded value as well as the calling client's ip address, perform the same hashing function and compare the results. If they match, it's your app. If not, then it isn't.
you should add HTTP basic authentication in your web app (search file)
Refer these links -
http://en.wikipedia.org/wiki/Basic_access_authentication
http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html
Basic HTTP Authentication on iPhone
NSURLConnection and Basic HTTP Authentication in iOS