I have a query regarding to session maintain between application and web browser.
I'm developing an iPhone application and there is also one website (in wordpress) same for this application.
My question is , is it possible to show user login in mobile's web browser if he/she is login into application from same mobile device?
In short, I want to know where is this session stored? In application or in device? If it is in device then how can I check same for the web browser?
Cookies are stored per app, not per device. Safari has its own sandbox whereas each native app runs in its own sandbox, otherwise Safari's security model would be compromised.
In OS X, cookie storage is shared across all apps; in iOS, cookie storage is per-app. Reference: About the URL Loading System.
So for your scenario, this is how you should be able to make it work (I haven't tried it though):
In your mobile app, open website in Safari. Send a HTTP header to tell the web server that this hit is coming in from your native app
If you are already logged in via Safari, then your server will identify the user. Code your server to send back a redirect response (only in case when the request is from native app). This redirect response will contain a session cookie / auth_token with it. Also, the redirect location would use the iOS custom url scheme, e.g. myapp://mydashboard
In your native app, register the app as the handler of that custom url so that it can catch and handle the redirect appropriately
In subsequent requests from the native app, send the session cookie / auth_token
Hope it helps.
Related
I have a Iphone application that uses my web services (coded in Zend) to authenticate login credentials. It sends the login credentials to a URL of my web service via POST.
Now is there any way in Zend to set cookie in the Iphone local storage device, through web services. To be more clear i want to set cookie after user is authenticated with user info on the iphone device when it makes the http POST request Can this be possible? Why or why not?
Thanks.
Cookies are not a solution if i assume you need to keep the credential for each new request on the webservice.
You should keep an hash of the session or of the credential once the user is authenticated, then send it as a parameter on each new request, beside you'll be able to keep track of your users.
if(isset($_GET['mac']))
session_id($_GET['mac']);
else
die(session_id());
If your mobile client send request without mac (first request) it well get mac . Once you
have the mac then simply send in each request which will give you cookie-session like functionality.
I'm working on a mobile app, and it makes use of a server as a middle-man for various reasons. Since the mobile app never interfaces directly with facebook, the server handles all auth. (It is in Python.) Here's the flow:
The app asks for an auth URL, and the server sends it "https://www.facebook.com/dialog/oauth" with the appropriate parameters.
The app sends the user to the page, they navigate etc. and get to the code...
...which they copy back to the app, which sends it to the server for authentication. (I'm going to factor this step out eventually.
The problem is that that particular URL juts looks dreadful on the iPhone. I've tried to find a mobile version (there must be one, right?) but nothing has come up.
Have you tried requesting "https://graph.facebook.com/oauth/authorize"? You can add "&display=touch" to force the mobile version.
I'm using Facebook connect for request credentials to the user's information.
I'm doing it from the web browser.
If the user is using a mobile (Android/Iphone) device, all the authorization process goes inside the browser.
Is it possible to raise the Facebook application (if it's already installed) and pass all the authorization process there? instead of keep using the browser (to improve the user experience).
I can detect if the user is coming from a mobile device (by his user-agent for example), maybe I can add some special url schema to raise the Facebook application?
Thanks,
Itay.
For iPhone: try to see with openURL function. See this article for more information to launch Facebook app
I'd like to enable users of my app to associate their twitter accounts so that some application interaction is automatically tweeted.
Users can already associate their twitter accounts via the web interface, and I'd like them to be able to do the same from the mobile (iOS) app.
The problem is, when the application is registered as a web app, a callback URL is specified. So when users log into twitter using SA_OAuthTwitterEngine, the response is redirected to that URL, and the callback events on the client never fire.
Can I use SA_OAuthTwitterEngine, and override the callback parameter (nullify it) so that I get the same interaction (PIN) as a desktop client?
For a mobile client, best to use xAuth. Using the pin method is suboptimal for mobile. After all your application isn't a web app.
The new MGTwitterEngine has xAuth support, so switching should be painless :)
I'm building a (Rails-based) web service with a mobile app (iPhone) as frontend. In order to allow people to login using Facebook, I've built something using devise and omniauth that allows the user to log in using Facebook and store the credentials in the database. This works perfectly, all from the web app.
However, now the second part: I want to let users log in via the mobile app. Of course, there are the FB Connect libraries, but they give the mobile app access to the Graph API. Instead, I would like a mobile log-in screen that authorizes Rails to access the data. This is because later on, users might use both the iPhone app and web app.
What would be the recommended way of doing this? Are there any best practices?
I solved it by doing the authorization using FB Connect and the FB app. After authorizing, the FB app opens my app again, and I can read out the access token. Which I can then send to the server and use there.