iOS user authentication (restrict to specific domain name) - iphone

I'm developing my first iPhone app to make what is effectively an app version of a fantasy league I created for work colleagues.
I am using Parse for the backend of the app. I only want people to be able to register with their work email address ie only if their e-mail address is _#mycompany.com
I'm sure this would be quite easy to someone who knew what htey were doing but I'm kind of new to this so any advice would be much appreciated.
Thanks

You could do this in a number of ways. The easiest way would be to have the validation happen on-device - just check the e-mail address the user has put into the app, and only allow the registration to happen if it matches the domain you want to limit it to.
However, although this is very easy it's also open to abuse and it's not very flexible (if you want to add additional domains, you have to update the app).
Fortunately, Parse offers cloud code, which lets you validate data server-side. Cloud code is written in JavaScript, and you then upload it to Parse. There is full documentation on Parse's website, including examples for validating data.

Related

Finishing Whatsapp Business API Setup

I came from a similar state in this question.
My objective is to reply to interested customers via whatsapp messages. I'll use a very special setup, so I'll be using the API.
Reasons:
With not to pay anyone other than container hosts
Solution with custom API
Customer doesn't like any extra costs
Just like user noboundaries, I see the numbers, but I cant get the certificate
User Navjot Singh has explained I need to create a "business api account"
I tried just that, put out all my contacts and stuff, in this site.
They did respond yes, but only with pointless instructions, since I wish not to contract any messaging providers. I had taken a look at it, but they charge a very expensive price beyond the $0.005 whatsapp will charge. Also, the solution I'm creating requires messages to be sent programatically, and the partners don't seem to provide the correct solution.
So, I wish to skip into using the api. I followed the appropriate guides:
Getting started
Phone Number
I already got some things done:
two phone numbers (one of them for testing) with whatsapp business;
company has been verified, with domain
have business management account
local environment with docker
I can access the local environment and I have set an user account and the admin acount. I can log into those via the API, since postman can ignore certificates, but in order to proceed I really feel like I need that certificate.
So to sim up I guess I need help creating the whatsapp business account for my customer. Any advice?
Also i'd appreciate any other helpful insight or feedback. I really feel lost and I don't see a place where I can talk to people trying to do the same thing, or doing this is much of a madness after all?
thanks for getting to read until here, and I apologize for my non natural, almost broken English.
Hi I wanted to start big in stackOverflow but I fell flat.
About the subject at hand, westerday I dwelt deep into the rabbit hole.
For most companies, you actually are forced to work with a provider, such as twllio or messagebird. They act as intermediary between the facebook business and the whatsapp business api.
Some of they offer messaging separated from whatsapp api setup I still need to take a look into it, but for those who are trying to set up whatsapp business api on their one, it seems as of november 2020 it's not possible.
please check out:
respond.io's guide
blog post from take.net PT-BR (google translate didn't like me trying to translate this to English)

Ejabberd: How to limit the fetching of jabber user directory (JUD)

I'm developing a client jabberd application for mobile(android) using (a)Smack.
Since, in my application, the users are registered by their phone numbers, the application should be able to recognize which contact has a jabber account on the server and suggest him/her for chatting.
After googlling the web I found that there is a jabber user directory (JUD) which I can use to check there is an account for a specific mobile number or not. (I'm using UserSearchManager).
My questions:
1- It seems that there is no record in JUD for a user who has not updated his vCard yet, so I cannot find him. Is there any solution to check the existence of this kind of users?
2- It seems that by using JUD, everyone outside of my application can fetch some important information of users such as mobile numbers, emails, etc. Is there any solution to limit JUD search engine? (for example, getting only "user field" as a input and returning only "full name field" of existing accounts or other useful limitation).
So by this way, I can recognize which person from the contact list has an account on the server and also other people cannot fetch important information of the exiting users.
Any command or advice is appreciated. Thank you.
I do not think it is possible as default, without customizing ejabberd application code.

Automate distribution of redemption codes for Custom B2B app

I have built a Custom B2B app for one of our clients. My question is how to automate the distribution of the redemption codes.
I have already looked at some of the MDM providers. Their solutions are too expensive and all we really need is a way to distribute the app from a webserver, not manage a bunch of mobile devices.
As you probably already know, when a client buys a Custom B2B app through the Apple VPP program, they get a spreadsheet with valid redemption codes for the number of licenses they have built. This spreadsheet has 2 columns: 1) redemption code 2) URL to redeem the code
I want to provide my client with a URL where they can send their users to download the app. They just don't have the expertise/infrastructure to distribute the app themselves. And emailing clients is not going to work.
I'm not a web guy, but it seems to me that we could write a webpage that would look at the spreadsheet for the next available activation code and then redirect the user to the associated URL. I'm not concerned with the number of licenses they distribute since I have another way of auditing the real number of users (Flurry). So I want this to be as painless as possible.
In fact, I have multiple clients and want to provide them each with their own URL for their clients. It seems like this shouldn't be too difficult to code.
The problem is, I'm not the guy to write that code. Any ideas on how best to do this?
Assuming that you don't want to show the user a website you should be able to do this with an online service like parse.com and the features it offers.
From a user POV you would supply them with a link which directed them to parse.com with a path and parameters indicating the action to be taken (get app) and what account is associated. This would redirect the users browser to the appropriate destination.
The main issue (and this applies to any solution) is knowing if the user actually followed through and used the code. i.e. should it be removed from the DB so it isn't offered to another user in future. Then you would update the DB each time you get a new spreadsheet.
Anyway, this could be achieved with a little javascript in parse.com, specifically, by using cloud code which can interrogate and modify the DB and then redirect the user.
Obviously if you need user authentication of some kind or other restrictions then you would need to start adding some web interface on top of this in order to collect the details.

rails beta request signup with social media sharing reward

I would like to build a simple beta request signup page where the user is rewarded with an earlier reward when he is sharing the link to the application as much as possible.
A solution like this is seeable on
trenvy.com
User enters email
User gets unique link with his unique code
User shares this link on every signup its a +1 count on him
An admin method throws out the users emails which have shared the link and brought the most people in. I want to use this email list to use in CampaignMonitor.
Anyone knows what could be a good way to achieve this? Or someone wrote such a thing or knows a git repo that has this feature implemented as is to take a look at and learn?
I have already coded a unique code generator for the app that makes unique codes of 10 chars.
Now only this social media sharing is a bit unclear to me on how to approach this in rails, any ideas on that? thx!
Something like this can be achieved pretty easily in any framework, so I think I'll provide a general answer first, and if any specific gems occur to me, I'll mention them:
1) The unique code part is easy, it's just a parameter in a controller that checks the validity of the code — this would be a unique code that's added to the user model for ease of verification and created when the user first enters his email address.
2) Every time the link is visited, it's parsed by the controller and saves an event (don't just increment a field if you want maximum data out of the interaction, you could save IP for country of origin, time of the page hit, etc), just count the click events for that user for his +1s
3) Just write a quick admin site (i used twitter bootstrap for this recently) that lets you see the user's who've interacted with the system and sort by shares, and you can use the createsend gem to add them to whatever list you like.
There are no specific gems I can think of that'll speed this process up, Devise is overkill, you don't really need an activity monitor gem since you're not storing much info, definitely twitter_bootstrap for speeding up building the admin interface. Heroku lets you add an Sendgrid as a plugin, so you're covered there for mail sending.
Am i missing anything in your requirements? Seriously though this should be a 2-4 day dev effort, nothing fancy here.

Should I offer the ability to log into my app with a phone number?

I have a web app that you can currently log into with either your email address or your username.
I'm developing an iPhone application and I'm just wondering if I should offer the ability to log in with your phone number. If this is the case, a user would first have to provide the service with a number on the web (an optional parameter).
I find it convenient on other services I use where I might not remember what email I have connected to it.
Is this a good idea?
Would you offer it in a service you were
building?
I'm trying to decide if its worth the trouble to build.
NOTE: This number would strictly be used for authentication.
I think that if your service is not about phone numbers (calling, texting, etc., e.g., whatsapp, etc.) I would not add phone number authentication for a few reasons:
Some users might be deterred to provide a phone number due to privacy concerns (no matter how hard you try to explain them that you will keep it safe)
With the phone number you will now have 3 options to login with, which is way too much. You want to keep your mobile login screen very simple
Some people may think that they might get SMSs from you or get their phone bill charged somehow
Overloads your backend
Just keep it simple...:)
To add to that, I personally prefer just email, without a user name. So many sites require user names AND impose restrictions on how this user name should be structured, so you end up with tons of them. With emails, you can't go so wrong - most people use a primary one to sign up for sites.
Hope that helps.