I need my iphone app to allow users to post to a google fusion table without entering a username and password. currently I use google client login with the password hard coded into the app. Obviously this is a poor solution, but I cannot find how to do this with oauth?
Do you want the user to be submitting data to their own individual fusion tables, or all users to be modifying a single table that you own?
For the first case, you'll want the user to authorize (via oauth) access to their account (there's no iOS specific client library from Google, but there are a number of answers here in SO about how to do this)
If you want everyone to be entering data into the same table, the best practice is probably not to hardcode the password and/or tokens into your app, but rather to use a proxy (for example via a service account running on AppEngine). Note that this proxy should still do some kind of authentication with your iphone users so random folks can't just easily post whatever they want to it w/o running your app.
Related
I have an app with SwiftyDropbox that function correctly, but I need to insert email and password for Dropbox every time that I use the app.
The app it's only for my use, it's not a security problem if the app auto-login in my account.
I don't find examples or documentation to make an auto-login with SwiftyDropbox. It's possible?
While the Dropbox API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files, it is technically possible to connect to just one account. We generally don't recommend doing so, for various technical and security reasons, but those won't apply if you're the only user anyway.
So, there are two ways to go about this:
1) Implement the normal app authorization flow as documented, and log in and authorize the app once per app installation. The SwiftyDropbox SDK will store the resulting access token for you, which you can programmatically re-use after that point each time using authorizedClient.
2) Manually retrieve an access token for your account and hard code it in to the app, using the DropboxClient constructor shown here under "Initialize with manually retrieved auth token".
I'm trying to make a chatbot with Dialogflow for Google Home. It requires the user to input a URL. Now it will definitely be a long and complicated URL which I can't recreate and I can't have the user speak into the google home.
The idea I had was that the user would input the URL on an agent on messenger. I store this on a Firebase database and then access it with a second agent.
Now the issue I have is authentication, I was hoping to use account linking on my google action with facebook. But I can't login to Facebook with google home. Or if I can, I can't find any documentation specific to that case. Facebook doesn't provide the necessary client ID and secret(as far as I can see).
I managed amazon and Gmail account linking with Alexa and an Amazon Echo. In those cases, you would have to login to google or amazon on the Alexa app or webpage. Then this will be integrated with your Echo and the skill will become usable.
Anyone have an idea of how I can make the link happen, if not then anyone have an idea as to how I can solve the overall problem?
This question has been left unanswered on other forums, but I was hoping to either get it solved or find an alternative.
There are three approaches to solving your overall problem - getting the URL manually entered and available to your Action. Two of them tackle it the way you've suggested - involving authenticating to Facebook and tying that to the Assistant account somehow. One solves it entirely inside the Assistant.
Account linking to the Facebook account
You've tagged firebase-authentication, so I'm going to assume that you're using it to do the auth and you've enabled Facebook login through it. This means your user has a "Firebase Account", but they log into that account using Facebook.
I will assume you have a way to get the URL from messenger once they're logged in.
The trick in this case is to setup Account Linking between their Firebase account and their Assistant account. This is done by setting up an OAuth2 server that has access to the Firebase accounts and will create authorization and refresh tokens that are given to the Assistant.
In the Action, you'll send the user to the Sign In helper, which will redirect them to your login page and send back a one-time auth code to the Assistant. The assistant will then use your OAuth2 server to exchange this code for auth and refresh tokens. Periodically it will use the refresh token to get new auth tokens.
When the user returns to the conversation through the Assistant, you'll be handed an auth token and you can use this to lookup the user. Since you also know their Facebook account, you can get the URL via however you planned to do so.
There are drawbacks to this method - it is very complicated, and setting up your own OAuth2 server is not for the faint of heart. You may be able to use something like Auth0 instead of Firebase Authentication to accomplish the same thing, but then you don't have the ease of access to the Firebase database.
Account linking to both Facebook and Google
In your Firebase account, however, you don't need to limit them to just logging into Facebook. You can have them use Firebase to record both the Facebook and Google accounts that they're using. This would "link" the two accounts together in your system.
With this, you don't need to setup an OAuth2 server. Instead, you can have the Assistant use Google Sign In for authentication. If the Google Cloud Project that Firebase is using and the Assistant are using are the same project, then once the user has logged in to your project's web page with their Google account, you'll get an identity token on the Assistant which will contain their Google ID. You can use this to match up with their Firebase account and get the Facebook ID and proceed from there.
But this is still a lot of work and kinda messy, jumping between systems.
Using just the Google Assistant (and maybe a web page)
If you're willing to make some assumptions about the devices your users are using, then you may be able to do it all just using the Assistant. The Assistant doesn't just run on the Google Home and other smart speakers, it also works on most current Android and iOS devices.
So you can detect if they have such a device available and, if they do and they're not currently on it, direct them to switch to that device when you need the URL.
If they don't have such a device available (perhaps because their version of Android is older), and you think this may be a common scenario, you may need to make another entry source available. This could be one of the solutions above, or you may want to just have a simple web page (done via Firebase Hosting and Firebase Functions, perhaps) where they log in using their Google account (so you get their ID) and you let them enter the URL. If you just need a URL - going through Dialogflow may be more complexity than you need.
In our project, we want to give the user the option to only fill out one login screen, then the app should check many social networks for this email & password combination and log the user in accordingly.
However, the problem we are facing is with oAuth, which only allows for default login screen.
I heard about it would be possible for Twitter when getting a xAuth certificate from them (hard to get ?)
How's about facebook, linked in ?
Anyone knows how to get this done ?
Thanks, we are stuck with this already for a while.
Most challenging issue you have is the most of the service provider be it OpenID/OAuth enabled will not let you search there system with what you are trying to access.
Even some of the system like Twitter/LinkedIn never give you back user email id they treat it as a security issue (Though they call it as design specifications :))
So i am afraid it is possible.For getting XAuth for Twitter
To use xAuth, send a request to api#twitter.com with plenty
of details about your application and why xAuth is the best choice for it.
here are more details
XAuth Twitter
But even twiter XAuth is almost same as OAuth.XAuth is still in its early stage.One way is to ask user for the email and than based on the domain redirect user to the particular system and let user authorize themself, but personally that is kind of heck and not a good solution at all.
Why user will fill his username and password of other service in your login screen?? don't you think that's something beat the whole idea of security
I'm building an iPhone app that, in part, allows the user to log in to, pull data, and post data back to a Wordpress site (more specifically, Buddypress). One way I'm considering approaching this problem is to use a series of UIWebViews to display the mobile-themed version of the site.
Ideally, I want the user to be able to, upon first-launch of the app, input their username and password, and then never have to do it again (functionally similar to tons of other social apps out there, like Facebook, Twitter, etc.)
Here's my question - obviously it is easy to store the user's login credentials, but how do I, in the background, establish an authenticated and persistant session with those credentials each time the app opens, so for the user, they are never presented with a login screen again, and can just use the app like normal?
Does anybody have any suggestions?
WordPress uses XMLRPC to authenticate. You can, on top of the API given, write your own codes to store credentials. Persistent session can then be made.
Read this FAQ : XML-RPC Support for WordPress
Let's say I have a killer mobile app named X. I have lots of users and some users want a desktop version of X. How do I associate my mobile users profile with their new website profile? I don't want to have a username/password on the mobile device, because all of my users are on mobile and have a unique mobile device id already.
I was thinking about generating a short UUID in the cloud, send it to the device and when the user signs up for the website they just input their UUID and email.
Is that the best way to do it? Is there a better way?
Integrate with Google's auth. The phone will pop up and ask you which (of all the Google accounts you associate with your phone) you want to use. Then you website and/or other apps need to be able to handle Google's sign-in.
Try something like OpenID, where in you have one Id which can be associated to multiple devices as it would be user specific and there will not be any issue as such.
For example, we have something like SO has implemented on it login page.
By using the user's unique device ID, you potentially limit the user to a single mobile device. (What happens when the user gets a new phone/tablet?) If you are providing a service across multiple platforms, (e.g. mobile, desktop, and web,) I don't think it would be outlandish to require a username and password.
Another option would be to leverage another platform that already does authentication, such as Facebook Connect, or OpenFeint. Of course, it should simply be an option: users shouldn't be required to have such an account to use your service.