I am doing an iPhone app which requires OAuth 2.0 protocol to be implemented for the login of the user to a particular website. I have the client id and client secret which i got after registering my application on the website. I would like to know a few things about this.
I saw a number of links regarding this. But yet in my head I'm not very sure of whether i need to use OAuth classes or OAuth consumer classes?
Is authentication of the user possible in OAuth without sending the email id and password of the user in a query string?
Is is possible to load the website in a uiwebview and login to the website and get the user credentials for the further screen functionalities.
This is the first kind of such an app I'm developing. It would be great if someone could help me out so that i can know clearly how i should go about.
EDIT: if there any good tutorials for achieving Login to a website using OAuth please do share.
Thanks in advance
OAuth spec and documentations
OAuth 1.0 protocol: https://www.rfc-editor.org/rfc/rfc5849
OAuth 2.0 protocol: https://www.rfc-editor.org/rfc/rfc6749
http://oauth.net/documentation/getting-started/
http://hueniverse.com/oauth/
SDKs for OAuth on iOS
YToolkit (OAuth 1.0 & 2.0)
Source on GitHub
OAuthConsumer (OAuth 2.0)
Source on Google Code
Wiki
LROAuth2Client (OAuth 2.0)
Source on GitHub
Simple document
Demo project
MPOAuthConnection (OAuth 1.0)
Source on GitHub
Wiki
(Speaking of "a particular website", does it have official or third-party SDK for iOS? If yes then you don't need to implement OAuth authorization yourself.)
You can find a good tutorial on OAuth Tutorial.
This tutorial is a for MAC applications and uses Google OAuthCustomer library.
OAuthCustomer related readings and source codes can be find within the below URLs
Google OAuthCustomer
Sample Application
Make sure to remove non ARC stuff from the OAuthCustomer Library files for iOS applications
Related
I need to build oAuth provider and started to do my homework around Facebook and Google, as they are the largest example there is I think. What I still don't understand, when a web site wants to use oAuth from Google or Facebook, does it have to apply their SDK or SDK is just to simple the hard work, but there is the way to do it your self from scratch? I asking this, because I wonder, if after my oAuth provide will be ready, I will have to create SDK as well.
No, you do not have to create any SDK for OAuth provider or clients. You can look at an google's playground for a sample end to end demonstration of OAuth2 flow.
I have one problem regarding OAuth integration in iPhone App.
Can anyone help me how to integrate OAuth 2.0 with facebook in iPhone ?
I have referred so many sites about OAuth but I haven't got satisfied answer yet. I referred this question of stackoverflow. There is one good option about ShareKit. But my client wants only OAuth 2.0.
I downloaded framework from google code. I integrated it in my application. But How to use it ? Without guidance I can't implement it in proper way.
I have got stuck between my application and 0Auth 2.0 since last 3 days. Please can anyone give me idea or demo project or any another tutorial ?
Rather than implement OAuth for Facebook, make use of the Facebook iOS SDK which makes handling Facebook Auth and Requests much easier. You can read about it and download it here... http://developers.facebook.com/ios/
I just done a research
This post will really help you
Also please look at the below posts
iphone-facebook-oauth2-graph-api
OAuth and Facebook iPhone SDK
The framework you mentioned in your post is not for OAuth 2, but for OAuth 1.0a.
You can try the OAuth2Client we developed for talking to the SoundCloud API. It's build against draft 10 of the spec. I'm not sure which one is used by Facebook. Unfortunately the spec is not final yet and over the years different services adopted different drafts of the spec.
If you're able to argue with your client I'd try to convince him to let you go with the official iOS SDK. This gives you many benefits like automatic token refresh, single sign on via the official app & much more.
I'm looking to implement Single Sign On for a native iOS app whereby logging in with this single sign on gives the mobile device authenticated access to our private service in a fashion that is somewhat similar to oauth.
The marketing text on openid.net suggests that "OpenID is a safe, faster, and easier way to log in to web sites.". Emphasis on web sites.
So the question is: Is it reasonable to implement openID on a native mobile app, or is openID only for web sites.
I've been scouring the web and I'm not finding a way to fit openID in as my login option.
The best way to do this seems to be to use a UIWebView and render a log in page from your site in it. Once the user logs in, they'll be redirected back to your site and have an auth cookie, which you can extract, store, and send on subsequent HTTP requests to the server.
See this, which has a sample code link at the bottom.
OpenID sends its messages as a series of HTTP requests and responses. Your app and the openid provider must communicate to each other via HTTP post, and you will need to redirect the user to corresponding URLs, and have a URL for the user to be redirected back to. As such, you will probably find it difficult to integrate with your app.
Derek Knight claims to have been experimenting with iOS and OpenID using the Janrain Engage iOS SDK. Although the github link he references no longer exists and he doesnt provide a complete and verified solution, he does offer an idea for how it might work.
OpenID and iOS development - gordonknight.co.uk
Janrain Engage for your iPad Apps
The accepted answer diminish the OpenID protocol. OpenID is a federated authentication protocol aiming simple SSO experience, its a web based protocol but it can be implemented if you design an authentication broker.
APPs share nothing, apps should never access anything but identity token and access token (if allow). here is a link to get you starter in the right path to build seems-less SSO in the mobile between apps regardless the app isolation level.
https://www.pingidentity.com/developer/en/resources/napps-native-app-sso.html
Libraries:
https://github.com/openid/AppAuth-iOS
https://github.com/openid/AppAuth-Android
I am looking for a barebones facebook connection from pure actionscript to use in a mobile. Does anyone know of any examples. Been having a hard time finding what I want in Google
Thanks!
You cant connect to facebook with only actionscript - flash does not implement OAuth which you need to get a valid access token.
You have to either get an access token through PHP, or Javascript.
If you are making a mobile web-app you can check out
http://blog.yoz.sk/2010/04/facebook-now-with-oauth-and-open-graph/
Jozef Chúťka put together a great walkthrough and classes for AS3 and facebook.
So you can make a web app or use a web view in AIR to handle your authentication.
I am creating a twitter application in iphone using oauth. But my application request for:
oauth_consumer_key,
oauth_signature_method,
oauth_signature,
oauth_timestamp,
oauth_nonce,
oauth_version,
oauth_callback,
Please anyone help me how to create all these keys for my application.
In my twitter account xauth is disabled by default. So, how can I enable it in my application?
It's highly unlikely you need to enable xAuth. The Twitter API documentation, specifically the authentication guide explain these parameters in more detail. Also have the OAuth 1.0 spec open to refer to, even if you're using a third party library- you will save your sanity if you understand the mechanics of the token exchange.
You'll need to read up about OAuth. All the fields are part of the standard. Twitter will give you the first one (oauth_consumer_key), and the version number is always 1.0. (Version 2.0 is not yet complete and Twitter doesn't use it.) The others you need to calculate. Or at least find an open source library that does it for you.
As for enabling xAuth, you need to send a message to Twitter. Sounds like they're getting more and more strict about which apps they allow, though.