I am trying to create a login system for my iPhone application. My login system is not an ordinary one. Here is what I want the iphone to do.
First of all I will post to a website
"https://www.example.com/login"
my username and password.
If login is achieved (i.e. username and password are correct), it will redirect me to
"https://www.example.com/login/success"
else it will redirect me to
"https://www.example.com/login/retry".
I know it sounds strange but thats the way it works. By the way my application is programmed using Objective-C.
So what I want from the login system is to detect the address of the redirected site and if it is the success one, it will allow me to view the rest of the application.
Can I do that login system on iOS? Do you have any idea about that?
The NSHTTPURLResponse class has a method allHeaderFields that you can use to pull out the Location header. Be aware that header names are case-insensitive.
It sounds like you are trying to use the actual website for authentication. While this may be possible, I would advise against it. You should write a separate web service (aka an API) for the app to interact with. If you aren't familiar with the concept of an API do a quick google search.
Related
I'm a beginner developer. I am writing an iOS application using Flutter. I need to use an API to identify my user. The provider of that API asks me to send them a redirect URL. From what I understand, when an user identify themselves on my app, a request will be send to the API provider, and once the user is correctly identified, the API provider want to know where to send the user (the redirect URL). But I want the user to stay on my app.
How should I set up that ?
Thanks
The usual way to implement this is via the AppAuth pattern, where the app invokes an ASWebAuthenticationSession window, which is a secure browser. From a UX viewpoint it looks integrated and remains a part of the app.
As a next step, maybe have a look at my iOS AppAuth Basic Tutorial to see what this looks like. The simplest option is a private URI scheme based redirect URL that looks like this:
net.openid.appauthdemo:/oauth2redirect
Once the concepts are understood, and your team has reviewed the user experience etc, the next step would be to implement this behaviour in Flutter.
I have a website that uses Django piston for the API. I have also created an iPhone app that successfully connects to the API and parses the JSON and displays the correct content on the iPhone. The API resource URLs are as follows
http:/mysite.com/api/pics
http:/mysite.com/api/pics/username
I'm currently hard coding the username into the above URL from within the iPhone app and there is no authentication at all. I would like these URLs to require the user to be authenticated.
My website allows logging in via the /accounts/login provided by Django. However, the code redirects the users to their profile on the website, so I'm assuming I can't just use this URL in an asihttprequest from the iPhone.
So, if I want to log a user in, using the Django's built in authentication system, what URL should I be pointing them to. Also, once the user is authenticated I know that I'm supposed to use "is authenticated" and "challenge" for any "protected resource" in piston. I've seen code snippets that define these functions but I'm not sure where and how to implement them. I'm used to using a decorator that just says #login_required.
if you followed the instructions at: http://yml-blog.blogspot.com/2009/10/django-piston-authentication-against.html then looking at the example applications urls.py file https://bitbucket.org/yml/django-piston/src/dfb826a31ca8/examples/blogserver/api/urls.py you will see that authentication is passed to the resource handler.
If you've done this there is no need to use a decorator :)
My WebApp needs to authenticate user before allowing any sort of access. The scenario I'm trying to implement is a login page with username and password fields. Once user hits "send" button, a sign like "Verifing..." should be shown up while an RPC call verifies credentials. In case of success, load the main app screen.
What is the best way to implement that?
Have you looked at this page ?
It describes how to do the following:
Create a 'login' page that is based
on user/password authentication.
Store this data in a secure fashion
on your server.
Allow users to 'remain logged in' for
as long as you want so they don't
have to enter their user name and
password every time.
Make 'auto-complete' features of most
modern browsers work with your GWT's
login page. Discussion on adding more
security with either HTTPS or fancy
hashing algorithm.
I'm not sure how well secure your application has to be... but I would suggest leaving that piece of work to spring security.
You could make a regular login.html page which would, upon successful login, redirect user to the "real" gwt app.
Check out this article:
http://code.google.com/webtoolkit/articles/security_for_gwt_applications.html
Not tailored directly for GWT (can still integrate with it), this is a great tutorial for implementing a secure login system.
http://drdobbs.com/web-development/231002659
I have created a web application and now I want to create an iPhone version of it. As a first step, I want to login a user using his username and password. I have a simple login page with fields for username and password. Now I want to send these credentials onto my site (lets say, www.abc.com/login) and authenticate whether the username and password is correct or not.
I need some help in this as I am not an experienced iphone developer. I just need to know how to send the credentials to my site url.
Any help or sample tutorial in this regard will be highly helpful to me.
Go get ASIHTTPRequest as it is a great framework for any network connectivity you do. the you can simply use POST or use the method they have provided for authentication.
See the section titled "Handling Authentication" here for code samples and docs
better make a canvas and call that page of webapplication..
I'm working on an iPhone app that ideally uses OAuth to communicate with Twitter. I know a lot of people are doing the OAuth workflow inside of their apps using a UIWebView, but I don't agree with that and am going with the Pownce approach.
The problem is, Twitter has this whole scheme for working with desktop apps, using a pin number. When I register my app with Twitter, they have a web form asking me if I'm a desktop or web client. If I choose desktop client, when I try to have the user authorize, I can set the oauth_callback parameter but Twitter will ignore it after authorization and show a pin number. If, on twitter's form, I specify that I'm a web client, it requires me to enter a URL to redirect to after authorization. And, since I'm using an iPhone app-specific url scheme, their web form fails on validation as it only seems to accepts URLs conforming to the HTTP protocol.
So, it seems like I'm stuck - I can't say "desktop" because I don't want to bother with a pin, and I can't say "web" or I can't use an iPhone app URL. Any solution to this?
From your question:
I know a lot of people are doing the OAuth workflow inside of their apps using a UIWebView, but I don't agree with that and am going with the Pownce approach.
The Pownce article suggests that quitting your application and opening Mobile Safari to perform the authentication step is problematic, and that they started receiving bad reviews from users for doing it that way. They also experienced a failure rate of around 40%.
Pownce's solution is to use a UIWebView within your application instead, so I have a feeling you may have misinterpreted their recommendations. That being said, they do label this as a "naive" solution and go on to suggest a bunch of theoretical "ideal" solutions.
Another point you might not realise is that desktop applications (using the "out of band" / pin number method) and web applications need to open the Twitter site in either an embedded or external browser.
So you've got two choices on the iPhone:
Open up twitter.com in a UIWebView, specifying no oauth_callback parameter or oauth_callback=oob to start the pin-based out-of-band flow. The user then needs to copy the pin using the iPhone's copy-paste functionality, manually close the UIWebView, and paste the pin into your application. The pin can then be used converted to an access token.
Do it how everyone else is doing it (UIWebView + custom-uri://foo.bar in the callback parameter).
For obvious reasons, the first option is pretty crap and really only useful on platforms where Twitter is unable to redirect to a custom URI.
A simple solution may be to create an HTTP page that always sends a 301 redirect to your custom URL scheme and then provide that HTTP URL to the twitter web API.
Aside from that, Nathan's answer is very complete.
Here's how I do it: tell Twitter you're a web app, and make up any old HTTP:// URL to satisfy Twitter during registration of your oauth client.
Then in your app, pass the URL you want to in the callback parameter. Twitter (in my experience) uses the one you give it.
You could use an intermediate website for the authentication. Your app creates a unique id (hardware based?) and stores it. It then records it has sent the user for authentication and sends the unique id to your website. It then redirects the user to your website. Your website then sends the user to Twitter using oAuth. The user returns to your website and you mark the unique id as authenticated and store the authentication information. The user restarts the app on the iPhone, it reads it has sent the user for authentication and contacts your website with the unique id - and reads in the authentication information.
Long winded and needs another website, but it should work.