I've my rails app using authlogic for user session, I'm building an iphone-app as client of this site, how can I do with the login\logout\session management?
I know that's a common question but I've tried to look for it everywhere but I can't find anything clear and useful
thanks
You can handle through http authentication, and your server sends back a session cookie which is accepted by the NSURLConnection object. Nothing special in the server side.
You can just mimic the browser behaviour. When your user go to the app and want to login, you can ask the server side for a session. Then, user logins, in your server side, remember the session as already loggined.
Now, you use this session as the way to idenfity the user on the iphone side.
Related
I am working on my first app so I am not so experienced with this stuff yet. I have figured out how to send a POST request url to a php page and process the php to register a new user in the mySQL database or log in to the app by connecting to the database to see if the user exists.
First off, does that seem correct? To just send the request to register a user with text field variables and to log in by checking if the text field information exists in the database or should I be implementing some other ways to do this?
Second, What should I be doing once the user enters in his credentials in order to tell the app that the user is logged in so that if the app closes down and the user goes back to the app, it will automatically log the user back in.
That being said, the way this app is going to work (as of now) is the user will log into the app, and the log in view will go to a different view but then the user can log out and it will go back to the log in view. Once I can tell the app that the user is logged in, I should be able to tell the app that the user isn't logged in anymore.
How you implement your database security is up to you. I would recommend you route your authorization/updates/gets/posts to an API so you don't need a PHP "middle man" (unless the PHP is your API) and you can send requests directly to the API layer and handle the rest on the server.
As for the plain text part, it is a common security practice to encrypt passwords on the database. On the client side, I'd suggest using the Apple Keychain to store the username/password for future use. In iOS, this can be easily implemented using this Keychain Wrapper if you're using ARC or this one if you aren't.
We are developing a hybrid mobile app (code is written in HTML and runs on browser shell as a native app on the device). We need to authenticate the user against an external security manager. I've seen the Gmail App in iPhone which opens a browser to authenticate the user. We are also looking to do something of that sort. We just need to gather your thoughts on how authentication can be done with some external security manager in a mobile app.
Also I noticed that Dailymotion website was able to know if the user is authenticated with Facebook. This looks like a cross domain authentication.
Can you please share your thoughts on how Google and others have implemented it?
What you are looking for is OAuth and OpenID services to federate your login. Depending on the architecture of your system you can implement whichever one you like or even a hybrid of both.
Take a look at this link: Federated Login for Google Accounts
It provides all the useful information you need.
Hmm this question seems old but in case you haven't found an answer here's how I did it with my hybrid apps :
open url on client side with the provider's (facebook/twitter/instagram) url for login
the user logs in and is redirected to the server's callback url (my server is written in nodejs)
once I've got the access token from the provider. I save this token and then create a token for the client to reuse every time the user wants to access a protected ressource.
Download the apk and test it.
If this is what you're looking for you can checkout both the client side code at : https://github.com/malikov/Authenticate.me-client-cordova-ionic
And the server side code at : https://github.com/malikov/Authenticate.me-Node-Server
Cheers
I'm working on a mobile app, and it makes use of a server as a middle-man for various reasons. Since the mobile app never interfaces directly with facebook, the server handles all auth. (It is in Python.) Here's the flow:
The app asks for an auth URL, and the server sends it "https://www.facebook.com/dialog/oauth" with the appropriate parameters.
The app sends the user to the page, they navigate etc. and get to the code...
...which they copy back to the app, which sends it to the server for authentication. (I'm going to factor this step out eventually.
The problem is that that particular URL juts looks dreadful on the iPhone. I've tried to find a mobile version (there must be one, right?) but nothing has come up.
Have you tried requesting "https://graph.facebook.com/oauth/authorize"? You can add "&display=touch" to force the mobile version.
I'm building an iPhone app that, in part, allows the user to log in to, pull data, and post data back to a Wordpress site (more specifically, Buddypress). One way I'm considering approaching this problem is to use a series of UIWebViews to display the mobile-themed version of the site.
Ideally, I want the user to be able to, upon first-launch of the app, input their username and password, and then never have to do it again (functionally similar to tons of other social apps out there, like Facebook, Twitter, etc.)
Here's my question - obviously it is easy to store the user's login credentials, but how do I, in the background, establish an authenticated and persistant session with those credentials each time the app opens, so for the user, they are never presented with a login screen again, and can just use the app like normal?
Does anybody have any suggestions?
WordPress uses XMLRPC to authenticate. You can, on top of the API given, write your own codes to store credentials. Persistent session can then be made.
Read this FAQ : XML-RPC Support for WordPress
For a middleware system with internet (which works inside a set-top box) I want to develop a primitive Facebook interface where users can type their user-names and password, showing their latest notification, messages and other casual stuff on the TV screen by using the recent Facebook Graph API.
This middleware program uses Java ME to run programs (such as this simple facebook app) and it can connect to internet however it doesn't have a real web browser. Without browser it can connect to any url to retrieve the JSON response however I am not sure how to achieve authentication without a real browser.
Under this circumstances, is it possible Facebook authentication? If you think so, what approach would you suggest ?
Thanks
Facebook provides trusted partners with a private Authorization API to get an OAuth 2 token from a username / password.
A more complicated approach would be doing something similar to how Netflix enrolls a device:
device calls server to obtain a Code
device shows code on screen and directs user to go to URL on server and enter Code
server redirects user to Facebook and obtains OAuth token, user told to go back to device
device calls server with Code and obtains OAuth token
device can now make calls directly on behalf of user
According to this documentation on "Desktop Application Authentication" I don't believe your desired result is possible:
Facebook's OAuth implementation does not include explicit desktop application support. However, if your desktop application can embed a Web browser, you can add Facebook support to your application easily using the same OAuth User-Agent Flow used by JavaScript clients.
However, it is clearly possible for certain vendors to do this, since Microsoft's Xbox 360 Facebook application does exactly what you are proposing. I'd be interested to see if anyone has dug up any API for doing this that Facebook doesn't want in their most obvious documentation.
This isn't an answer but I'm trying to do the same thing. Check out this guy's blog which uses another server to proxy the requests:
cory wiles blog
If you figure it out please post a detailed answer here so I can do it to.. :)
I think it is possible though it is pretty complicated and subject to sudden changes of Facebook interface. It might break the agreement between you and Facebook.
What you do is to emulate the Facebook.
One path you have to set up a Facebook application. Once you got the authorisation from user, you can to something with Graph API.
You need to the Facebook log-in process and authorisation process. There are some capturing tools on http/https request and response. Analyse them, both header and body.
Once you know the authorisation mechanism, you can replace it with you own. Everything afterward is on Graph API.
Another path is to emulate Facebook login and message and notification process. Capturing and analysis is needed.
In the past I have used a tool called screen-scraper (full disclosure: I used to work there) to automate logging in to facebook. Basically, it imitates a browser session; it allows you to set session variables (i.e. username, password) which would then be submitted to facebook, just as if the user had submitted them in a browser.
You may not be able to use screen-scraper in your set-top box environment (although it is java-based, so it's possible it would work). Even if it doesn't, you could implement a similar strategy in java, making the HTTP calls a browser would make to load the login page and submit the user's credentials. To keep the user's info safe make sure whatever HTTP client library you use supports HTTPS.
Proxy tools and extensions like Charles, Fiddler2, Firebug, Chrome's dev tools, etc. are helpful in seeing exactly what the browser is sending to the server in requests.