I have a News Webserver where registered user can get RSS News. I want to build an iOS application use to get News from my webserver but i don't know how to manage acc in iOS application. How can i save logined user on iDevice ( store on .plis file, Core Data ....???, store real usr/pass or store encode user/pass), how can i verify stored user/pass with my Webserver? Anybody can help me :(
PS:
My current way:
In my iOS app:
+ User input usr+pass.
+ usr+pass send to webserver. If usr+pass is valid, webserver return token string(is encode string of usr+pass).
+ If webserver return token string, store token string into .plit file, else do notthing.
When user press "Get News"/
+ iOS send token string to webserver to verify. If valid return News of this usr acc, else return null.
How can i improved my current way to enhance security?
What you want to do is store your user's username in the applications preferences. See NSUserDefaults. You aren't allowed to store the user's password as plain text. What you should do instead is store it in the Keychain. See this guide for more information: Keychain Services Tasks for iOS.
Related
So I am building a restaurant app and one of the features I want is to allow a user of the app to see photos from a particular restaurant's Instagram account.
And I want a user to be able to see this without having to login to their Instagram account, so they shouldn't even need an Instagram account for this to work.
So I have read this answer How can I get a user's media from Instagram without authenticating as a user?
And I tried what it said and used the client_id(which I recieved when I registered my app using my personal Instagram account), but I still get an error back saying :
{
meta: {
error_type: "OAuthAccessTokenException",
code: 400,
error_message: "The access_token provided is invalid."
}
}
The endpoint I am trying to hit is :
https://api.instagram.com/v1/users/search?q=[USERNAME]&client_id=[CLIENT ID]
So do I absolutely need an access token for this to work(and thus have to enforce a user to log in) ?
If I do, then is there way to generate an access token somehow without forcing the user log in?
I believe there is a way around this, as the popular dating app Tinder has this desired functionality I am looking for, as it allows you to see photos from people's Instagram account without having to log in! (I have just verified this 5 minutes ago!)
Any help on this would be much appreciated.
Thanks.
Edit April 2018: After facebook privacy case this endpoint is immediately put out of service. It seems we need to parse the JSON embedded in <script> tag directly within the profile page:
<script type="text/javascript">window._sharedData = {"activity_counts":...
Any better ideas are welcome.
You can use the most recent link
GET https://www.instagram.com/{username}/?__a=1
to get latest 20 posts in JSON format. Hope you put this to good use.
edit: other ways aren't valid anymore:
https://www.instagram.com/{username}/media/
Instagram used to allow most API requests with just client_id and without access_token, the apps registered back in the day still work with way, thats how some apps are able to show instagram photos without user login.
Instagram has changes the API specification, so new apps will have to get access_token, older apps will have to change before June 2016.
One way you can work around this is by using access_token generated by your account to access photos. Login locally and get access_token, use this for all API calls, it should not change, unless u change password,if it expires, regenerate and update in your server.
Since the endpoints don't exist anymore I switched to a PHP library -
https://github.com/pgrimaud/instagram-user-feed
Installed this lib with composer:
composer require pgrimaud/instagram-user-feed "^4.0"
To get a feed object -
$cache = new Instagram\Storage\CacheManager();
$api = new Instagram\Api($cache);
$api->setUserName('myvetbox');
$feed = $api->getFeed();
Example of how to use that object -
foreach ($feed->medias as $key => $value) {
echo '<li><img src="'.$value->thumbnailSrc.'"></li>';
}
I am using playgameservices sdk for unity in my game. However, I am not able to get the email id of logged in user on iOS. Do I need to define any permission while initialising the playgamesserviceplatform class? Please let me know the correct procedure to get email id.
Thanks
I found this link that might be helpful. Below is the process described in the link
In order to access the player's email or access token, you need to configure a web app associated with your game in the Play Game Console. If your game does not use a custom back-end application, you can set the launch URL to be https://localhost.
Copy the client id from the web application and enter it in the setup dialog for this plugin. This will configure the correct permissions and settings needed to access the email address and access token.
To get the email:
Debug.Log("Local user's email is " +
((PlayGamesLocalUser)Social.localUser).Email);
To get the access token:
Debug.Log("AccessToken is " +
((PlayGamesLocalUser)Social.localUser).accessToken);
To get the id token:
Debug.Log("IdToken is " +
((PlayGamesLocalUser)Social.localUser).idToken);
NOTE: The email and access tokens are only available on the UI Thread. If you need to get these from the non-UI thread, you can use the helper function RunOnGameThread:
GooglePlayGames.OurUtils.PlayGamesHelperObject.RunOnGameThread(
() => { Debug.Log("Local user's email is " +
((PlayGamesLocalUser)Social.localUser).Email);
// use the email as needed
});
Ok, so what I am trying to do is a bit odd, so I can't find anything that gives me even a remote idea about how to do this.
I need to access my personal profile posts:
FB.api("/" + myPersonalUserId + "/feed", {limit: 5}, function(data){
console.log(data);
// do stuff with my user info
});
in order to display them on my personal webite, similar to a dynamic blog. But I want it to automatically retrieve these posts without my having to be signed in on each computer that wants to view my site.
Before you get sidetracked on the init, I am using an app and app id that my personal user account has verified access to all permissions.
I know it will require the use of an access token, but how do I get a valid access token without being logged into that computer?
Honestly, I'm starting to question if it is even possible, but if anyone knows how I could accomplish this, that would be awesome!
The best way to achieve this is to just cache the data in your own database and refresh it whenver the user uses your App again.
If that´s not good enough, you have to generate and store an Extended User Token. How to create one is explained in the docs:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Extended User Tokens are valid for 60 days, there is no User Token that is valid forever. And you should never use Tokens directly on the client, because some user could just copy it from the source. Tokens are meant to be secret, so use it on the server only. You don´t need to use the PHP SDK, a simple CURL call to the Graph API will do it:
https://graph.facebook.com/[your-app-scoped-id]/feed?access_token=[extended-user-token]
Ok, so I found a solution similar to the one above, but offers a permanent access token.
first, build a url:
url = 'https://graph.facebook.com/v2.5/' + {app user Id, not public Id} + '/feed';
url += '?access_token=' + {app Id} + '|' + {app secret};
url += '&fields=id,name,message,full_picture,created_time'; // these scopes should be approved by corresponding user
url += '&limit=5';
then run it by calling a simple ajax request. These variables should be served from the server through ajax, not hardcoded on the client
I'm a newbie to app development. I am building a Windows Phone 8.1 app and have followed the tutorial here: http://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-dotnet-backend-windows-store-dotnet-get-started-users-preview/ to add authentication using Facebook. Everything seems to work fine, except that every now and again it appears to stop bringing back any data from my Azure database. Further investigation revealed that the UserId that is being shown from the code below, changes periodically (although I can't quite work out how often it changes).
// Define a member variable for storing the signed-in user.
private MobileServiceUser user;
...
var provider = "Facebook";
...
// Login with the identity provider.
user = await App.MobileService.LoginAsync(provider);
// Create and store the user credentials.
credential = new PasswordCredential(provider,
user.UserId, user.MobileServiceAuthenticationToken);
vault.Add(credential);
...
message = string.Format("You are now logged in - {0}", user.UserId);
var dialog = new MessageDialog(message);
dialog.Commands.Add(new UICommand("OK"));
await dialog.ShowAsync();
This code is identical to the code in the tutorial. The Facebook app settings (on the Facebook developers site) confirm that I am using v2.3 of their API so I should be getting app-scoped UserIds back. I have only ever logged in with one Facebook account, so I would expect the UserId to be the same each time, but they're not. The UserId is prefaced with 'sid:', which someone on the Facebook developers group on Facebook itself says stands for Session ID, which they would expect to change, but if that's the case, I can't work out where to get the actual UserId from that I can then store in my database and do useful things with. I'm sure I must be doing something basic wrong, but I have spent hours Googling this and cannot (unusually) find an answer.
Any help would be greatly appreciated.
Thanks!
So dug deeper. This is how Mobile Apps work (I was thinking from a Mobile Services perspective). The issue here is that the Gateway doesn't provide static SIDs, which is what User.userId provides. The work around to this is listed in the migration doc.
You can only get the Facebook AppId on the server.
ServiceUser user = (ServiceUser) this.User;
FacebookCredentials creds = (await user.GetIdentitiesAsync()).OfType< FacebookCredentials >().FirstOrDefault();
string mobileServicesUserId = creds.Provider + ":" + creds.UserId;
You should note, that this Id is directly connected with your Facebook App registration. If you ever want to migrate your App to a new Facebook App, you'd have to migrate them. You can also use the Facebook AppId to look up the user's global facebook Id via the Facebook Graph API, which you could use between applications. If you don't see yourself using multiple apps, etc., you can use the Facebook AppId just fine.
Hard to tell what's going on to cause you to use a SID instead of the Faceboook token (which like Facebook:10153...).
It may be faster to rip out the code and reimplement the Auth GetStarted. Maybe you missed a step or misconfigured something along the way. If you have the code hosted on github, I can try to take a look.
Another thing you can do is to not trust the user to give you their User id when you save it to a table. On your insert function, you can add it there.
function insert(item, user, request) {
item.id = user.userId;
request.execute();
}
That should, theoretically, be a valid Facebook token. Let me know if that doesn't work; can dig deeper.
I don't get it with the Dropbox API.
I got an app with CoreData. The user can choose if he wants to upload the SQlite file to Dropbox. So i made a settings tab where he can de-/activate the Dropbox sync and enter Dropbox username and password. (Yes, I know that Dropbox doesn't want to store the password).
The SQLite file should be uploaded, if the user changes anything.
So I don't need an ViewController for Dropbox functions.
What I want is something like a DropboxHelper class (NSObject), with a function like
+ (void)uploadFile;
In my Dropbox account, I created an App. The App Key and App Secret I use in my AppDelegate:
DBSession* session = [[[DBSession alloc] initWithConsumerKey:#"KEY"consumerSecret:#"SECRET"]autorelease]; <br>
[DBSession setSharedSession:session];
[session release];
For the upload I need a DBRestClient. In my upload function I test if the session is linked. If not, login the user:
if (![[DBSession sharedSession]isLinked]) {
[self.restClient loginWithEmail:#"USERNAME"
password:#"PASSWORD";
}
But the session is always linked?! And I have to init the DBRestClient like this:
restClient = [[DBRestClient alloc] initWithSession:[DBSession sharedSession]];
So what I don't get:
I need the APP KEY and APP SECRET to use the API (so its the API Key)?
How do I login the User if the session is already linked? (I don't want to use the DBLoginController for login)
If I don't init the session in AppDelegate, how can I init the DBRestClient with a session?
Is it generally possible to use the API like this? Without a Viewcontroller and use NSObject instead?
https://www.dropbox.com/developers/reference/bestpractice covers this.
Never handle user login and password information. All application authentication is done using tokens exchanged via the Dropbox mobile app or website and the methods described in the authentication tutorial.
Another way to say this is that Dropbox does not want to put users in the position of trusting an app developer with their passwords.