I am experimenting with an iOS app that utilize a REST API (ASP.NET MVC Web API) and I want users to be able to logon/register using either:
Username and password (default)
Facebook authentication
I have setup the iOS Facebook SDK and users can logon/register using it.
When a user register with Facebook, what access token should be used to bind it with the REST API account? AKFAccessToken or FBSDKAccessToken?
Haven´t found any tutorials where an iOS app and ASP.NET MVC Web API is combined. If anyone knows where I can find one that would help a lot.
If I am going at this problem completely wrong please correct me, I am still trying to wrap my head around it.
I will mention in details the best practice I know.
The server have the facebook App ID (special ID for the app given from facebook when you register your new app).
You send the FBSDKAccessToken for the server
the server will encrypt the FBSDKAccessToken with the app id as a key and return to you the result named 'AccessKey'.
You save the accesskey and use it as a relation with the server from now on.
This way, no one can know the userFBID since u encrypted it and you didnt share your facebook app ID since it should be a secret.
Hope this helps!
I want to do the verification like google Authentication in Android. First How my android app do like below
The token was issued by server.
The token was sent to a device that was being operated by the person identified.
The token was obtained by the Android app identified by the Client ID.
I found some Documents related to This but I don't know how to achieve this kind of security authentication in IOS. is their any way to do with out using google authentication in ios. Is there somethings similar for iOS from Apple, where I can get a ID token signed by Apple when Apple will observe that the iOS app and the client?
I found some Links on Google but no use Please any body guide me how to achieve This.
I'm using oAuth2, and I have a project in my google API console with an iOS client and a Web client registered.
I'd like to auth in from my iOS app, and have my web backend retrieve an access token so it can do the heavy processing work with the Google api.
I've tried following these instructions which are for android: https://developers.google.com/accounts/docs/CrossClientAuth
But I keep getting an invalid scope when I assign the scope as:
oauth2:server:client_id:MY.WEB.CLIENT.ID:api_scope:http://www.google.com/m8/feeds/ https://mail.google.com/ https://www.googleapis.com/auth/plus.login
Anyone successfully implement a similar set up for iOS? If so please explain or share documentation? What libraries or SDKs did you use to get the code from google on the iOS app that the web backend could use to generate a proper access token of it's own?
As of June 18th, the google iOS SDK 1.7.0 supports one-time authorization code which is consistent with the Android feature: https://developers.google.com/+/release-notes/
I tried to create a testing client id for an android app which uses OAUTH 2.0 as login for retrieving user profile. I followed the steps to complete the creation of the client id on google console, but I do not see anywhere the client secret. I'm trying to help my employer with getting google credentials for it's app. I know how to implement OAUTH 2.0 in android, but I need client secret to exchange the code with access token.
First, I selected "Google+ API" from Services tab.
Then followed the on screen steps from API Access tab.
It seems that Google finally ditched the unnecessary client_secret for installable applications and is not yet up-to-date with their documentation.
You should check if you already get an access_token in the initial OAuth request like it's handled on Facebook.
Another possibility would be to fall back to using a Simple API Access key.
Update:
First method seems to not work with Google.
The recommended way for Android is to use AccountManager instead of baking your own requests. Follow this example to see how this is implemented and how you get an AuthToken using a Simple API Access key. Instead of using the Tasks API you can then include the OAuth2 API library to retrieve the userinfo.
Click on "Download JSON "
Is it what you're looking for ?
Since almost everything from the accepted answer has been deprecated, I thought I'd share what I've found.
I needed the People API which requires a client secret. What Google recommends for using People API with Android is,
Select the application type Other, enter the
name "People API Quickstart", and click the Create button.
Found here: https://developers.google.com/people/quickstart/java
(Step 1 part e)
So if you need a client secret, you might consider using the Other type. Of course, follow the documentation for your specific API first.
Just today I found out that on the new Cloud Console we can see the client secret for android apps - while in the old google console we just can't.
To use the new Cloud console, just click on the message "We are improving the experience. Try the new Cloud Console." Google will ask for a SMS confirmation. Now you'll be redirected to the new cloud console
Now, just select your project, click on "Registered Apps" on the left menu, selected your android app, and voilá, on oAuth 2.0 Client Id you'll see your client secret. No idea why on the old google console it's not displayed, but if you really need a client secret key, it's there.
Now that the type Other is unavailable, I used type Desktop since I wish to upload using Visual Studio which is a Desktop app. That worked, I got the client id and client secret.
When you update any changes in the credential, make sure you could see the client ID and secret in the dashboard before downloading.
Google cloud takes at the least 10 seconds to regenerate the client id and add it in the json.
Once json is downloaded you can check for client_secret to be present.
source said that :
Visit the Google Developers Console to obtain OAuth 2.0 credentials such as a client ID and client secret that are known to both Google and your application. The set of values varies based on what type of application you are building. For example, a JavaScript application does not require a secret, but a web server application does.
Another solution is that you have to create a client ID with the type of "Installed Application" then you will have the Client secret
Do we hav Paypal API for Blackberry as like the iPhone and Android. I have android PayPal API here https://www.x.com/community/ppx/xspaces/mobile/mep.
But i cant able to find it for Blackberry.
Please help me whether paypal transfer can be made in Blackberry or not.
Try by using this sdk https://www.x.com/community/ppx/sdks#WSDL
As far as I know there isn't a BlackBerry specific Paypal API.
So to get around this, we just launched the browser to the Paypal link. From there they could enter their Paypal credentials and pay as if they were using a desktop browser. It's not as clean as using an API though.
If you're looking for a cleaner solution, you could try creating a Paypal API wrapper for example using PHP, which is used by a proxy page. Then in the BlackBerry, use standard HTTP requests to send GET/POST requests to the proxy page. The proxy page will in turn use the wrapper you created to set up payment for you and your customer. This way you won't necessarily have to leave the application.