I'm using Firebase Authentication in my iOS app, where the users signs up and logs in with an email and password.
If a user wants to change their password at some point, how can I set that up? I'm assuming that I need to connect an existing Firebase method to a UITextField. Any help/guidance is much appreciated!
Firebase Auth has a method called updatePassword (https://firebase.google.com/docs/auth/ios/manage-users#set_a_users_password):
Auth.auth().currentUser?.updatePassword(to: password) { (error) in
// ...
}
You'd probably want at least a UITextField (possibly two if you want to have them confirm the value), check that it meets any requirements you may have about being a certain length, including certain characters, etc (you probably have the same logic in your initial signup screen) and then a UIButton that triggers the updatePassword flow. Presumably since you've already set up your initial login you're comfortable adding these items to a screen and attaching actions to them.
Related
I working on an app that is designed to be protected from unauthorized access (like, for instance, bank apps do). There are two protection options: by using biometrics (default one) and by user password. I wonder, what the best practices are to handle the situation when a user forget thier password.
I'm thinking to prompt user to enter device PIN in order to remind them the password, but I can't figure out how to do that.
I guess it really depends on exactly how sensible the information is and how you're currently storing/validating the password. But assuming your threat model is okay with a user being able to get access back just with the current device password, you could use the keychain API (not the friendliest of APIs) and store some kind of flag. When adding such item you would use SecAccessControlCreateFlag.devicePasscode which will always prompt the user for their iPhone passcode before accessing such entry. So say the user needs to reset it, if you're able to access the keychain entry, you know they entered the right device passcode and thus you should allow them to reset their app password. The main caveat would be that the user disabling their passcode or not having one would invalidate your flag so they would be locked out forever if they ever forget their app password. Of course there's a lot of additional nuance to the Keychain like whether the items get synced to other devices or not, when it's available, etc. but hopefully this is somewhat useful.
the reason I am asking this question is because I am not using firebase or parse to create accounts. I have used my own code to use CloudKit to login and so on. My question is, after the first time opening the app, and the user making an account, how can I make sure that the following time they open the app, it bypasses the login page? And then, if they logout, the next time they open the app, it takes them to the login page. How can this be done.
TL;DR how can I track whether or not a user has been logged in, and then open the app to a 2 possible scenes based on whether or not they are or are not logged in.
Firstly, you could keep the user sign in data (like a returned authkey, or a boolean flag) in the Defaults for the app.
Secondly, you could make a "Loading View" where you would check if that data is present.
Lastly, if the data isn't present move him to the login view, else to the main app.
Lets say I have a social network (example: http://www.icloud.com/ ). There are 2 textfields on that website: E-mail, password.
I want to make an app for the website where you can login directly from the app. On the app i have 2 text fields and a button (email, password, login). How can i pass the app's email textfield content to the email textfield of the website? Same goes for the password textfield.
You could even take FaceBook as an example. They have a website (ofc), but how does the app on the iPhone work? Is it something similar to what i said, or does it work in a completely different way?
I used parse in the end:
https://parse.com
Now parse decided it's going to stop being active from 2017.
Alternatively you can use Firebase:
https://www.firebase.com
If you know any alternative services to parse, you're welcome to write them down as a comment. ;)
OK. I suspect I just need to be directed to the appropriate "M" for "RTFM." I'm not new to iOS, but fairly new to keychain use. I am using a good keychain wrapper called "FXKeychain."
I have an app that includes a login, with a password stored in the default keychain.
I use TouchID to validate the user and fill in the password.
In order to do this, I display a "thumbprint" button, with an IBAction handler that runs the standard code:
self.s_authenticationContext.evaluatePolicy(LAPolicy.DeviceOwnerAuthenticationWithBiometrics, localizedReason: "Yo. Gimmie ur thumb.", reply: self.touchIDCallback)
The issue is, that once it is unlocked, subsequent touches of the button, using the above, skip the alert, and simply fall through.
This is an issue because the same button is displayed, even after the user is validated. I'd like to either:
Re-lock after entering the password, so the user must re-authenticate each time (preferred), or
Display a different button image that indicates the thumbprint is no longer necessary.
That means that I need to:
Find a way to re-lock the TouchID, or
Find out if the user is unlocked.
Any ideas?
Thanks!
It is your authentication context rather than the keychain that is 'unlocked'. If you allocate a new authentication context before calling evaluatePolicy then the touchID dialog will be shown again.
You can, however, actually use touchID to authenticate access to a keychain item directly. The Apple sample code demonstrates how to do this - https://developer.apple.com/library/ios/samplecode/KeychainTouchID/Introduction/Intro.html#//apple_ref/doc/uid/TP40014530-Intro-DontLinkElementID_2
I'm developing an app in which I want to give the user the option to be logged in with Twitter. My problem is that I want to check if the user is logged before given access to certain functions. Say I have a view and I want to show different content depending on the users is logged in or not. I know I can log the user in when opening the app, but I don't want to show the login screen every time if the user choose not to log in. (I'm using the Twitter+OAuth/MGTwitterEngine framework).
How can I set up a control like that? Any tips is appreciated!
Seems like you would want to save the authorization token in NSUserDefaults. Then, on launch, you would check for that token
if (![[NSUserDefaults standardUserDefaults] objectForKey:#"whatever_you_call_your_auth_token") {
//send the user to twitter login
} else {
//set isLoggedInViaTwitter:YES
}
So if you have a boolean value like isLoggedInViaTwitter, and you set that to YES or NO based on whether the auth token is present in NSUserDefaults, you can use the value of that to determine what content to present in your views.
I'm new but I hope this helps to some extent. If I've misunderstood your question, please let me know.