I'm doing a small project to prepare for server linking, but I'm trying to save the token in Userdefault! I don't know how to code.
var headers: [String: String]? {
switch self {
case .signIn:
return nil
case .renewalToken:
guard let token = UserDefaults.standard.set("userID", forKey: "signIn") else{
return ["Authorization": "Bearer " + token]
}
default:
guard let token = UserDefaults.standard.set(<#T##value: Any?##Any?#>, forKey: <#T##String#>)
return ["Authorization": "Bearer " + token]
}
}
This code can be obtained by putting it in the code below using the header, but I don't know what to do with the token
func get(_ api: TargetType) -> DataRequest{
return AF.request(baseURI + api.path, method: .get, parameters: api.parameters, encoding: JSONEncoding.prettyPrinted, headers: api.headers, interceptor: nil)
}
First of all you should not store sensitive information into the user defaults. I would recommend you to use keychain. It's highly secure.
There are several Libraries which give simple and easy to use interfaces of keychain
SwiftyKeychainWrapper is one of them:
https://github.com/jrendel/SwiftKeychainWrapper
Update -
You need to access user default values using following code:
let token = UserDefaults.standard.string(forKey: “keyName”) ?? “”
Note: if token doesn't exist then you can just navigate user to the Login screen for authentication and regeneration of token.
Related
I'm attempting to access an api using my username and api key. An example they give, which I believe is .NET, is:
Public Sub GET_Products()
Dim request As HttpWebRequest = WebRequest.Create("https://api.ssactivewear.com/v2/products/?style=39")
request.Method = "GET"
request.Credentials = New NetworkCredential("YOurCustomerNumber", "YourAPIKey")
Try
Dim response As HttpWebResponse = request.GetResponse
Dim StreamReader As New StreamReader(response.GetResponseStream())
Result = StreamReader.ReadToEnd
If response.StatusCode = HtppStatusCode.OK Then
Products = serializer.Deserialize(Of List(Of Sku))(Result)
Else
End If
Catch ex As Exception
End Try
End Sub
I've used the following to test the request for a response:
guard let url = URL(string: "https://api.ssactivewear.com/v2/products/") else { return }
let username = "myusername"
let password = "myapikey"
AF.request(url).authenticate(username: username, password: password).responseJSON { response in
print("Request: \(String(describing: response.request))")
print("Response: \(String(describing: response.response))")
print("HeaderFields: \(String(describing: response.request?.allHTTPHeaderFields))")
if let json = response.value {
print("JSON: \(json)")
//self.responseText.text = "JSON: \(json)"
}
if let error = response.error {
print("ERROR: \(error.localizedDescription)")
//self.responseText.text = "ERROR: \(error.localizedDescription)"
}
}
This fails authentication because no authentication header is sent. I believe I read this is expected behavior but didn't find a solution.
create APIMiddle class:
class APIManager
{
class func headers() -> HTTPHeaders
{
let headers: HTTPHeaders = [
"Content-Type": "application/json",
"Accept": "application/json"
]
return headers
}
}
your api call:
let request = AF.request(path, method: .post, parameters: params, encoding: JSONEncoding.default, headers: APIManager.headers(), interceptor: nil)
request.responseDecodable(of: UserModel?.self) {(resposnse) in
let user = resposnse.value
print(user)
}
Alamofire's authenticate method adds a URLCredential to the Request which is used to respond to server challenges. If the server never sends a challenge for those credentials, the credentials will never be used. api.ssactivewear.com appears to use HTTP Basic auth, which should work fine, but I couldn't find any specific documentation about that. There may be other requirements to properly make a request to the API. I suggest you investigate those requirements as well as the actual network traffic being sent to see what's actually happening.
How to translate my login user URLSession code into Siesta framework code? My current attempt isn't working.
I've looked at the example in the GithubBrowser but the API I have doesn't work like that.
The issue is that the user structure is kind of split by how the endpoint in the API I'm consuming works. The endpoint is http://server.com/api/key. Yes, it really is called key and not user or login. Its called that by the authors because you post a user/pass pair and get a key back. So it takes in (via post) a json struct like:
{"name": "bob", "password": "s3krit"}
and returns as a response:
{"token":"AEWasBDasd...AAsdga"}
I have a SessionUser struct:
struct SessionUser: Codable
{
let name: String
let password: String
let token: String
}
...which encapsulates the state (the "S" in REST) for the user. The trouble is name & password get posted and token is the response.
When this state changes I do my:
service.invalidateConfiguration() // So requests get config change
service.wipeResources() // Scrub all unauthenticated data
An instance is stored in a singleton, which is picked up by the configure block so that the token from the API is put in the header for all other API requests:
configure("**") {
// This block ^ is run AGAIN when the configuration is invalidated
// even if loadManifest is not called again.
if let haveToken = SessionManager.shared.currentUser?.token
{
$0.headers["Authorization"] = haveToken
}
}
That token injection part is already working well, by the way. Yay, Siesta!
URLSession version
This is bloated compared to Siesta, and I'm now not using this but here is what it used to be:
func login(user: SessionUser, endpoint: URL)
{
DDLogInfo("Logging in: \(user.name) with \(user.password)")
let json: [String: Any] = ["name": user.name, "password": user.password]
let jsonData = try? JSONSerialization.data(withJSONObject: json)
var request = URLRequest(url: endpoint)
request.httpMethod = "POST"
request.httpBody = jsonData
_currentStatus = .Unknown
weak var welf = self
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
handleLogin(error: error, message: "No data from login attempt")
return
}
let jsonData:Any
do {
jsonData = try JSONSerialization.jsonObject(with: data, options: [])
}
catch let jsonDecodeError {
handleLogin(error: jsonDecodeError, message: "Could not get JSON from login response data")
return
}
guard let jsonDecoded = jsonData as? [String: Any] else {
handleLogin(error: error, message: "Could not decode JSON as dictionary")
return
}
guard let token = jsonDecoded["token"] as? String else {
handleLogin(error: error, message: "No auth token in login response")
return
}
let newUser = SessionUser(name: user.name, password: "", token: token)
welf?.currentUser = newUser
welf?.saveCurrentSession()
welf?._currentStatus = .LoggedIn
DDLogInfo("User \(newUser.name) logged in")
loginUpdate(user: newUser, status: .LoggedIn, message: nil, error: nil)
}
task.resume()
}
Siesta Version
Here is my attempt right now:
func login(user: String, pass: String, status: #escaping (String?) -> ())
{
let json = [ "name": user, "password": pass]
let req = ManifestCloud.shared.keys.request(.post, json: json)
req.onSuccess { (tokenInfo) in
if let token = tokenInfo.jsonDict["token"] as? String
{
let newUser = SessionUser(name: user, password: pass, token: token)
self.currentUser = newUser
}
status("success")
}
req.onFailure { (error) in
status(error.userMessage)
}
req.onCompletion { (response) in
status(nil)
}
}
Its sort of working, but the log in credentials are not saved by Siesta and I've had to rig up a new notification system for login state which I'd hoped Siesta would do for me.
I want to use Siesta's caching so that the SessionUser object is cached locally and I can use it to get a new token, if required, using the cached credentials. At the moment I have a jury-rigged system using UserDefaults.
Any help appreciated!
The basic problem here is that you are requesting but not loading the resource. Siesta draws a distinction between those two things: the first is essentially a fancied-up URLSession request; the second means that Siesta hangs on to some state and notifies observers about it.
Funny thing, I just answered a different but related question about this a few minutes ago! You might find that answer a helpful starting point.
In your case, the problem is here:
let req = ManifestCloud.shared.keys.request(.post, json: json)
That .request(…) means that only your request hooks (onSuccess etc.) receive a notification when your POST request finishes, and Siesta doesn’t keep the state around for others to observe.
You would normally accomplish that by using .load(); however, that creates a GET request and you need a POST. You probably want to promote your POST to be a full-fledge load request like this:
let keysResource = ManifestCloud.shared.keys
let req = keysResource.load(using:
keysResource.request(.post, json: json))
This will take whatever that POST request returns and make it the (observable) latestData of ManifestCloud.shared.keys, which should give you the “notification system for login state” that you’re looking for.
I'm trying to get sms from twilio service but keep getting this error.
Request:
func SMSRequest(countryCode:String, phoneNumber: String) {
let accountSid = "ACc4d9785419f144412823ff2034660c3d"
let authToken = "a2293a42841f8999caa237er363" // changed
let phoneNumber = "+14243960339"
let toNumber = "+37378847884"
let url = URL(string: "https://\(accountSid):\(authToken)#api.twilio.com/2010-04-01/Accounts/\(accountSid)/SMS/Messages")
print("url", url!)
let parameters = [
"From": phoneNumber,
"To": toNumber,
"Body":"Hi daddy"
]
Alamofire.request(url!, method: .post, parameters: parameters,
encoding: JSONEncoding.default, headers: [:]).responseJSON { response in
let response = String(describing: response.result.ifFailure({
print(response)
if let data = response.data, let utf8Text = String(data: data, encoding: .utf8) {print("Data: \(utf8Text)")}
}))
}
}
Error:
<TwilioResponse><RestException><Code>21603</Code><Message>A 'From' phone number is required.</Message><MoreInfo>https://www.twilio.com/docs/errors/21603</MoreInfo><Status>400</Status></RestException></TwilioResponse>
All the credentials I get from here
Solution:
use utf8 encoding.
Twilio developer evangelist here.
It's important to note that, even though you have solved your problem, you are building a fundamentally insecure application. I left this comment on your other question, but I need to point it out here too.
We do not recommend that you make requests to the Twilio API directly from your native application. To do so, you would need to store or retrieve your account SID and auth token in the application somewhere. If you do this, then a malicious attacker could get access to your credentials and abuse your Twilio account.
This is actually known as the Eavesdropper vulnerability and was written about earlier this year.
Instead we recommend that you create a web application and send the API requests from there. There is a blog post on how to do that here: https://www.twilio.com/blog/2016/11/how-to-send-an-sms-from-ios-in-swift.html
Update for Swift 4 - you don't really need to specify encoding, just leave it as a default.
Regarding the Twilio answer, they shouldn't say that people "shouldn't" make requests to their API, but rather remove that functionality per se and make a proper authentication service on their SDK. For now this works as the best solution I found.
let accountSID = "BOB"
let authToken = "BOB'S PASSWORD"
let url = "https://api.twilio.com/2010-04-01/Accounts/\(accountSID)/Messages" as URLConvertible
let parameters = ["From": "SENDER", "To": "RECIPIENT", "Body": "Hello world!"]
Alamofire.request(url, method: .post, parameters: parameters)
.authenticate(user: accountSID, password: authToken)
.responseString { response in
debugPrint(response)
}
I have requested the current user and from the user have requested the saved tracks of the user. When making the call to the api it succeeds and I am able to convert the response into a Spotify track object, but when I access the fields of the object the values come back as the default values. I parsed this response in the same manner as I did to get the current user but it didn't work this time. Any ideas on the cause?
let savedTracksRequestHeaders: HTTPHeaders = [
"Authorization": "Bearer " + accessToken!,
]
let params = ["limit": "1"]
var userSong = SPTTrack.init()
Alamofire.request("https://api.spotify.com/v1/me/tracks", method:
.get, parameters: params, headers:
savedTracksRequestHeaders).responseJSON { response in
print("Saved Track Response")
debugPrint(response)
do {
// executes with no errors
try userSong = SPTTrack.init(from: response.data, with:
response.response)
print("user songs")
// when the variable is used all fields are default
// values
print(userSong.popularity)
} catch is Error {
print("load songs failed")
}
}
We are using PayPal future payments in our IOS app. We need to know email ID of the account that has authorized future payment. How can we fetch email ID of the user who has authorized future payment. Current API operation for approval returns only authorization token.
I'm assuming by "future payments" you're referring to Preapproved Payments..??
Setup an IPN solution and make sure to an IPNNotificationURL in your Preapproval API request. The IPN will include more details about the transaction including the payer email address.
Here is a list of the variables you can expect from a Preapproval profile getting created. You'll notice the "sender_email" parameter, which is what you'd be looking for.
Here's a sample of an actual IPN I got in the sandbox after processing a Preapproval request.
Array
(
[max_number_of_payments] => 100
[starting_date] => 2015-03-01T00:00:21.000-08:00
[pin_type] => NOT_REQUIRED
[max_amount_per_payment] => 20.00
[currency_code] => USD
[sender_email] => guy.louzon-buyer#gmail.com
[verify_sign] => AFcWxV21C7fd0v3bYYYRCpSSRl31AiHQSQchSGUInXdtl6zomfkZ7H4C
[test_ipn] => 1
[date_of_month] => 0
[current_number_of_payments] => 0
[preapproval_key] => PA-2M0807730Y425554F
[ending_date] => 2015-12-31T23:59:21.000-08:00
[approved] => true
[transaction_type] => Adaptive Payment PREAPPROVAL
[day_of_week] => NO_DAY_SPECIFIED
[status] => ACTIVE
[current_total_amount_of_all_payments] => 0.00
[current_period_attempts] => 0
[charset] => windows-1252
[payment_period] => 0
[notify_version] => UNVERSIONED
[max_total_amount_of_all_payments] => 2000.00
)
Ichathan, you'll want to utilize the Profile Sharing feature of the mSDK to get the customer attributes and pass in the Future Payment scope within that to also gain consent for those. The available scopes you can use for Profile Sharing are listed out in the PayPalOAuthScopes.h file of the iOS SDK.
This answer is correct but not detailed.
The Profile Sharing Mobile Integration allows the user to consent to future payments as well as gets email and other information in one login flow. Here's the snippet we used:
func profileController() -> PayPalProfileSharingViewController {
PayPalMobile.preconnectWithEnvironment(PayPalEnvironmentSandbox)//PayPalEnvironmentNoNetwork)
let scope: Set<String> = Set([kPayPalOAuth2ScopeEmail, kPayPalOAuth2ScopeFuturePayments])
let controller = PayPalProfileSharingViewController(scopeValues: scope, configuration: self.paypalConfiguration!, delegate: self)
return controller!
}
func payPalProfileSharingViewController(profileSharingViewController: PayPalProfileSharingViewController, userDidLogInWithAuthorization profileSharingAuthorization: [NSObject : AnyObject]) {
self.processAuthorization(profileSharingAuthorization)
}
func userDidCancelPayPalProfileSharingViewController(profileSharingViewController: PayPalProfileSharingViewController) {
self.delegate?.didFailPayPalConsent()
}
func processAuthorization(authorization: [NSObject: AnyObject]) {
if let authCode = authorization["response"]?["code"] as? String {
self.delegate?.didSucceedPayPalConsent(authCode)
}
else {
self.delegate?.didFailPayPalConsent()
}
}
Edit: The mobile controller gives you the auth token that has permissions for profile information, but you have to make another call from your server side code for that information:
https://developer.paypal.com/docs/api/#get-user-information
This is how I did it.
The profile sharing Paypal Profile Sharing gives us the Auth Token
This particular delegate function gets called
func payPalProfileSharingViewController(profileSharingViewController: PayPalProfileSharingViewController, userDidLogInWithAuthorization profileSharingAuthorization: [NSObject : AnyObject]) {
self.processAuthorization(profileSharingAuthorization)
}
After authToken we need to hit some server side APIs . We can achieve this through app side as well. I have hit server side apis from client side
First step is to make a basic Auth Request it will return us a Refresh as well as Access Token. Get Access Token
func generateAccessToken(authCode : String ,block : completionHandler){
let parameters = ["grant_type" : "authorization_code", "response_type" :"token","redirect_uri" : "urn:ietf:wg:oauth:2.0:oob","code":authCode]
let username = AppConstants().kPayPalUserName //APP_ID
let password = AppConstants().kPayPalSecret
let credentialData = "\(username):\(password)".data(using: String.Encoding.utf8)!
let base64Credentials = credentialData.base64EncodedString(options: [])
let headers = ["Authorization": "Basic \(base64Credentials)"]
let customerURL = AppConstants().kPayPalUrl
Alamofire.request(customerURL,
method: .post,
parameters: parameters,
encoding: URLEncoding.default,
headers:headers)
.validate()
.responseJSON { response in
switch response.result {
case .success(let value):
KVNProgress.dismiss(completion: {
block?(true, value as! Dictionary<String, Any>) // get the accessToken
})
// BasicFunctions.displayAlert("Success", needDismiss: false, title: "Task Created Successfully")
case .failure(let responseError):
KVNProgress.dismiss(completion: {
if (responseError != nil) {
BasicFunctions.displayAlert(SERVER_ERROR)
// let json = JSONSerialization
// block!(false,responseError as! Dictionary<String, Any>)
}else{
BasicFunctions.displayAlert(SERVER_ERROR)
}
})
}
}
}
Using the access Token we need to hit another CURL request and it will give us all the user information Get User Profile Information
Now using this request we can get complete user info. The access Token was generated from Basic Auth Token
func getUserProfileInfo(accessToken : String,block : completionHandler){
KVNProgress.show()
let parameters = ["":""]
let headers = ["Authorization": "Bearer " + accessToken]
let customerURL = "https://api.sandbox.paypal.com/v1/identity/openidconnect/userinfo/?schema=openid"
Alamofire.request(customerURL, method: .post, parameters: parameters, encoding: JSONEncoding.default, headers: headers).responseJSON { (response) in
switch response.result {
case .success(let value):
KVNProgress.dismiss(completion: {
block?(true, value as! Dictionary<String, Any>)
})
// BasicFunctions.displayAlert("Success", needDismiss: false, title: "Task Created Successfully")
case .failure(let responseError):
KVNProgress.dismiss(completion: {
if (responseError != nil) {
BasicFunctions.displayAlert(SERVER_ERROR)
// let json = JSONSerialization
// block!(false,responseError as! Dictionary<String, Any>)
}else{
BasicFunctions.displayAlert(SERVER_ERROR)
}
})
}
}
}
Note : Make sure in your app settings in Paypal You have allowed access to email or other user information
Disclaimer : This project was only for a POC so I am not sure whether we are violating the PCI compliance by hitting server side APIs from client side