Stange question, I'm looking to create an app for the company I currently work for which will hold all passwords for the software and platforms we use. I would like to be able to create some kind of login or authentication without connecting to the internet or using a post to HTTP.
Is this kind of thing possible? Even if I was to keep it to one username and password across the board. Or is it going to be better to only distribute to people that I know?
The only reason I want to do this is so that when downloaded from the App Store it would be only engineers that could login.
Thanks in advance!
For this you can add json file that contain all the data of the users for initial state and for user registration you can use core data. But you want to syncing with registered data and json file you need to fire silent api call to server.
Related
My goal is to prevent users of multiple login in. I do not want this to be client-side, with like the onDisconnect and onConnect values, but with a server check. I came across this answer:
How to prevent simultaneous logins of the same user with Firebase?
Which tells me to create a custom auth system. When I am following the docs (https://firebase.google.com/docs/auth/ios/custom-auth) I need to "Copy this file to your authentication server" (3c). How would I do this? I am just using Firebase and my little iOS app. I would like to manage everything on these 2 things, no server in between, is this possible? Or can this file only be uploaded through another server?
If above things are not possible, how can I server check if the user really signed in? I am using Cloud Functions, but I did not came across a trigger for a user signing in. Please no answers with onDisconnect/onConnect, I want it server side. A user may NOT login if he is already logged in. Thanks :)
Implementing custom authentication requires that you have a secure place to mint the custom token that identifies each of your users. You cannot do this securely with only client-side code, because that would mean everyone could claim to be whoever they want.
While you can use Cloud Functions for Firebase to implement a secure back-end without spinning up your own server, I highly recommend against doing that just for the purpose of preventing a user to sign in from multiple locations.
It's important when talking about security to split these two steps:
Authentication - a user proving to be who they are
Authorization - the authenticated user being able to use your app
There very seldom is a reason to keep a user from proving who they are. Your concern seems to fall onto keeping them from using the app from multiple locations. To do that, it's probably easier to track for each user where they are using the app from already using Firebase Database's presence system.
Also see:
How to handle multiple connections of the same user on Firebase?
Android - How to detect same user from multiple devices?
How to prevent same user logging in from different devices ? My app is paid , so I dont want credentials to be shared
I have an iOS app using Swift that uses Core Data to store user data on thousands of objects. I also have FB Auth working. My question is, how do I make it so that the user data would persist even when they switch phones and log in using FB on a separate phone? It doesn't seem that FB will offer me such data persistence. I'm looking at making a server on Heroku with Vapor. Then I could use the user's e-mail as a way to identify the user... but it doesn't seem secure?
Any suggestions on easiest solution?
Checkout Firebase... Instead of using e-mail to authenticate users, you should deal with tokens. Firebase will provide you a great data flow in easiest manner.
I'm building an iOS (Swift) app that needs realtime chat as part of the functionality. While Parse works well for push, data storage, etc..., it doesn't support realtime. I would like to use Firebase for the realtime support, but need help authenticating to Firebase using a Parse user. I really don't know where to start with this. Any help would be greatly appreciated.
The question is pretty vague so a definitive answer is not possible: here's a thought.
Firebase and Parse are two different companies and therefore require separate authentications.
If your users have a username/password type authentication in Parse, you could use the same data in Firebase and authenticate through code. i.e. User creates a new account in Parse, and an account is created in Firebase via code. When the user authenticates to Parse, it also authenticates to Firebase via code.
There are a LOT of design elements to consider in going this route: how do you create a firebase user (in code) without your app authenticating itself as a 'super' user? Hard code credentials? That may be a security issue.
Are you going to keep two sets of user data? One in Parse and one in Firebase? What if a user needs to reset their password or account. As you can see, it can get out of control rather quickly.
You may want to consider sticking with one platform to simplify the entire process. By the sound of at least one of the requirements, Firebase can do much of what Parse can do but also give the real-time updates you need.
I'm working on an iPhone app that is logging into a webservice and it's been asked of me to get the account login management into the settings page (i.e. next to Twitter, Facebook and Vimeo). From what I've been reading about the accounts framework, it appears that only those few companies have that ability.
I currently have it set up and working asking for login info periodically and polling the webservice for validation, but we're trying to move toward supporting moderately offline use, which means we need to have some sort of account info managed on the phone itself.
Can I use the built-in account framework for our own login credentials or is that not something that's available to a regular dev and I'll have to look for another way to do it on my own? Is that something that the keychain would be better for?
Using the keychain to securely store the users credentials is a good idea to start.
If I am understanding your question about a "built-in account framework", I don't believe there is a local framework for account management on the device itself that I am aware of that would be useful in this circumstance.
I've had to build an app that needed to authenticate to a web service that also needed to have some offline access. I ended up recording the validated authentication date and time in the NSUserDefaults and would let the user use the app for a 48 hours period before they had to re-authenticate. Their data was queued locally and when they had online access again, I would re-authenticate and then sync the data. Not the most elegant solution but it fit the project.
I used AFNetworking (http://afnetworking.com) to track the changes in network access and used to blocks to respond to the changes.
I am building a backend for ios apps, that support login in different networks.
Once the user login in to the network the client tells the news to the backend, and this could offer a list of worlds that the user might play, or even delete old worlds.
One way to steal another person's world is by saying that you are his social network id.
To solve that with facebook, we force the client to send us the fb_token, a token provided from facebook to the client, that we use in the backend to ask facebook if that specific user is the one that he told us to be.
If apple doesn't provide a way to validate this I understand that if an iOS app wants to use game center, it is directly forcing the app developer to also use iCloud because apple can validate the user credentials.
Did apple provide any way to validate user credentials?
The client on iOS can retrieve info about the currently logged in player in GameCenter, which has nothing to do with iCloud.
If you want to use iCloud to authenticate, you might have a different player than the one you wanted.
I think the solution is for the client to retrieve the player info in GameCenter, and send it to your server in an encrypted fashion (say HTTPS), including a timestamp and possibly other dynamic information. This way you'll know that the user info is being sent from the client app itself and there is no man-in-the-middle. That's really the issue that you are struggling with: how to ensure that client-server communication is secure.