Storing credentials with Siesta framework - iOS - ios

Wanted to give to Siesta a try and I've started using it within a side project.
I was wondering if any of you have got any advice about storing the login credentials (either username+psw or just the token) and how these have been integrated within the API structure proposed by Siesta.
Did you simply use the KeychainItemWrapper? Something else worth sharing?
Thanks ;)

Related

iOS + Django Database Login Function

I am really stuck and I need your help.
I am working on my web and iOS application. I used also Django to save users to database.
Login function is already working on my web (HTML) but I really don ´t know how to create function to iOS app (Swift).
I enclose also screens of Api HTML and Swift Code. Now it's working only with Facebook. User can sign in using Facebook and order something using iOS App.
I would really like to do the same but with Login Function (not using FB). I hope you can help me. I don't know how to do it and I've read a lot of web.
I would be really glad to you if you can help me.
Please HELP !
Thank you so much.
Image 1 - HTML Urls
Image 2 - Apis
Image 3 - Forms
Image 4 - social_auth_piplines
Image 5 - Models
Image 6 - Swift Apis
This is very broad. There is a lot of questions that need to be answered before I can provide a solid answer but I'll give you an idea on what you have to do.
API
First of all you need an api that serializes the data from your database so it acts as a layer between your app and backend. If you are using Django then take a look at Django Rest Framework which will help you achieve that.
Networking Framework
After setting up your api you need a networking layer in Swift to help you communicate with your api. You can use Swift's URLSession or you can download Alamofire to make things a bit simpler. What a networking layer basically does is fetch the json provided by your Django app and changes it to a Dictionary so you can use it.
In your django Application, you are to specify restframework Authentication to Token. You can get more info about token with django rest auth.
In your iOS.What you need to do is create an AuthServices model. Now in your AuthServices model, you create your login function.
For your login function I assume you are very familiar with Alamofire so you make an API request which would take your parameters and your header which I assume contains a token should also be specified.
Keep your server running and run the application locally if you wish and take username and password with text fields. This should help you go on with it.

How to handle authentication when creating an app that uses Firebase REST

I'm trying to create an application that needs to use a backend. That backend will be used to sync an app created (initially) for iOS, macOS, watchOS. Hope to expand after.
Firebase looks like a nice tool to do that, but it only has so many SDK's. I'd like to unify the codebase as much as possible to utilize code reuse.
Seems like their REST API is the way to go: I just create a framework using REST and we're off: https://firebase.google.com/docs/database/rest/start
However, their authentication doesn't seem to support REST.
How do I get around this limitation? What should I do to get a valid auth token that Firebase will understand?
Please keep in mind that I'm not very experienced with web stuff and even after reading a lot of articles, I'm still confused about how to exactly approach this. For example, this user had a similar concern, but I'm not exactly understanding the answer.
Firebase now officially supports REST API:
https://firebase.google.com/docs/reference/rest/auth/
You can query the Firebase Auth backend through a REST API. This can be used for various operations such as creating new users, signing in existing ones and editing or deleting these users.

Is it possible to substitute a server backend using Dropbox?

I am developing an iOS application (to be deployed on the App Store) that requires content updates on a weekly basis.
I understand that the best way to achieve this would be to use a server, where the app would query for new data and download responses in JSON. However I am not knowledgeable when it comes to HTML, PHP or MySQL and therefore am endeavoring to find an alternative.
Here's an idea: using Dropbox to substitute for a server backend. My app connects to one central Dropbox account, checks for new files, and downloads them if present.
Is this idea feasible? If not, are there any alternatives?
Dropbox cannot be a dependable substitute for your server/backend for following reasons:
Dropbox uses OAuth for authentication, which needs user interaction. You do not want your app users to go through Dropbox authentication with your 'common' credentials.
Users who have a Dropbox account or the app installed, will most likely use their own credentials to login which completely breaks your flow.
Drobox, although a good way of sharing and syncing files is not meant for more meaningful data like web services etc or user/database interaction etc. Just syncing JSON file may suffice your app's needs for now but from a long term perspective you want a proper back end.
As suggested in the comment by #tkanzakic you can use one of the substitution services if you don't want to get too technical on the backend.
I am pretty late to the party, but this is possible and not necessarily a stupid idea (though this depends on what you need). You might want to have a look at remote storage for example, which allows you to use Dropbox among other providers as backend.
For sure, you can use the Dropbox Sync API to achieve this (https://www.dropbox.com/developers/sync).

How do I use external auth via MVC API from iOS?

Background: I'm trying to use social oath providers to sign up and sign in on an iOS app. I believe MVC's API is the right way of doing this, but I have a few holes.
The MVC API has a GET /Account/ExternalLogin API call that returns valid external login providers, (often social) login options.
How should I use this from iOS?
Additional parts to this question:
I'm not familiar with the x-auth-token header but I think I'll need to use this in combination with the JSON payload itself. How do I use this?
Buried in the payload is a double encoded URL that I can use with something like GTM oAuth. Is this something I need to decode twice before I use it?
GTM oAuth library looks like a candidate library to use to help out.
Is ExternalLogins the right place to start? If I try and login from the app then the app needs to know client secrets and the like. Shouldn't these be managed safely in the API?
I'm happy to refine this question if it's not up to scratch before you reject it.
Thanks!

exposing part of my parse.com api to other developers via ouath 2.0

It's now trivial to create a web app that sits atop Parse.com. Now that I have this webapp, I want to expose parts of it to other developers via an oauth accesible api. So, they can develop an app that lets my site users 'give them permission' via oauth and they can now access the api.
How would I start going about doing this?
Update: After #Mubix response, I felt the following clarification would help
Currently I am accessing Parse from the server via a REST api, to get around any javascript security issues re:api keys etc. So, the api would be served of a server other than Parse. Also, the server code is in javascript / nodejs. I came across https://github.com/jaredhanson/oauth2orize which seems a likely candidate, was wondering how others are doing it and if anyone has actually gone a further step and integrated Parse access.
Hmmm .. Intereesting question!
Legal:
First of all their ToS doesn't seem to prohibit what you are trying to do but you should read it carefully before you start.
Implementation:
While parse doesn't provide feature to build your own APIs you could implement something yourself. You could treat the third party developers as users of your app. And you can use the ACL to control access.
Problems:
I don't see any way to implement oAuth entirely within parse.
How will third party apps access your API? Ideally you would like them to use a REST interface but with the parse.com REST API you won't be able to manage access to different parts of your data.
Conclusion:
It seems like too much trouble to implement the API entirely within parse. I would suggest that you write a thin API layer that takes care of auth and uses parse as the backend. You can use one of the service side libraries available for parse. eg. PHP Library, Node Parse.

Resources