Is it possible to force "https only" in my Back4App app? - back4app

When the webhosting option is activated for an app in Back4App, getting a subdomain like http://someapp.back4app.io, if you access someapp.back4app.io http is used by default instead of https.
Regarding to this I only found https://blog.back4app.com/2017/11/09/parse-server-best-practices/ but that speaks only about checking via javascript the http/https protocol in every page/function/api-endpoint, and redirecting if it's not https, quite tedious.
Is there a way to globally redirect any http request to my Back4App pages to https?

I checked with the Back4app's Support Team and, in that case, it's possible to do only on Dedicated Plans. For more info, I kindly ask you to contact them.

Related

Google OAuth Developer Verification Form with private home page

I have "unverified app screen" when I request access to Google accounts.
To get rid of it I want to fill out OAuth Developer Verification Form. But, I got some problems with that due to some restrictions on my environment.
There is a field:
Homepage URL for your app *
The problem is that in my application my home page is not accessible publicly. Usually, it can only be accessed using VPN connection.
For push notifications, I use different URL that only handles them, but for the UI there is no access from the world without VPN. I was thinking of overcoming the issue and have a few ideas, but I'm not sure whether they will work.
Inform Google of restricted access to the home page via this field:
Is there any other information you can provide that will be useful?
However, this approach might not work due to the fact that it's not said that I can omit to specify the home page.
Find out what addresses google requests homepage from and to allow access to it from those addresses. But, firstly it's insecure and secondly, it's still a question how to get these addresses.
Make some static resource stub page and place it somewhere where I can provide access. For instance, I can put it near privacy policy file that is publicly accessible.
Is there a more suitable way of addressing this issue or some of these options might still work?

iOS - Venmo API integration: Web Redirect URL

I'm trying to register my App on Venmo's developer site so that I can properly use their API, but I'm stuck trying to figure out what the required "Web Redirect URL" field is for. According to the docs, it says it is the following:
Venmo will redirect your users to this address. Must be formatted like
http(s)://www.example.com/example_redirect_url
As far as I could gather this was a URL scheme that would allow Venmo to redirect you back to your app after payment processing was completed on their side, but in researching how to set up a URL scheme the format is something like "[scheme-name]://", not "http://...."
The other thought I had was that this was just a url that contained a server-side or javascript redirect to that aforementioned URL scheme, but that seems like an unnecessary extra step. I also have a few other theories on what it could be, so I'm really just not sure which one it is...
I was running into the same problem. If your website is deployed you can use the redirect that your hosting service provides you. If you're not deployed then you can set it localhost.
Example: http://localhost:8000/auth/venmo/callback

Not using embedded WebKit (OSX App) to perform oAuth2 - possible?

I would like to move away from using the provided WebKit for oAuth2 in an OSX App. This means that I'm (AFAIK) restricted to only two Redirect URL's:
1) http://localhost
2) urn:ietf:wg:oauth:2.0:oob
Being on the mac, I would ideally like to have redirect URL such as myApp://something, but this is rejected by Google as an "invalid URL" for use as redirect.
(2) is not an option as it requires the user to copy/paste a code from the browser. Yik.
I see I can offer a custom port (so I could write/employ a small HTTP server at some port to answer the callback), but is there an easier way (e.g: custom URL scheme above, would be perfect)?

Instagram API: how can I have multiple redirect_uris for a single app?

I'm quite familiar with OAuth 2 for other providers, but haven't used it for Instagram before.
Like many developers, I have multiple domains where my app may run, eg:
http://www.foo.com/oauth2callback
https://www.foo.com/oauth2callback
http://localhost:3000/oauth2callback
https://localhost:3000/oauth2callback
Other OAuth 2 providers I have used, eg, Google, allow multiple entries in a redirect_uris parameter.
However Instagram only seems to allow a single Redirect URI parameter per registered app.
Can I have multiple redirect URIs for a single Instagram app or do I have to register multiple apps, each with a different redirect URI?
With Instagram apps that I have created, I have created a separate app per place I want to redirect to, although I haven't discriminated by ssl. I then load the api credentials into the app based on the environment it is running in.
It is a pain that you have to do that, as Instagram also restrict you to 5 registered apps per account too. It would be useful to be able register multiple redirects for that reason. But on the other hand, it would be just as good, for me, to not be restricted to the number of apps you can create (I've got more Twitter apps than I even remember creating!).
It looks like now you can set multiple Redirect URL(s) when you register/edit a Client in Instagram:
I think this is one of those scenarios that you feel back in the Atari.
anyway, I found useful doing this one:
edit your hosts file (in unix based OS: /etc/hosts)
make sure you add a line like this:
127.0.0.1 registeredomain.com
Where registeredomain.com is the domain you have in instagram as your production return uri.
In this way your app will return uri to registeredomain.com that is equivalent to localhost in your local machine, accepting the login.
btw: why? why? why? why instagram, why you have to force one return uri? any reason for that?

Handling an oAuth flow from local HTML files?

I've got a local HTML + Javascript file that consumes a JSON API. I'd like to authenticate users via Facebook, but I'm not sure if that's possible -- does anyone have experience with this? I'm unsure of how the redirect (back from Facebook) would be managed when we're serving from a file:// context.
Just do it! :)
And you'll see.
PS
Maybe you should encode some characters like ":", "/" etc
Unfortunately, it won't work from a file:// context for a couple reasons:
In most modern browsers, Javascript cookies won't work with the file:// protocol, which is how you would probably authenticate your users. This can be solved by hosting the page using http:// from localhost.
In order to log a client in using facebook, you need a registered facebook app, and to register your facebook app, you have to give facebook a static domain where your app will be hosted. This is to ensure that requests for your app come from your domain and not from an attacker residing at a different domain.
Last but not least, because your users have to authorize your app on facebook.com, you also need to specify a redirect url after their successful login, which would be very challenging to circumvent.
it won't work under file:// context.
as James said, authentication through facebook requires your have a hosted web page and also register your site as facebook app; and also , facebook will need to redirect the browser to a so called "callback" url, which must be a http:// web page.
you can choose to host your webpage in a local web server instead

Resources