I am developing an iOS application with user authentication via a AWS Cognito user pool (with email/password authentication).
The initial Xcode project and source code was generated by the AWS MobileHub code generator (that is no longer available).
It contained the AWSMobileHubHelper framework, an AWSMobileClient, and a few view controllers and storyboards related to authentication (like SignInViewController, UserPoolForgotPasswordViewController etc.)
(Since then, I moved to using the Serverless framework, so I no longer rely on the MobileHub "managing" my AWS resources - but the code structure of the Xcode project for the authentication parts is still the same.)
Now, it seems that MobileHubHelper is no longer maintained (the Podfile referencing older AWS SDK versions - although "deprecated" is not explicitly mentioned).
Also, the code generator has been removed from the MobileHub console.
Now, there are multiple "auth"-related repositories / SDKs, like
AWSCognitoAuth
AWSAuthCore
AWSAuthUI
AWSUserPoolsSignIn
I'm lost.
I want to be able to modify the UI, and keep the option to add Facebook or Google authentication at a later date.
The steps described in the Cognito User Pools tutorial differs significantly from the ones in the "Mobile App Development" tutorial - and both don't really match the structure of my (generated) code.
The CognitoYourUserPoolsSample and CognitoAuthSample are different again.
What do I need to do to upgrade my authentication code and UI from the AWSMobileHubHelper-generated code to the latest AWS SDKs?
Second issue: I used AWSUserFileManager from MobileHubHelper to upload user files - what do I use now?
Related
I've been tasked with adding a "Sign In with Google" button to an iOS app. For background, I'm a contract developer doing work for a customer, and I do not own the app in question.
I did a quick search for how to do this, but the only answer I could find involved "set up a project in the Google API console" followed by "add a GIDSignInButton to your layout".
I do not have access to the app owner's Google Developer account (or know if they even have one), and I certainly do not want to "set up a project" in my own Google account that is associated with a customer's app.
Furthermore, the iOS project I'm working with does not currently have any third-party library integrations (no Swift packages, no CocoaPods, no workspace file) and I strongly prefer to keep it this way.
Is it possible to do Google authentication using a standard OAuth process (i.e. open a web page, and handle the redirect after authentication completes)? I have done other OAuth integrations this way so I know how it works.
Thanks,
Frank
Yes, you can sign-in using OAuth without using an SDK. Here are the instructions.
You will be required to setup a project and configure it's OAuth settings. This manages how your app will appear to users and implements OAuth security controls. No way around this, so you'll want to work with your Google Cloud administrator to gain access to an existing project or create a new one.
My iOS app currently offers users the option to log in and sign up with their LinkedIn accounts. I am using this project for the LinkedIn log and OAuth: LinkedInOAuth
With the update to iOS 9, my app now occasionally crashes, when a user attempts to log in through LinkedIn using that project, with a runtime exception of WebThread(18): EXC_BAD_ACCESS(code=1, address=0x8)
To resolve this occasional crash, I turned to an updated version of the project I was using that conforms to ios 9 and linkedin's ios 9 SDK.
The issue is that while this new project has solved the WebThread crashing, it now requires users to download LinkedIn's app (if they don't have it) in order to log in to my app with LinkedIn.
The previous project never had such requirements and would present a webview that allowed anyone with a linkedin account to log in.
My question is am I wondering if it is possible to authenticate with LinkedIn in ios 9 without requiring the user to download the mobile app? My hopes are that it is possible to update the old project to conform to ios 9 while simply presenting a webvew. Thank you!
We only discussed this last week (at the time your question didn't have an answer, but happy to update you now—that is, if you haven't solved this in the meantime).
After scouring several sources I came across this:
Mobile vs server-side access tokens
Presently, there is no mechanism available to exchange them. If you
require tokens that can be used in both the mobile and server-side
environment, you will need to implement a traditional OAuth 2.0
solution within your iOS environment to acquire tokens that can be
leveraged in both situations.
from: https://developer.linkedin.com/docs/ios-sdk-auth
The premise being that via mobile solutions, they offer single sign-on thru their app. This works, but requires their app. Apple's approval process has swung both ways on this, and it appears that it is a flip of the coin as to whether they will allow this or not (the requirement of a third party app). #AroundThen didn't have any luck and his app was rejected due to the requirement, however, other users* have indicated Apple weren't adverse to it in their application processes.
Alternatively, their is the web logon process using OAuth2. This is pretty stock for their non-mobile solutions. Currently sharing the tokens between mobile and web solutions is not a default and if you want to share the same token their solution is that that is listed above.
In essence (and copied from my other answer here):
You can test for the presence of the linked-in app:
if it is not there: implement OAuth2 directly through your app
if it is there: use it or your OAuth2 implementation (which you'd probably err on the side of using their app for the link-ability between any features of the app you may need in yours).
Thereby avoiding the REQUIREMENT to have the app installed, but utilising it if it is.
This suggests that authentication away from the app is supported.
Reportedly, #AroundThen has had success with this process.
Good luck!
*1 I'm currently having trouble finding his post, but basically he provided login credentials that Apple attempted to use, but had locality issues and hence couldn't get in, but it was inferred they may have approved it if they had of.
I've taken over development of a Google Analytics API dashboard for a content management platform, and upgraded the code to use OAuth2 as the older oauth was disabled recently. The authentication flow and subsequent API calls are all working fine on my localhost for development.
The problem is when trying the code from a different domain. Google wants the redirect_uri to be whitelisted through the developer console, and if it isn't there, it throws Error: redirect_uri_mismatch
As this is a self-hosted (+ open source) package, people will be able of installing on their own servers, there is no way I'll be able of adding all possible redirect_uri values to the app key in the developer console.
After a bunch of Googling and trying to understand the docs, I get the impression there are 2 possible solutions.
Instruct users to go to the Google Developer console, and to create an app key of their own, before also going through the OAuth2 flow within the distributed app to provide the code access to the data in Google Analytics.
Use a redirect_uri value of urn:ietf:wg:oauth:2.0:oob with an Installed App key, instructing people to copy/paste the code back into the self-hosted app after authentication.
Neither of these are really appealing as it adds a bunch of complexity for the user (though option 2 sounds mostly doable). Are there other options, or am I simply overlooking something simple?
You actually don't have any choice in this matter. You must go with nr 1. When you state this is a dashboard and web application it leads me to believe this is some kind of scripting language. This means that the client id and client secret will be displayed to your users / customers. This is against googles terms of service.
Changes to the Google APIs Terms of Service Asking developers to
make reasonable efforts to keep their private keys private and not
embed them in open source projects.
You may not release your client id and client secret to your users they are going to have to create there own. Which nicely solvers your redirect URI problem they have to make there own.
Further reading Can I really not ship open source with Client ID?
Is it possible to use the AWS mobile services (Cognito, Analytics, etc) without linking all the SDK in an Xcode project?
Background:
* While I am not new to AWS nor mobile programming, the following case is challenging:
We are shipping a mobile "framework" (not app) that uses our AWS for some parts (Authentication, logs).
And, as the AWS SDK has to be linked in the app project itself, this will require us asking all the clients (developers) to download and link it in their own projects.
What is used in the framework is just one request for authentication and one for logging (success/failure, disconnection), so no need for all the SDK.
I wonder if there is a possibility to request AWS services without linking against the SDK?
I know it's possible to put then under an umbrella SDK, or do some cherry picking from their git repository, but both of these seem like overkill.
As the request itself is a simple URL with Get/Post, is there a possibility (or tutorial) on constructing the request manually via NSURLConnexion/NSURLSession, etc?
Thank you
Talking to the AWS APIs is actually not that hard. The main difficulty is signing your http requests, and that's not nearly as bad as it sounds. Which leaves xml parsing accounting for most of the unpleasantness.
I've done it in go. The most informative part is probably the signing tests.
Indeed, it is possible. You will have to code calls to AWS at the REST level. Everything you need is in the documentation of AWS.
For instance, if you needed to execute actions on EC2, here's what you'd have to code:
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#structure-of-a-get-request
You can call the HTTP APIs directly. Since the AWS Mobile SDK for iOS and Android are open source, you can look at them directly. Find the AWS Mobile SDK for iOS Source on Github, and the AWS Mobile SDK for Android on Github. Since you mentioned you need authentication request on iOS I am guessing you're looking for the Cognito Identity in AWSCore source.
I'm building a web game, and I'd like to make use of google's game services such as high scores. When I do this using the client_id of my api console project, it tells me that there is no app linked to this api consumer.
In the Google Play games publisher console, it says that my game is linked to my apis console project, but when I create a linked app, it still asked me to create a new oauth2 consumer id and secret. So I did it, entering the exact same name project name, and now I have 2 api console projects with the same name. I had the original proejct configured with other apis I use.
Do I need to just delete my original apis console project, and just configure the new project, the same way I had the original project configured? Or is there a way to use an existing apis console project and associate that with a linked app?
Also, if the game information in the game publishing console tells me that the game has been linked to the original project, why doesn't it just associate the linked app with that project, and the oauth credentials that it had obtained?
Really basic and you probably have, but have you enabled the Google Play Games Services API in API access?