Google Auth in Realm Cloud - ios

I'm trying to integrate Google SignIn into my iOS app that uses Realm to manage users. I’ve signed into Google and retrieved my user. I’m ready to send my token to my Realm Cloud instance to get a SyncUser. I’m on the Authentication page of my Realm Cloud dashboard. I’ve got the JWT tab open.
And I have no idea what the heck to do now. Googling around isn’t helping because I don’t know precisely what I’m looking for.
Please help!
Edit: https://docs.realm.io/platform/using-synced-realms/user-authentication/additional-providers seems to indicate that Realm Cloud cannot use Google or Facebook authentication? That seems crazy.
BUT, that’s actually sort of okay with me, since once I get a SyncUser I “convert” them an object of my custom class YpbUser for my app’s purposes. If I’m storing all the user’s actual usable info in my realm as a YpbUser object, can I just use an Anonymous SyncUser authentication?

Related

Linking Google Assistant with Firebase Auth

I am attempting to connect a Google Assistant app using DialogFlow(Api.AI) with Firebase Auth. My App uses Firebase Auth to maintain user accounts and the realtime database to store data. I would like to be able to make changes to a user's data through the Google Assistant, maybe using something like a cloud function. In order to make any user changes through Google Assistant, I need to link the user's Google Assistant account with their Firebase Auth account. The current mechanism appears to be using an OAuth flow documented here.
The question I have is, what is the best way to accomplish this? Do I need to set up a custom OAuth server? There is a lot of documentation on Google's cloud website about OAuth, but it all appears to be related to using OAuth to access Google's APIs, and I can't really see a simple way to host this linking mechanism in GCP.
There is this question that is pretty close, but the difference I have is that I don't have an external API, I just want to authenticate my user and be able to modify their data in the realtime database.
Thank you for your help!
here is an example: https://github.com/malikasinger1/Quiz-Assistant
i have done it myself with following best practices,
feel free to comment if you don't understand something.

How to persist data across multiple iOS devices accessed via Facebook authentication?

I have an iOS app using Swift that uses Core Data to store user data on thousands of objects. I also have FB Auth working. My question is, how do I make it so that the user data would persist even when they switch phones and log in using FB on a separate phone? It doesn't seem that FB will offer me such data persistence. I'm looking at making a server on Heroku with Vapor. Then I could use the user's e-mail as a way to identify the user... but it doesn't seem secure?
Any suggestions on easiest solution?
Checkout Firebase... Instead of using e-mail to authenticate users, you should deal with tokens. Firebase will provide you a great data flow in easiest manner.

Secure cloud functions in Parse from iOS

TLDR: All I want to do is secure my cloud function in Parse so that it only accepts requests from my iOS app. How can I do that?
Longer version:
I recently got started with using Parse for a client side app I'm building using a Google API.
Before using Parse, my issue was that the Google API calls from my app were not secure. I tried a Man in the middle attack on my app, and I was able to successfully get the bundle id and app id (Google claims some form of security is achieved by ensuring that the call is from the correct bundle id that you can specify on their console). So despite using SSL, seems like it was easy to get this information. Now this Google API is paid, so someone could easily abuse my key when I release my app and raise my bills.
I was anyways also thinking of doing some lightweight work in the backend, so I figured to use Parse. Now the call to the Google API is done in Cloud Code. But a new problem I'm facing is how to secure calls to the Cloud function I've defined in Parse? The Parse App ID and Client Key aren't secure at all.
All of Parse's blogs keep talking about creating users and defining ACLs etc. But in my case, there is no data in my Parse app and there is no user per se. It simply calls the Google API and returns the result. All I want to do is secure my cloud function so that it only accepts requests from my iOS app. How can I do that?
The inherent security risk here is that any key you store in your app is vulnerable, for that reason encryption is also vulnerable. My recommendation is to use the automatic user in Parse on your iOS app, you could even throttle excessive requests/abuse by a single user. By creating and using a user you are able to gain the benefits of ACL which appears the best security option available in Parse currently. At that point you send the automatic user in your cloud code request and verify it's a valid iOS user.

Firebase authentication with Parse user

I'm building an iOS (Swift) app that needs realtime chat as part of the functionality. While Parse works well for push, data storage, etc..., it doesn't support realtime. I would like to use Firebase for the realtime support, but need help authenticating to Firebase using a Parse user. I really don't know where to start with this. Any help would be greatly appreciated.
The question is pretty vague so a definitive answer is not possible: here's a thought.
Firebase and Parse are two different companies and therefore require separate authentications.
If your users have a username/password type authentication in Parse, you could use the same data in Firebase and authenticate through code. i.e. User creates a new account in Parse, and an account is created in Firebase via code. When the user authenticates to Parse, it also authenticates to Firebase via code.
There are a LOT of design elements to consider in going this route: how do you create a firebase user (in code) without your app authenticating itself as a 'super' user? Hard code credentials? That may be a security issue.
Are you going to keep two sets of user data? One in Parse and one in Firebase? What if a user needs to reset their password or account. As you can see, it can get out of control rather quickly.
You may want to consider sticking with one platform to simplify the entire process. By the sound of at least one of the requirements, Firebase can do much of what Parse can do but also give the real-time updates you need.

Google Drive API for iOS: OAuth2.0 with an application-owned account

I'm creating a simple iPhone app. The basic premise is that the app will display some data (That I provide online) on the application. The data changes over time, so the app has to draw the data from online and display it. I don't have a significant programming background so I don't want to use my own server.
Thus, I thought it would be significantly easier to just put the data into some documents on a Google account and then access them programmatically via the Google Drive API. I could then update the data in my Drive account and it would get updated in the application. The key here is that I am ONLY accessing ONE account that I own MYSELF. The users' accounts are not being accessed. Therefore the goal is to never have to log in manually. It should all happen behind the scenes, aka, it should look like a server, not a google doc.
With this in mind, it doesn't make sense to show the Google Accounts sign-in page to my users as the standard OAuth2.0 tutorial shows here:https://developers.google.com/drive/quickstart-ios#step_1_enable_the_drive_api
I should be able to access my own data by somehow hardcoding in my username, password etc. Google agrees here: https://developers.google.com/drive/service-accounts#use_regular_google_accounts_as_application-owned_accounts
The above link mentions a "refresh token" that I'm supposed to save. However, I have no idea how to build and save that token, or even for that matter, where to find it.
I've gone through both the basic tutorial and the Dr. Edit Tutorial for iOS, but they both assume that the application is accessing USER accounts not application-owned accounts.
I'm not asking for someone to write the code for me (though tidbits are nice), but if you can point me to a step-by-step guide or related sample code that would help me get started that would be awesome. I'll even come back and post the code that I use!
EDIT: Since I realized that the Google Drive API wasn't something I could use for what I am trying to do, I eventually found Parse which is an awesome tool that handles all the server backend for me and is free at the basic level.
Google APIs objective-C client library doesn't support service (application-owned) accounts, because they are supposed to be used by a server-side apps, instead of clients -- you shouldn't be distributing your private key as a part of an app.
If you would like to distribute content from a service account, maybe you should write a server leg to do the authentication and pass clients credentials in a secure way for them to talk to the API on the behalf of the service account. Or, use Web publishing to make documents universally accessible without authorization and authentication if privacy is not a concern.

Resources