I've implemented the Google SignIn code with authentication to access Google Drive and have a sign out button with the following recommended code from Google:
GIDSignIn.sharedInstance().signOut()
However, every time after the first time I run the app, the signIn process no longer asks me for my password.
If I sign in and then press the my sign out button, the next time I press the sign in button I am prompted for a google account and then prompted to allow access to Google drive.
If I sign in and then quit the app without pressing the sign out button, the next time I press the sign in button I receive no prompts and am logged in completely.
This behavior appears to be consistent with Google's statement regarding their quick start code (https://developers.google.com/drive/v3/web/quickstart/ios?ver=swift):
"Authorization information is stored in your Keychain, so subsequent executions will not prompt for authorization."
That is the GIDSignIn.sharedInstance().signOut() sign out command appears to work on Google's end (have to pick a Google account and allow Google drive access on the next login), but not on the iOS end as it appears that iOS has saved the password (presumably in the keychain) and always gives it to Google when I sign in after the first time.
I saw the post for Google Sign Out iOS where Birendra had recommended trying
[GTMOAuth2ViewControllerTouch removeAuthFromKeychainForName:kKeychainItemName];
to remove the password from the iOS Device's keychain.
I have not had any luck finding out how to use that suggestion. Can someone explain how to remove the password information that the user entered using Google SignIn? (Assuming this is what needs to be done to completely log out the user). I'm using Swift.
Normally having the keychain remember the password for Google wouldn't be a problem, but this is an app to collect research data. The subjects will be using their own iOS device (iPhone) and log into the lab's Google account, so we don't want that password to stay in their keychain.
Help is appreciated.
As of the time of this post, you can use the following:
Swift 5
GIDSignIn.sharedInstance()?.disconnect()
Disconnects the current user from the app and revokes previous
authentication. If the operation succeeds, the OAuth 2.0 token is also
removed from keychain.
Related
I'm creating a book library app, where people buy an account and become able to read all the books...
In the past, we were able to get the UDID of the iOS device and the login only works from this specific UDID.. now apple prevents this, another solutions were there like OPEN-UDID but now doesn't work...
Are there any other means to prevent the user from giving the credentials to another people??
The only solution on top of my head now is this :-
When a user login, a flag on the server becomes true, and when another account try to login using the same credentials, it will show an error message "you are already logged in on another device".. when the original user logs out, the flag becomes false.. this will prevent the account from being used on multiple devices at the same time.. but the drawback is, what if the user unInstalls the app without logging out?
Is there a research on this topic that covers all these scenarios?
Is there a way to use apple keychain or iCloud or any other solution ?
What you can do is on new login invalidate api request(and send them to login screen) of previous login you can use device token with each api to check if you want to send data to device or it's a old login token and needs redirect to login. you have to just store a device token for each account login if it matches then send data else redirect to login
Edit 1:
if you uninstall the app then you have to login again from other device to access the books(data) and in each login you'll replace the old token with new one. Now only device which has this new token can access books. All other device if there are any login left in any device then they will get message from API that token not matched and you have to redirect them to login page again
I'm developing a google assistant app, and I have implemented a google sign in with oauth2 code flow.
The thing here is that the assistant is supposed to refresh the access token automagically as stated here. The issue is that whenever my access token expires, I'm asked to link my account and "sign in" again instead of just refreshing the access token.
As you can see en number 1, I previously gave authorization to see me profile, it even greeted me by my name. After an hour or so, the Link to Google button is presented.
When I press the Link to Google button, I'm sent to to a chrome tab, but I don't need to press any button to grant permissions again, it rapidly shows a signing message and goes to google.com as soon as it finishes.
I'm working with AWS Cognito. I have my sign-up flow working just fine. They user fills out their email addresss and password and I create the account in the proper User Pool. I have email verification enabled, and the email is sent and is received in short order. After the Sign Up screen the user is presented with a verify screen to accept the code that was just emailed. Again, this all works great.
What I am trying to understand is:
Once I have a user signed up and verified, in order for the iOS AWS SDK to do it's thing, so I need to then tell the user to go sign in or am I just missing some call that can grab their credentials once they are verified?
My guess is, since we don't know when the user verified themselves, it could be hours later and they could have killed the app and restarted it in that time that the expected flow is to have them sign in again.
Since the app does have the password in memory (NOT stored anywhere on disk) that they used to sign up in the current signup navigation controller/flow I supposed I could just force the sign-in after the verify completes.
I just wanted to make sure I didn't miss something in the SDK or it's docs about this case.
Your understanding is correct, there is no verification flow that will skip sign-in. One option would be to keep the password they used to sign-up in memory and if they verify immediately use that. If they come back some time later or restart the app force them to sign in.
I am using Cordova 3.4.0 along with the official facebook connect plugin link
The issue is that every time user opens the application. He/She has to press login and then it shows the "App already authorized screen" before the user is able to perform any action. How to prevent this addition of an action in the user flow?
I read that it is basically because the access token isn't stored by the plugin. As a result this action needs to be taken again and again. So I have now stored access token using localstorage but unfortunately don't know how to go about using it.
FB.api('/me/friends?access_token="+access_token+"', { fields: 'id, name, picture' },
Using it in the manner above results in an error saying invalid oAuth access token. Even though I placed an alert before this line to ensure that access_token had a valid value. Any help in this regard would be highly appreciate.
Just to rephrase I don't want the user to be asked to press login button every time they open the application.
I am integrating my app with FaceBook on iPhone. When the first time user log's in I would like to ask him to enter the FaceBook credentials, but after than whenever he come back to my app I don't him to show the login screen again. So I have two questions
How does this single sign on works? - it says that if the user is already logged into FaceBook through some other app, FaceBook login screen will not be shown to him, so does the FaceBook gives the same access token and expiry time as it has given to the other app or does it create a new access token and a new expiry time?
So after the expiry time, user will be presented the FaceBook login page again? I really don't want this to happen, is this is way to avoid it.
One solution that i can think of this to make a request with the permission for offline_access, in which case the token will never expire, any other solution guys?