I have a developer account and I'm developing an app for someone. I want him to be able to change datas in CloudKit so I want to use his iCloud account(He doesn't have a developer account, just personal account). However, i don't know how to differentiate my developer account and his iCloud account.
Thank You
I believe CloudKit's notion of public and private databases may achieve what you need to do. As a reference, I am referring to slide 45 in Apple's WWDC presentation on cloudkit (http://devstreaming.apple.com/videos/wwdc/2014/208xx42tf0hw3vv/208/208_introducing_cloudkit.pdf)
Considering that each app has a container, and that container includes 1 public database (that all users of the app can access) plus a multitude of private databases (one per user), if the data you're storing isn't private, then consider storing it in the public database. You can modify it as needed during development by being logged into your iCloud account, and your client can modify it as well by being logged into his iCloud account. (Apple docs say the public database is stored in the App developer's iCloud space)
If you store the data in the private database, however, it will be written to an instance of the private database belonging to the currently signed-in user. So anything you write would go into a private database instance (which Apple docs says resides in each user's personal iCloud space) and anything he writes would go into his private database instance. Until recently, that was the end of the story. However, now, cloudKit supports CKShare which, in a nutshell, allows a user to grant access to specific shared items inside their private db. So you could still write the data to a private DB but allow access via a CKshare.
Finally, there's another option, but I don't recommend it. In the device settings, you can log out of iCloud and log back in as another user. In which, you're still developing on your device, but you're logged into iCloud as your client. This has many drawbacks, though. First and foremost, credential sharing is always a bad security practice. But, probably a more immediate consequence will be your device will no longer be sharing with/backing up to your iCloud account, but instead with the client's.
It's hard to give more specific advice without better understanding the scenarios you're implementing.
** update based on OP's comment **
I see now. Using the development cloudkit dashboard probably isn't going to work. AFAIK, you must log in with a development account, not just an iCloud account, to use the cloudkit dashboard. So your client won't be able to get in at all, anyway. You could add your client's email address as a member of your development team, which will let them log into your cloudkit dashboard; however, that also gives them access into portions of your iTunesConnect as well. And, it really won't scale to support additional users of your app.
Related
Sorry for maybe a silly question. I want my app to use iCloud for backing up and synchronising user's data, assuming that CloudKit works with user's cloud. However it may not be the case.
I have two cloud accounts: personal and developer's ones. My macOS is logged to the personal iCloud account, so I expected my macOS app to use it. However CloudKit Dashboard shows cloud containers for the developer's account instead.
Also iCloud design guide says "CloudKit provides a way to store data as records in a database that users of your app can share" which implies that the cloud data represent a single instance for all users.
So, which cloud: user's, developer's, or a separate one (designed especially for app containers) is used by CloudKit? It case a separate cloud it used does it count as a developer's storage?
The CloudKit container for your app contains two databases; A public database that is accessible to all users of your app and a private database that is only accessible to the current user.
Individual records in the private database can be shared with another user via a CKShare.
Data that is stored in the public database comes from your app's storage allocation; the amount of storage you get for free depends on the number of app installations.
Data that is stored in the private database is stored in the user's iCloud storage and counts against their storage allocation.
From the CloudKit Quick Start document
An app has access to both a public and private database in each container. The public database is for storing user and app data that is shared between all instances of the app. By default, all users can read the public database, but they need to enter iCloud credentials to write to the public database. There’s a private database for each user of your app, but the app only has access to the private database of the current user. The user has to enter iCloud credentials for the app to read and write to the private database.
Information is also available on CloudKit Overview page - Check the footnotes at the bottom; private storage comes from the user's free 5GB allowance (they may purchase more). Public storage comes from your app's allowance.
I am building an iOS app that is going to be used internally within my company. An administrator wants to be able to give certain employees logins to use the app across multiple devices.
For example, Administrator will assign Employee A and Employee B their own username and password. The app will be installed on Device X, Y, and Z. Employees A and B need to be able to login to any device (say, Device X), do stuff in the app and save their changes, and then login to another device (say, Device Z) and see their changes. Administrator would like to be able to manage the logins within the app (i.e. after entering an administrator password).
I have looked into iCloud Keychain to store the username/password pairs but it sounds like Keychain is meant to only be used with one Apple ID (which I assume all company devices would be attached to one Apple ID so maybe Keychain could work).
In summary, my questions are:
Where can I securely store user login information (if not on Keychain)? Do I need my own server or are there services within the Apple API that would help accomplish this?
How can I utilize the logins from any device with my app?
Are there any APIs or Wrappers that would simplify this process? I found Locksmith but I'm not sure if it will work for what I need.
I appreciate any suggestions!
You will need a back-end server. However, if you are looking for a simpler solution, I would recommend AWS Mobile Hub:
https://aws.amazon.com/mobile/
They provide Authentication and NoSQL services without having to setup your own servers. All in all, it's a pretty comprehensive offering.
How could I set World Write Permission on the iCloud Dashboard
cause now it's disabled, and really need it
Short answer: You can't.
For a running CloudKit app, a container’s public database is always readable, even when the user is not signed in to their iCloud account on the device. Saving records to the public database and accessing the private database requires that the user be signed in. If your app does more than read data from the public database, check to see whether the user is signed in before saving records.
Reference: Designing for CloudKit
CloudKit requires a user to be logged-in to an iCloud account to write to the public database.
If you need to provide such functionality for users who don't have an iCloud account, or don't want to sign-in, you may want to investigate a different cloud solution.
If you just need to write to the public database from your own server, you can use CloudKit Web Services with a server-to-server key.
I'm trying to create, update, insert records into the iCloud along with my app's ID. I did created my record type in the icloud dashboard and it is working only when the device contains icloud account has been logged in. How to use the icloud service for all the devices which is only using the app ? I saw API access and how to implement the token based access ? Please help me with this problem.
Here a screenshot of the showing the permissions box.
You can see from here you can even grant read access to anonymous users if you so wish, although you would be very unwise to do so if your plan was release your app on the apps store for obvious reasons I would hope.
CloudKit data, and most iCloud data outside of iCloud Drive, is sandboxed to individual applications. This makes sense from the standpoint of securing user data from leaking from one application to another without their control. However, with my own iCloud credentials as a user, I have access to all of my data via the apps which own the individual buckets.
Is it possible, as a technical user writing code on my own machine (not something that would be distributed in the App Stores), to enumerate, read, and/or write data as myself in the iCloud buckets of applications which I did not create?
I am particularly interested to do this on a Mac (with developer tools and unsigned apps allowed), and am willing to assume that I know the bundle IDs of the buckets of interest. Being able to enumerate all buckets which exist for my user would be even more useful.
If you have the same developer account as the original app, then you could create a 2nd app that could use the same CloudKit container. You do have to be aware that there is a developer and a production database. You can only access the production database with a published app (Could be a TestFlight only distribution)
There is a way to access a container that is created by someone else. But then you do need to get an API access web token which can only be handed out by the developer account of the original app. You could then access the container using the CloudKit Web API