I'm trying to implement Steam Authentication via OpenID for iOS using this framework. I already translated the demo to Swift 3 and made it work with Google. Now I'm trying to get it to work with Steam and I don't know where to find some of its configuration. To make the app work with Google I use this information:
let kClientID = "xxxxx.apps.googleusercontent.com"
let KRedirectURI = URL(string: "com.googleusercontent.apps.xxxxxx:/oauthredirect")
let kIssuer = URL(string: "https://accounts.google.com")
I've being looking in their dev wiki but so far I could just find how to get the API key. Would you have this information? It is my first contact with OpenID and I'm a bit lost.
Thanks for any help
Related
I inherited an app, and I am trying to understand the exact configuration differences between what Facebook wants and what is currently implemented.
In working to create a great Platform experience for everyone, we ask developers to ensure the apps they build comply with our Platform Policies. Your app APPNAME (AppId: APPID) doesn't comply with the following:
Platform Policy 8.2: Native iOS and Android apps that implement Facebook Login must use our official SDKs for Login.
Please make sure your iOS app is using the most recent version of our SDK for Login. You can find more information on our iOS SDK for Login and other Login-related products here: https://developers.facebook.com/docs/facebook-login/ios.
EDIT: In addition, Facebook also told me this:
Thank you for reaching out and for all actions taken so far. I am still able to view the FB login using unofficial SDK [refer to screencast].
My guess is that this is due to the configuration of OAuth2 in the authentication service.
It is setup like this:
private init() {
let keycloakHost = ServerConfigurator.sharedInstance.keycloakUrl
config = KeycloakConfig(
clientId: "app-name-mobile",
host: keycloakHost,
realm: "master",
isOpenIDConnect: true)
config.webView = .safariViewController
config.webViewHandler = self.webViewHandler
oauthModule = KeycloakOAuth2Module(config: config, session: KeycloakClient.session)
}
Whereas the aerogear oauth docs seem to suggest a different configuration is required for Facebook:
https://github.com/aerogear/aerogear-ios-oauth2
let facebookConfig = FacebookConfig(
clientId: "YYY",
clientSecret: "XXX",
scopes:["photo_upload, publish_actions"]
)
let oauth2Module = AccountManager.addFacebookAccount(config: facebookConfig)
let http = Http()
http.authzModule = oauth2Module
http.request(method: .get, path: "/get", completionHandler: {(response, error) in
// handle response
})
It also seems like the original developer is piping the input through to a Safari Webview, vs using the methods expected by the library. I'm not entirely why that is either. I think this may, in fact, be the cause of the issue Facebook has with the app.
Can anyone shed some light on this error? I'm trying to most efficiently deal with it as there is a very quick time limit (a week), and I'm not even sure if I am going down the right path here.
Any advice is highly appreciated.
EDIT: I am now using this version:
https://github.com/maciej-gad-benefex/aerogear-ios-oauth2
EDIT: This also needs to integrate with Keycloak identity provider
This library is not going to be maintained anymore. The last significant change was 2 years ago (Commits on Jan 13, 2017)
I really recommend you to replace this for AppAuth-iOS
It looks like Facebook is saying that you have to use the Facebook-supplied SDK for login, so in order to comply, you have to move to https://developers.facebook.com/docs/facebook-login/ios.
I'm using OAuth 2.0 for Fitbit integration in my iOS application. Everything is working well. But If I created new Application by
https://dev.fitbit.com/apps/new
Below is screenshot of registration new app.
Set new ClientID, ClientSecret and callbackURI but Always get below issue.
Don't know where i'm going wrong? Also try to set different type of callback URI like start with https://getresponse and etc. also try Refer this link but did not get success.
I'm following
1) https://github.com/Stasonis/fitbit-api-example-swift
2) https://github.com/insanelydeepak/fitbit-api-example-iOS
If you want more info then pls let me know.
I'm trying to put an email/passwordless authentification with Firebase (Swift)
https://firebase.google.com/docs/auth/ios/email-link-auth
In the doc, they mention this setup :
let actionCodeSettings = ActionCodeSettings()
actionCodeSettings.url = URL(string: "https://www.example.com")
// The sign-in operation has to always be completed in the app.
actionCodeSettings.handleCodeInApp = true
actionCodeSettings.setIOSBundleID(Bundle.main.bundleIdentifier!)
actionCodeSettings.setAndroidPackageName("com.example.android",
installIfNotAvailable: false, minimumVersion: "12")
I don't understand what is the URL in
actionCodeSettings.url = URL(string: "https://www.example.com")
What must I put on this URL ?
And the AndroidPackageName is confusing me either. It can be deleted, right ?
Thanks for your help !
Firebase Auth uses Firebase dynamic links (FDL) to pass the email link OTP back to an app. FDL is used for web to mobile redirects. A critical part of the FDL link is the deep link within it (required when constructing an FDL link). If the link is triggered from a device where the target mobile app is installed or a non-mobile device (laptop/desktop, etc), the link is used as a fallback. This link is also useful to pass any additional state back to the landing page. In this case, it will be used as a mechanism to pass the code back to the app or fallback webpage.
I have working Swift code that opens an SFSafariViewController at the following URL:
https://api.imgur.com/oauth2/authorize?client_id=\(CLIENT_ID)&response_type=token&state=myState
to retreive a user token from Imgur.
With this, the user can upload photos to his personal account.As this is going to be a commercial App, I registered an App on Mashape and changed my URLs in the code to use that endpoint:
like written here
My problem is the authentication. Anonymous uploads work perfectly as I put the X-Mashape-Key in the request header correctly.
But the presented Safari window is just initialized with a URL:
let url = NSURL(string: "https://imgur-apiv3.p.mashape.com/oauth2/authorize?client_id=\(CLIENT_ID)&response_type=token&state=myState")
svc = SFSafariViewController(url: url as! URL)
svc!.delegate = self
self.present(svc!, animated: true, completion: nil)
so I don't get where to tell it the Mashape key or if it's not required, what is then.
Do I maybe need to change the CLIENT_ID? Currently it's still the one I had gotten from Imgur and Mashape doesn't seem to have sth like this. There's only the API keys.
Any help is appreciated, thank you in advance!
EDIT:
I changed the authentication URL back to the original one from Imgur and using the CLIENT_ID from Imgur.
Now the images are uploaded to the user's account while showing in my Mashape quotas, which indicates everything is as expected.
I'm not sure if this is perfectly correct as the abovementioned Link tells to change the API endpoints in general to the new one.
On the other hand, authorization is not really something using an API endpoint, rather it's a webpage with a callback, so ... Not sure! That's why I ask :)
I'm in the process of integrating AWS Cognito for managing authentication and user data in my iOS 9 app using Swift with the AWS iOS SDK v2.4.7. However, I can't find a clear example of how to do this. I've got the Google Sign-In working (i.e., I can successfully get an ID token from Google), but I'm not sure how I can use this to authenticated with AWS. I've created an identity pool and user role with the correct permissions. My problem seems to be in passing this token to Cognito for authentication on AWS's end.
The code snippet provided in the AWS guide still uses the deprecated methods of the pre-2.4.0 SDK. I haven't found an example of the new best practice. To make matters a bit more confusing, AWS's Authentication Flow overview still seems to be pre-v2.4.0 since it is described in this post dated before the release of v2.4.0, but seems to use a different process than that outlined in that first code snippet. (It also seems that Google's process has changed a bit since the guide was published, moving from a Google+ sign in to a new Google Sign-In system.)
In summary, what is the accepted way of logging in my end user via Google and authenticating via Cognito (for future AWS API calls) using the latest AWS iOS SDK (v2.4.7)?
Here is my current attempt. First, in my app delegate, I initialize the AWS service as described in the guide:
// AWS setup
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId:"us-east-1:<REDACTED>")
let serviceConfig = AWSServiceConfiguration(region: .USEast1, credentialsProvider: credentialsProvider)
AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = serviceConfig
Then, when the Google Sign-In process is complete, I attempt to use the id token to authenticate with Cognito. The user in the following snippet is the GIDGoogleUser returned by a successful Google Sign-In. I have verified the Google Sign-In is working and I have a valid id token.
let getIdInput = AWSCognitoIdentityGetIdInput()
getIdInput.logins = [ "accounts.google.com" : user.authentication.idToken ]
getIdInput.identityPoolId = "us-east-1:<REDACTED>"
getIdInput.accountId = "<REDACTED>"
AWSCognitoIdentity.defaultCognitoIdentity().getId(getIdInput).continueWithBlock{ (task: AWSTask?) -> AnyObject? in
if task?.error == nil {
let result = task?.result as! AWSCognitoIdentityGetIdResponse
let input = AWSCognitoIdentityGetCredentialsForIdentityInput()
input.identityId = result.identityId
AWSCognitoIdentity.defaultCognitoIdentity().getCredentialsForIdentity(input)
} else {
}
return nil
}
The logs give
Unauthenticated access is not supported for this identity pool.
This is not necessarily incorrect (it is true that I don't allow unauthenticated access for this pool), but is not what I expected, since the Google token which I passed should have authenticated the user. Any thoughts?
Luckily I was early enough in the development process that I could switch backend services. After some quick research, I've tentatively switched to Firebase by Google. I managed to implement in 30 minutes what I had previously struggled with for 6 hours using AWS. I can't say for sure if it's a good alternate for all AWS Cognito use cases, but it looks like it will work for me. Definitely worth checking out if you're just getting started.
To answer the original question related to Cognito. You need to set the logins in AWSCognitoIdentityGetCredentialsForIdentityInput as well.
Additionally for simplification you can use the high level SDK for Cognito.
Examples can be found here:
http://docs.aws.amazon.com/cognito/latest/developerguide/getting-credentials.html