I want to create a Firefox extension. I would ask for the feasibility of my idea.
I have a PHP page show a list of emails with open on browser link next to it,
when I click that button, the following will happen:
Create new browser profile on the fly (if it does not already
exist)
The profile will load the following information from our application database through XML or API.
2.1. proxy settings
2.2. user agent
2.3. autofill information related to that account like username, password, date of birth, and other information related to that account username.
We want to be able to open multiple profiles (tabs) in the same window.
Is there a limit of profiles that Firefox can handle?
How long do you thing it will take for an experience extension developer to do this (we provide xml)
I would know if that is possible and the guidelines to do it.
Related
At work we have developed an individual customer specific software application that is in use for a long time. We have a new requirement in this same program to implement an option for sending emails directly from the program.
The user is able to add his own email account with the credentials and login through our program. For Microsoft and Gmail accounts OAUTH is implemented and something here is not very clear.
For Gmail-API we have made an OAUTH Client and Consent screen on Google Cloud Console which we need to publish and verify and here is where the problems start. I am not very clear with the whole process of verifying the app.
In the steps for verifying is stated that we should verify a domain for the app, but this software is not hosted anywhere on internet and is not publicly available, it is available to a number of specific users (2000-3000).
Also Google requires a YouTube video of the software to be available publicly, which we are not able to upload because of customer requirements. Also here is required a Data Protection Policy page for the application which we as a developers don't have because we are only developing the software.
Other thing that is not clear to me, how is this type of software rated by Google, internal or public?
Have anyone experience with this or something similar?
Verifying an app for one of the Gmail scopes is a very complicated process. This process depends upon which scope of authorization you are requesting of the users.
In your case you are trying to send an email so you are using the users.messages.send method from the Gmail api. This uses a restricted scope. Which means you will need to go though the full process.
First of it doesn't matter if your application is hosted or not. It also doesn't matter that you give this app to a limited number of users. What matters is the scopes you are using.
You will need to ensure that your domain has been registered via google search console. So this app will need a domain
Once that is done you will be able to host your website, and the privacy policy on that domain.
You will need to create a YouTube video showing your application running, and how authorization is used.
You will also need to submit to a third party security checkup of your application which is not free and will need to be done once a year.
All of this is needed because of your consent screen it doesn't matter if its hosted any where, It also doesn't matter if this is only available to specific number of users.
If all of the users are part of a single google workspace account, that has created your client id and client secrete then you can set the app to internal and you wont need to be verified. This only works for google workspace domain accounts.
I enabled Associated Domains in Capabilities in Xcode, and it creates a ".entitlements" file as expected. But it also modified a project.pbxproj file, adds com.apple.SafariKeychain = {enabled = 1;}
So I am just curious, why it is enabled, is it useful for some reason?
I couldn't find any documentation about this.
Note: Updated for iOS 12
That entitlement is used for multiple purposes. It covers any feature where your app needs to establish a verified connection to a web domain. This verification is accomplished by placing a static JSON file (called apple-app-site-association) at the root level of your domain which contains your app's fully-qualified App ID, with keys and configuration to enable specific functionality.
It covers a few actual iOS features:
Shared Web Credentials. The identifier com.apple.SafariKeychain actually refers to the original purpose of the Associated Domains capability, which was to enable native app access to credentials stored in iCloud Keychain for your web domain. If a user has already logged in to your web site and saved their password in iCloud Keychain, this feature allows your native app to use those stored credentials.
Password AutoFill. Available in iOS 12. Password AutoFill takes the behavior added to web sites with Shared Web Credentials, and extends it into native apps in a robust way. By establishing Associated Domains for you app, and adding metadata to your text fields, iOS can automatically enter saved web credentials into your native app. when creating a new account or changing passwords, Password Autofill can offer strong password suggestions, based on your organization's password rules. It can also assist the user by automatically filling in a multi-factor authentication code sent via text message, if it can find a field designated for entering that information.
Universal Links. At its simplest, this feature is a secure replacement for the old custom-scheme-based method of launching one application from another, or from a web link. When used to its fullest, it allows you to draw parallels between the information architecture of your website and your native app. When a user taps a web link for your domain, your native app can be launched in order to handle that link. If the app is not installed, a Smart Banner will be presented with a link to the App Store.
Web Browser–to–Native App Handoff. This is a passive version of Universal Links. If a user is browsing your website on a macOS or iOS device, and you have created a site association for the page they're viewing, they will see a Handoff icon on their iOS lock screen which will let them open your app and, optionally, navigate to the native version of the web page they were viewing.
I've been trying to use deep-linking to open up specific profile pages on the Facebook app, but so far it will only open my own profile. The general format should be fb://profile/<id> unfortunately every time I use this I am directed to a page that says Profile Unavailable. The specific example I am using is with my colleagues ID so from my app if I wanted to go to his page I would open the URL for fb://profile/10206768458598300. Is there a new format for finding profiles? I have found no other solution for opening a Facebook profile from within my app besides opening an actual webpage, having the user sign-in, and go to the actual profile URL of the person.
We don't currently have any officially supported way to open a profile in the Facebook app.
It seems this used to be possible, but not anymore. Here's my dilemma: I'm creating an iPad educational software app, and I want to let students log in with their Google Apps for Education accounts using OpenID-Connect.
... I guess my first question is: is the current Google+ SDK the right way to perform login against GAFE? What about the forthcoming "Google Classroom"?
So say I do this - the student pushes the "login with google button", the sdk performs an app switch to safari and lets the user log in to their google account, push the permissioning buttons, and app-switches back to my app, and the user is now logged in. Fine. At the end of the class period, the user logs out of my app and hands in their device. The next period, though, another student logs in, and because the first user has forgotten to also log out of google in safari, the second user has access to their account.
... My second question is: is this a valid concern? Seems like this would be a pretty common usage pattern.
... Third question - can I get around this? Can I make Google+ sdk use an internal UIWebView, or no web stuff at all? This is what seems like used to be possible, but no longer...
EDIT: Spoke to google tech support for apps-for-enterprise (thx M!) and they say that there is no way to authenticate against google openid-connect without going through a browser. This is, I believe, a security problem - students being kids, they will forget to log out of the browser, and the next kids will get into mischief. Oh well.
The GPPSignin class describes itself as:
It provides single sign-on via the Google+ app (if installed), Chrome
for iOS (if installed), or Mobile Safari.
Internal web views are not mentioned. You may need to implement OAuth2.0 on your own to allow your internal UIWebView to manage authorization.
Google publishes an API which includes a method to signOut. You can use it at your app's discretion in addition to the SDK requirement that a user be able to sign out manually.
https://developers.google.com/+/mobile/ios/api/interface_g_p_p_sign_in
Previously, my installed application (desktop application) is using gdata-java-client with ClientLogin mechanism, for user to access Google service.
In order to provide seamless experience, the desktop application will store users previous entered username and password in encryption format. Whenever they wish to access Google service, the desktop application will automatically help users to fill in username + password information. (Even after application restarting) Users just need to single button click to access Google service.
The login code is as follow : http://jstock.hg.sourceforge.net/hgweb/jstock/jstock/file/808b03e824bf/src/org/yccheok/jstock/gui/Utils.java#l1520
I plan to migrate code to google-api-java-client, and use OAuth 2.0. Since my desktop application has no control over users entered username and password, users will be prompted with the following Windows every time they wish to use Google service.
The user flow doesn't seem seamless any-more, as users need to deal with the browser window, every-time after application restarting. Is there any way for my desktop application, to remember their login information, so that they need not to respond to browser window every-time the application restarting?
Great question. Yes, we are working on this right now. The feature request is here, and the changeset under review is here. Our plan is to make it be available in the next version 1.11.0-beta some time in July. For now, feel free to patch in FileCredentialStore from the changeset into your application and try it out. More documentation about the OAuth 2.0 support in the Java client library can be found here (which will be updated for 1.11.0-beta with information about FileCredentialStore).
Take a look at https://developers.google.com/accounts/docs/OAuth2InstalledApp. This a general guide for your type of application - installed on client machine.
The tell you These applications, in general, cannot keep secrets. But if you already store users' credentials - will it really change something for you?