I am using the Uber API and I did change my info.Plist but it's not recognizing the name apparently, I passed it the client ID I received from the developer dashboard.
Error in the Debugger:
Unable to locate application icon fatal error: Unable to get your ClientID.
Did you forget to set it in your Info.plist? (Should be under UberClientID key)
Your info.plist does not look right. The fields need to be the keys that the SDK can recognize. So for example, if my client ID was "my_client_id_123" and my redirect URI was "myapp://login" then my .plist would look something like this:
<key>UberClientID</key>
<string>my_client_id_123</string>
<key>UberCallbackURIs</key>
<array>
<dict>
<key>UberCallbackURIType</key>
<string>General</string>
<key>URIString</key>
<string>myapp://login</string>
</dict>
</array>
(I also wouldn't suggest posting your actual Client ID on the internet)
Related
In the app I'm working on, I need to handle 3-D Secure redirects from our payment service provider. These redirects point to a web page of the card issuer that is shown in a WKWebView to the user in the app.
This works all the time except one case where the WKWebView doesn't load for https://3dsecure.csas.cz/ and fails with the following error:
Error Domain=NSURLErrorDomain
Code=-1200
"An SSL error has occurred and a secure connection to the server cannot be made."
What's interesting is that the same URL loads with no problems in Safari or in SFSafariViewController. Even the server's certificate is okay:
I've tried to play around with NSAppTransportSecurity settings in app's Info.plist file, specifically enable NSAllowsArbitraryLoadsInWebContent and NSAllowsArbitraryLoads but it does have no effect.
Forward Secrecy
It turns out that the server for 3dsecure.csas.cz does not support Forward Secrecy: https://www.ssllabs.com/ssltest/analyze.html?d=3dsecure.csas.cz&s=194.50.240.77
Perfect forward secrecy is required by App Transport Security in iOS9 and above for all app connections, including webviews (not including Safari, however)
ATS Debugging
Running the following command in Terminal runs ATS diagnostics and tells more about the problem and how to solve it:
/usr/bin/nscurl --ats-diagnostics --verbose https://3dsecure.csas.cz
ATS Exception in the app
Allowing the webview in the app to connect to a specific server that does not support forward secrecy could be done by adding the following in the Info.plist file:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>3dsecure.csas.cz</key>
<dict>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
Not future-proof
This exception needs to be added for every single domain that does not support forward secrecy. Unfortunately, It's impossible to know all the 3-d secure servers in advance as they come as redirects from the payment provider.
What I don't know is if not requiring forward secrecy could be set for any domain, globally, and just within a specific webview, without affecting the whole app.
I am currently having problems using a WebView with this API to login to my app. I feel like I've set up something wrong somewhere, but can't put my finger on it.
Here's the error I'm getting :
Given URL is not allowed by the Application configuration code:191
I've set up my application descriptor like this (the x's are my app id)
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>fbxxxxxxxxxxxxxxx</string>
</array>
</dict>
</array>
<key>CFBundleURLName</key>
<string>xxxxxxxxxxxxx</string>
I don't know if I need to add a setting in my facebook app page, but I've enabled embedded browser login and that's it.
Am I forgetting something here ?
Thanks for the help !
The problem can be caused by many things. I've used this and it helped me a lot:
http://afterisk.wordpress.com/2013/02/26/first-free-facebook-single-sign-on-sso-adobe-air-native-extension-for-android/
It important to follow almost every step as there are multiple properties in Facebook that you must set.
Second, check this SO: Facebook API error code 191
I don't know what's the url that you open - it's best to get it as login url from FB.
I hope that helps and will solve your problem :)
I am writing a Xamarin iOS app and having difficulty integrating Facebook SSO, though I don't think my problem is necessarily Xamarin-specific, just a lack of understanding of how to integrate Facebook SSO without the benefit of the Facebook iOS SDK.
I have followed the various guides and have done the following:
1) Have a Facebook App set up:
a) iOS Platform added with bundle id matching my app's bundle id
b) Single sign on enabled
2) Set up my info.plist as follows:
raw text:
<key>CFBundleDisplayName</key>
<string>[company]</string>
<key>CFBundleIdentifier</key>
<string>com.[company].ios.app</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>fb123490xxx</string>
</array>
<key>CFBundleURLName</key>
<string>com.[company].ios.app</string>
</dict>
</array>
<key>FacebookAppID</key>
<string>123490xxx</string>
<key>FacebookDisplayName</key>
<string>[company] Staging</string>
3) Implemented the following code in my app:
FacebookLoginButton.TouchUpInside += (sender, e) =>
{
var urlWithAppProtocol = new NSUrl("fb123490xxx://");
UIApplication.SharedApplication.OpenUrl(urlWithAppProtocol);
};
I have not overriden AppDelegates methods (OpenUrl and HandleOpenUrl) yet because as far as I can see those handle incoming redirects to my app; I will get that working next.
To be clear, what I'm expecting to see is the FB iOS App equivalent of this screen (from Mobile Safari)
However, if I redirect to:
"fb://[appid]" I get redirected to the FB app but just to the news feed page (or whatever screen I was on last when I was using the FB app)
"fb[appid]://" I get nothing happening, .OpenUrl() does nothing;
"fb://profile/[appid]" as an experiment, I get the following (notice the "app isn't available for your phone"); this could be because you're supposed to use the PageID with /profile.
What am I missing here?
Ok, in the end it was simply using fbauth://authorize in conjunction with the normal query string parameters in the oauth url. The redirect url needs to be fbconnect://success
I found this by reading the source code of the FB iOS SDK:
https://github.com/keithpitt/DKSocial/blob/72cd77bc15ca1a307b92aff8382f2c71a97da7de/External/FBConnect/Facebook.m
There might be a lesson here to use the Xamarin bindings of the official Facebook iOS SDK, which offers this functionality. I've ended up going down the manual route because I started with the Facebook .NET SDK, which doesn't seem to offer this App-based SSO functionality.
I'm currently work on a iOS/Phonegap app, I want to have it respond to a custom URL scheme, so that when a person clicks on a link in the regular browser it will open the app to a specific page, where said page is actually an external page. The app thus far essentially acts as a web browser where external (web) content is displayed in ChildBrowser.
I am 95% certain I need to use the following method in AppDelegate.
- (BOOL) execute:(InvokedUrlCommand*)command{}
And I know I need to use the following to create my command.
+ (InvokedUrlCommand*) newFromUrl:(NSURL*)url;
My problem is that I've been unable to find any examples online of doing this. I know the url passed to newFromUrl needs to be in the format of yourscheme://<sessionKey>#<Class>.<command>/[<arguments>][?<dictionary>] But in this case, my [<arguments>] would be a regular url of the form "http://www.google.com".
Can some one give a concrete real-world example?
This is implemented in current versions of PhoneGap so that all you need to do is add you custom URL to the App-info.plist file. Here is a sample of the XML:
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLName</key>
<string>com.cams.myapp</string>
<key>CFBundleURLSchemes</key>
<array>
<string>myApp</string>
</array>
</dict>
</array>
You should use the Property editor to edit this file and get the format correct.
I'm trying to write function similar to http://whatismyudid.com/ that, then approved, will return the users UDID and store it to a database for future reference with that user.
I have written a .mobileconfig xml doc that opens in the Profile Installer just fine but when I tell it to install the profile it responds with [alert] Invalid Profile but no alert body. No description, no code, no help.
I'm new to the mobile configuration game so any help would thrill me.
Here is my configuration file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<dict>
<key>URL</key>
<string>http://apps.mortlabs.com/device/retrieve.php</string>
<key>DeviceAttributes</key>
<array>
<string>UDID</string>
<string>IMEI</string>
<string>ICCID</string>
<string>VERSION</string>
<string>PRODUCT</string>
</array>
</dict>
<key>PayloadOrganization</key>
<string>MortLabs.com</string>
<key>PayloadDisplayName</key>
<string>Profile Service</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>B958E359-34C2-42F4-BD0C-C985E6D5376B</string>
<key>PayloadIdentifier</key>
<string>com.mortlabs.profile-service</string>
<key>PayloadDescription</key>
<string>This temporary profile will be used to find and display your current device's UDID.</string>
<key>PayloadType</key>
<string>Profile Service</string>
</dict>
</plist>
The profile is initialized by navigating to http://apps.mortlabs.com/device/enroll.php with mobile safari
I found that by using the above that Apache was being talked to by the Ipad/Iphone - The post by Kyle2011 at https://discussions.apple.com/thread/3089948?start=0&tstart=0 filled in the rest of the solution.
Basically at the bottom of the retrieve.php page you need to redirect the browser to a directory by using a line similar to the following:-
header("Location: https://www.example.com/enrolment?params={$params}");
Where enrolment is a directory - this then calls the DirectoryIndex (typically index.php) which can then display stuff to your user.
To populate the $params variable you need the following line at the top of your retrieve.php script
$data = file_get_contents('php://input');
You can then parse the $data string to get what you need (try file_put_contents("data.txt", $data); or Kyle2011's example)
I also changed the Payload UDID to something different by using udidgen in a terminal on a Mac rather than just using whatismyudid.com's.
Update: From iOS 7.1 some of the files (the .plist IIRC) need to be served over https:// - they will fail to install if everything is served over http:// - probably best to serve everything including the .ipa over https:// to ensure future changes on Apple's side don't cause a problem.
Note about the last page ( FOLDER ).
If you want to use a page script for final redirection in place of a folder.
you can change this :
header("Location:
https://www.example.com/enrolment?params={$params}");
by
header("Location:
https://www.example.com/enrolment.php?params={$params}", true, 301);
Source : header function on php.net manual
it's work !
Try setting the URL to an address without .php extension. This solved the problem for me.
Now my only problem is that I can't find out how to retrieve the data sent from the iOS device to my server.
It does not seem to be in the $_POST variable.
The error you're getting is because iOS expects your profile service URL (the one it sends its UDID to) to return a configuration profile (i.e. a .mobileconfig file). I currently capture device UDIDs without returning this profile; my devices generate the alert you describe but the data is on my server.
For reference, here's the (very) simple PHP file I use to capture the data:
<?php
// set file to write
$file = 'device_data/data.p7s';
$fp = fopen($file, 'w') or die('Could not open file!');
fwrite($fp, $HTTP_RAW_POST_DATA) or die('Could not write to file');
fclose($fp);
?>
The key here is the use of the $HTTP_RAW_POST_DATA variable to capture the HTTP request body exactly as sent, without attempting to parse it into the usual name/value pairs. I'd suggest reading the documentation at this point, but it really doesn't tell you much.
Security tip: whatever the user sends in the request body, you're writing to a file on your server. If the user decides to send a shell script, PHP file, or other executable content, then visits the URL of the file you create, they can execute the code the just uploaded on your web server. So, make sure the file you write to can't be accessed via HTTP! (A .htaccess file would do the trick, or write to somewhere outside the web root.)