I am working on a MVC web app that requires authentication(Cookie) and a web api that uses token based authentication(Bearer). I also have an IOS app that communicates with the Web Api. So far everything is working fine.
Now I have to implement a new functionality on the IOS app that basically needs to show a web view and load a specific part of the web app, but that page requires authentication. The user was previously already authenticated on the IOS app, so what can I do to avoid that the user has to authenticate twice, one for the Ios app and also in the web view?
Please advice,
Thanks.
This is the solution:
If you set the Authorization header in the same way we do it for Web Api requests (Bearer + Token) then it works. It seems that the Mvc.Authorize attribute not only check for the cookie but also for the token(in the same way the Http.Authorize does it).
Related
I have my iOS app and my web app. Say I have n authenticated user in my iOS app and now I want to open a specific page of my web app for this user in a web view.
What is a good practice of doing so? Do I have to implement a special web page that would do the auth check and redirect to the page needed or is there a way to do this just via WKWebView?
Any kind of help is highly appreciated.
I have an iOS application which allows the user to use Apple's built in Accounts/Social frameworks to login via Facebook.
One question I have is, is there a way to pass user auth cookie from ACAccountStore to a UIWebView?
This will mean that, if a user clicks on a link and the built in web view page is shown, they will be able to comment/like/etc without having to login in the web view too.
Thanks,
Dan
I think it won't be possible if you don't control the service you want to be authenticated with in said webviews.
Injecting arbitrary cookies into a UIWebView is possible, as described e.g. here: Is it possible to set a cookie manually using sharedHTTPCookieStorage for a UIWebView?.
Cached auth tokens can be retrieved from ACAccountCredential. But OAuth tokens are not session-authenticating cookies.
Facebook does that. Whenever a webview is opened in their iOS client, the user will be automatically authenticated with Facebook in that webview. But they have control over their own service, so they created a mechanism for their iOS client to request session-authenticating cookies (that they then inject into webviews).
In general, though, being a 3rd party developer, you won't be able to reproduce that behavior. Unless of course given service has such mechanism for their own needs and you do some reverse-engineering.
I'm trying to access authenticated data from Mobile apps via Asp.Net MVC5.
The backend is .NET (not Node.JS) and I'm using the C# SDK (not Javascript). Since custom auth (user\pwd) is not yet available for Mobile Apps I'm trying to connect with Facebook.
I've found this post but is very outdated now.
If you are trying to do both a mobile app clients AND the MVC client, then you might need to specify a list of OAuth URLS that are valid per:
https://developers.facebook.com/docs/facebook-login/security#surfacearea
You can set the list of valid callback URLs on the settings -> Advanced tab in the facebook app management.
I am trying to create an ios App that talks to a backend API written in nodejs. The backend also has an accompanying webapp also written in nodejs. The idea is that you can login (using facebook-js) on either the app or the webapp and post things to to.
My question is this, let's say that the user decided to login using the ios App, then call some backend API method to post an article, how do I make this work without essentially forcing the user to login twice?
Not sure if I'm making sense, any help would be greatly appreciated!
As Facebook uses OAuth for the client authentication, it's relatively easy to store the Access Token resulting from the login process somewhere on your server, and use them later.
Have a look at Design for Facebook authentication in an iOS app that also accesses a secured web service
Also, see https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.1 which outlines the login process and the storage of Access Tokens.
We have a web application that supports Facebook and Twitter login/signup via oAuth (and can also post to FB/TW). Now we are building a mobile client and naturally we want people to be able to login-signup via FB-Twitter on mobile as well, on iOS even using system-integrated accounts.
Now mobile app and our server app are two different apps, however, and if I get oAuth correctly, we'll need to have two authentications: one for a mobile client (system account can be used), another one for a server (we'll have to show WebView for it).
Yet some existing apps seem to be fine with single authentication only (e.g. Flickr and Foursquare! At least 4sq seems to be fine with iOS system FB account only. How is it possible?
Do they share consumer key/secret between mobile and web app making it essentially the same app?
Do they use some FB-specific extension to oAuth
Do they only use auth token wherever it comes from making it a user ID?
Something completely different?
Old question, but this may help someone who finds their way here.
Twitter Reverse Auth