I am using a relay with react native.
I want to clear Relay store completely when user logs out.
I cannot find the API from this page
Related
I am attempting to use Rails 5.0.5 API only with devise_token_auth to build a React app. I have the Rails API server running locally on :3001, and my react app (running from within /client folder) is running on :3000.
I am able to register/login/etc. with email/password using axios and API calls, but the oauth is giving me some trouble. It seems that it doesn't want to work with React and the API situation, it loads up a new tab, authenticates with Facebook, then goes to the callback controller on my rails server (:3001). I'm unable to figure out a way for the callback info to be returned to my React app on :3000.
I am able to query facebook manually and receive back the info I need; is there a way to manually create a user based on the Facebook data that will allow me to use devise/devise_token_auth? Do any of you have any better methods for authentication on a React app using Rails API as a backend? I'm pretty new to all of this and not too far into the project, I'm ready to jump ship to a better solution if it exists! Thank you for any information. Please feel free to ask me any questions.
Is it possible to accept paypal payment directly inside an iOS App (i don't mean via the Paypal iOS app, but my own app) without having our own server to validate the return token? I think it is possible with a javascript button inside a webview, but can it be a native iOS function?
You could do it... but it would involve enormous risk. The reason is that you would have to store your credentials inside the app and then make the call directly. Anyone could then extract the credentials and start using them for their benefit (i.e. MassPay themselves from your account).
The only way to ensure they don't get your credentials is to keep them server-side, where the client has no access to them.
Hello me and friends are planning on taking on a big project. My two friends are going to be building iOS and Android apps and I will be making the server back end. I recently started developing with RoR and have fallen in love with Ruby. Now here are my questions:
Little more background:
I only want a private API for the android and iPhone app. I do NOT want a full fledged OAuth authentication process. Doing some research I think I will go with basic HTTP authentication.
1. My App uses cookie based authentication meaning a cookie has to be passed with each subsequent request. So will my friends need to have to store a cookie and on each subsequent request to the server send the cookie along with it?
2. How do I go about making the API private? I know in OAuth there are consumer secret and consumer key. I know if anyone could simply figure out the URL schema they will be able to have access to the API. How do I protect my back end from request from unknown users? (Hard coding strings in the Apps themselves?, Checking headers for device type?)
3. Should I only build the API now and worry about a web app later? Or would it be too horrific of an experience to go back and build a web app (Although I really do actually want the web app to be more significant than the mobile app
Here is a great article explaining exactly what you're looking for : securing an API without setting up a full OAUTH provider :
http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/
Works great (even if the solution is finally not so far from oauth ;)
I am building a backend for ios apps, that support login in different networks.
Once the user login in to the network the client tells the news to the backend, and this could offer a list of worlds that the user might play, or even delete old worlds.
One way to steal another person's world is by saying that you are his social network id.
To solve that with facebook, we force the client to send us the fb_token, a token provided from facebook to the client, that we use in the backend to ask facebook if that specific user is the one that he told us to be.
If apple doesn't provide a way to validate this I understand that if an iOS app wants to use game center, it is directly forcing the app developer to also use iCloud because apple can validate the user credentials.
Did apple provide any way to validate user credentials?
The client on iOS can retrieve info about the currently logged in player in GameCenter, which has nothing to do with iCloud.
If you want to use iCloud to authenticate, you might have a different player than the one you wanted.
I think the solution is for the client to retrieve the player info in GameCenter, and send it to your server in an encrypted fashion (say HTTPS), including a timestamp and possibly other dynamic information. This way you'll know that the user info is being sent from the client app itself and there is no man-in-the-middle. That's really the issue that you are struggling with: how to ensure that client-server communication is secure.
I was going through Facebook's authentication mechanism.
and understood the client side, server side and desktop app processes.
But I couldn't understand the iOS tutorial.
https://developers.facebook.com/docs/mobile/ios/build/
Where it talks about How Facebook SDK for iOS gracefully falls back to diff ways of authentication depending upon whats installed on users phone.
From the tutorial I understood that,
The API checks if facebook app is installed or not and if its
there..it opens it and entire login process n pemission giving is
done there and then the app redirects back to our app passing the
authorization token, expiration, and any other parameters the
Facebook OAuth server may return.
If FB app is not installed, Safari is opened and process happens
there and access token is taken out of its cookies once it redirects
back to the app.
And if iOS doesnt support multitasking, we cant open safari or any
other app along with it,then it opens a UIWebView and carry on and
access the token from its urlbar's fragment area after #.
I got the third way which is what we do with a desktop app in .NET or air.
Can anyone explain the first n second ways ?
How can one app redirect the control to the other and how it can pass data to it.
and regarding the second way, how can the app read Safari's cookies ?
It does it by opening a URL using UIApplication – openURL: and that URL will check if the facebook app is installed by using their custom URL ( http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html ). When that happens facebook then redirects back to your app using the same mechanism.
Read the documentation under //// private here: https://github.com/facebook/facebook-ios-sdk/blob/master/src/Facebook.m