Accessing iCloud Calendar using authentication service - ios

Is there a way to access Apple iCloud using an authentication service like OAuth or another similar service? I am trying to get access to a users calendar data. I have found a way to access their servers using CalDAV and a users login info. However I don't want to be storing sensitive user information in order to access the servers.

My understanding is that iCloud does not offer any such authentication service. The best you can do is to ask the users to create App specific passwords: https://support.apple.com/en-us/HT204397

Related

MSGraph read shared mailbox messages through app service

I am writing an api using the msgraph api which should be able to read mail from shared mailboxes. I have setup the application in Azure and have given the following permission (my app is running as its own service and not on behalf of an user)
What I am confused about is
Why does it show Delegated, all the rest of my permissions to the application show Application.
Since this is an application how does an user share a particular mailbox with this application, what I can think of is to create a service account, then this application impersonates that service account and then uses the service account to access the shared mail, but this sounds like a really complicated process and am wondering if I'm heading down the correct path.
thanks in advance.
From the Microsoft graph permissions reference, Mail Permissions Mail.Read.Shared and Mail.Send.Shared require a signed in user which is why the permissions show up as delegated. To the best of my knowledge, there isn't currently a way to access shared mailboxes via Ms graph without a signed in user.
Please let me know if this helps, and if you have further questions.

Link Icloud with rails web allication

As like oAuth we can synchronise users authentication information with third party applications or websites, I want to integrate iCloud calendar service with my rails application. From where on button click user is asked to provide their iCloud credentials and after verifying user my rails app should allow that user to access his iCalendar events(Dynamic event generation).
I already tried to add iCloud calendar account with chronofy but it's not recognising my APP-SPECIFIC-PASSWORD.
So is this possible, preferably with some kind of oAuth setup as we do it with Google Calendar? or are their any API which can carry out my task, if so where can I find documentation on the API?
Apple do not provide a public OAuth mechanism for iCloud so its not possible to access their API directly

Transparent LiveConnect OAuth 2.0 authentication possible?

I am currently working on an application that allows users to upload/download files. My company wants to have user files stored in their One Drive and not on our server. The only problem with this is that we want to avoid double authentication in order to access their OneDrive account.
For example we have n users associated with an organization. This organization has a single OneDrive account that all of the users will share (legal?). Once a user authenticates to our application, the idea is to have our application sign them in without user interaction by using the Live API so that they may access their organizations files.
Do we have to authenticate every time we wish to use this service or just once?
It's not a big deal for us to do this once for every organization when setting up their account but a requirement is to avoid double authentication. We want the OneDrive storage to be transparent to the user.
Does this violate any of Microsoft's Terms and Conditions?
Thanks! Any input is appreciated as I've never worked on a cloud based application before. If OneDrive isn't a viable solution are there any other recommended services my company could look at?
Consumer OneDrive isn't intended for business use and sharing a single OneDrive account for multiple people isn't recommended either. You should look into OneDrive for business for your scenario: https://onedrive.live.com/about/en-us/business/.
OneDrive for Business uses the SharePoint developer APIs: http://blogs.msdn.com/b/sharepointdev/archive/2013/08/13/access-skydrive-pro-using-the-sharepoint-2013-apis.aspx
I found that the Box API does not support a grant type of passworrd. Neither does OneDrive or DropBox. Without this grant type it is impossible to sent a username and password to log a user in.

Is there an iCloud web api?

I'd like to be able to access a user's iCal and create events from my server, is this possible, preferably with some kind of OAuth2 setup like with Google Calendar? If so where can I find documentation on the API?
Unfortunately no. There is currently no OAuth whatsoever for iCloud. However, there are two solutions to consider:
Ask the user for their AppleID and password and store it on your server (not recommended for security reasons). This will allow access to EVERYTHING the user has enabled on their account; even the ability to log in and purchase content - thus the security issue. But it will give you direct access to iCal.
Ask the user for access to calendar through your app. Using EKEventStore requestAccessToEntityType: method you can gain access to the users local calendar. You could batch those events and send them to your server. You can find information on how to access calendar here.
It is possible. iCloud supports CalDAV on caldav.icloud.com, and that quite well. It allows you to create, modify and delete events and tasks. Unfortunately you have to have the user's credentials for this though.

How would I tie a user auth'ed by 3rd party provider via ACAccountStore to a backend user obj in the cloud?

In general, what's the best practice to authenticate a user via 3rd party (say Twitter) using iOS's ACAccountStore and then tie it to an existing user in my own service assuming that they were logged in already? Can I access and store the account credentials remotely over ssl, or is there a better way?
And if they had to re-login via Twitter, I could just search for the user with that twitter handle to know what backend user is tied to this account, yes?
And lastly if I wanted to be able to login via a browser later on, I would get new oauth credentials for the webapp as well, but could search for a user with the same Twitter account info and store these credentials as well, and know that they all refer to the same person, correct?
What you're asking involves many levels of a system "stack" that are custom to a particular environment. What is "correct" vs "incorrect" is dependent upon the environment you've set up and are connecting to from your iOS app.
So from what it sounds like you're leveraging iOS's Twitter functionality to create a Single Sign On (SSO) experience. There are several guides on Twitter's site for doing what you want to accomplish:
Integrating with Twitter on iOS: Single Sign On
Using Reverse Auth to Get OAuth Tokens on iOS - you can then store these server-side
Migrating tokens to system accounts - how you get OAuth tokens from your webapp to iOS.

Resources