I have an iPad and iPhone application,which runs on user session and requires login and session to be maintained throughout application life cycle. Now I want to create Apple watch app for same app. What are the best ways to do login and maintain session on Apple watch. User session expires if app is idle for more than 20 minutes.
Look at shared keychain access within the app group. You should be able to pass your auth token to WatchKit that way.
Related
I'm a long time iOS developer and i've been out of the domain for a while now,
I've been assigned a new task in which i need to check whether it's doable on the appStore or not.
My aim is to create an e-book like application, where the user downloads the app for free from the appStore, and is requested to enter an access code provided separately outside the appStore.
So the app can be free on the store, and once opened an external ajax/php request will take place to authenticate the user.
Previously, apple forbid this kind of transaction, i am checking now to see if this situation changed or/and is now approved by apple.
Many Thanks!
Users log in on their iPhone into our app.
After that we securely store the authentication information in the keychain. Our users don't have to sign in each and every time they use the app.
Now we are adding a Watch app. We would like to do some network requests on the Watch as well. Would be lovely if this would work when the user is logged in on their phone.
However, Keychain Sharing cannot be done between the iOS and the Watch device. This could be done in the beginning of WatchOS but no more since WatchOS 2. So this leaves us with a problem.
So: We could send over data using WCSession.
but:
How safe is that? Any ideas on how to make this safe?
Are there other ways safely transfer authentication tokens from the Phone to the Watch?
I am implementing the feature of automatically logging in the user in an iOS app. This is easy for a single app as we can persist the username with NSUserDefaults while the password using System Keychain.
Now, I want to do it across multiple apps. In my understanding, we'd need a unique device identifier for this, which we can pass to the server and then use it to activate auto login across multiple apps on the same device. Now since, Apple prohibits the use of UDID now, I am thinking of using the Vendor Identifier which would of course require me to set the Bundle IDs accordingly. Is this the best way possible? Or is there a better standard method that is more effective?
Also, Is it at all possible to have auto login between different devices? Like for e.g. If I login on one iOS device and then open the app in another, I should automatically sign in.
To implement login between multiple iOS apps you can use the same App ID prefix in them. It will work because they will share keychain data. Here you can find more details:
https://developer.apple.com/library/ios/technotes/tn2311/_index.html
And here the related question: Keychain group access to share data between my existing applications
And about automatic sign in between different devices. I used encrypted iCloud Key Value storage to store login & password between devices. And it worked but not too good. Problem is that first time you start app on new device it will take some time to sync data from iCloud to local storage. And this means that first time you trying to Sign In and may need to wait for some undefined time. In may case it was about 20 seconds. To long for Sign In in a good application :) And of course this require user to be logged in iCloud with the same Apple ID.
ASAIK there is no proper way to implement automatic Sign In from multiple devices. And Apple recommend just to ask for Sign In on every new device of user.
Background:
Apple requires you to implement a restoration mechanism to this type of purchases to let users to get back their purchases after wiping the device or to view purchases from user's other device.
One accepted approach form apple for doing this is to do an optional user registration and handle it on your server to save the transaction receipts. since apple don't do that like other type of purchases as non-consumable. which allow you to get all the receipts of the users to restore them.
Apple say that the registration should be optional. but we must indicate to the user that registration is required to view purchases from other devices.
My Suggested Approach:
I am going to implement the restoration mechanism by saving the purchases receipts in iCloud. I will indicate that logging into iCloud is required to access the subscription content from user's other iOS devices.
On purchasing succeeded app. will check if iCloud is available to save the subscription details(Transaction Receipt) Otherwise, subscriptions will be saved to User Defaults. Every time the app. is launched it will check if iCloud available and iCloud will be synced with User Defaults. subscriptions details available on User Defaults and not on the iCloud will be copied to the iCloud and the subscriptions that are available on iCloud and not on User Defaults will be copied to User Defaults.
Thats provide users the flexibility to login to iCloud in a future time just to move their subscriptions to another devices or just before they decided to delete the app. to save their subscription. (That all will exactly perform as we had the user registration option). Is that accepted?
Another thing. My app. suppose to work on iOS 4.x too. which mean that iCloud is not available. Is that ok too? or I have to give up running app. on iOS 4.x if I want to use iCloud approach? what if I also indicated that restoration will not be available for iOS 4.x?
One way is that , the restoration of payment and other data should be handle by your application or by your side on the server. But i think it will increase your burden of coding. But registration is optional and if user wants that he will be able to use application on his other iOS devices also then u can make registration compulsory, otherwise the restoration of payment or data should be done using keychain.
If u have still doubt then let me know.
So, in this case what if a user makes a purchase without signing into his iCloud account? We won't be providing him the content access on his other device in that case, right?
Is there any way to handle that scenario? Are we allowed to store the user's id and password into the iCloud? This may help us, but won't be a good idea to store the credentials.
I am developing an Application where I want the user to log in with his/her Apple ID.
Is this possible? If so, how can I do this?
Apple introduced Sign In with Apple at their worldwide developer conference, WWDC 2019.
Here's how Apple describe it:
Sign In with Apple makes it easy for users to sign in to your apps and websites using their Apple ID. Instead of filling out forms, verifying email addresses, and choosing new passwords, they can use Sign In with Apple to set up an account and start using your app right away. All accounts are protected with two-factor authentication for superior security, and Apple will not track users’ activity in your app or website.
Sign In with Apple requires iOS 13 or later, iPadOS 13 or later, watchOS 6 or later, macOS Catalina 10.15 or later, and tvOS 13 or later.
Nope, there is an standard API for this. You could use a UIWebView to make a user log in to an existing login form somewhere on apple.com, and then check for the subsequent success or failure URL, but that would probably be both brittle and rejected by the App Store approval process.
It is not possible currently. Your best bet is to submit a feature request at https://bugreport.apple.com/
If you want to authenticate users without setting up your own registration system, you could adopt Facebook Connect. Lots of people already use Facebook obviously, and you don't have to maintain the signup/forgot password/security stuff at all.
If you don't like Facebook, Google also offers a similar system. (see https://developers.google.com/accounts/docs/MobileApps)
Apple will probably never allow you to log in with the user's Apple ID.
You might be able to allow your users to log into Game Center. The user's Game Center account is tied to the AppleID, so users can be identified by your app that way. But this is assuming that you were actually building a game.
Apple's Game Center documentation is here: https://developer.apple.com/library/ios/#documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/15_GameCenter/GameCenter.html#//apple_ref/doc/uid/TP40011225-CH7-SW1
The App Store Review guidelines preclude using any information from Apple's services in your app, which is why it's dubious they would ever allow you to login with an Apple ID:
12. Scraping and aggregation
12.1
Applications that scrape any information from Apple sites (for example from apple.com, iTunes Store, App Store, iTunes Connect, Apple Developer Programs, etc) or create rankings using content from Apple sites and services will be rejected
If what you want to achieve is a seamless user experience between the user's different iOS devices without requiring the user to pick a username and password for your service you could maybe use iCloud. But of course it depends on what you are building. Apple provides some videos introducing the different iCloud APIs: https://developer.apple.com/icloud/documentation/