How to save username & password for App in iOS? - ios

I have an Username & password. I want to save it for an App. If app will deleted then username password will save for that app only, during reinstall the app it will work. If I instal the app in another devices then that user name password will be work.
For same thing I have some data. I want to save that for future. Means suppose I deleted the App and again reinstall the app again or instal the app in difference device then that data will be secure.
For this purpose I used iCloud, but its taking too much time for sync & sometimes its not working properly.
Please anybody can suggest me how can I doable with this above 2 problems ?
Note: I don't want to use web services. My app is without webservices.
Thanks in advanced.

iCloud
Store Private credential using iCloud
WebService
At first time, User install App, make one service to check using DeviceToken user Device is registered or Not.
if user device is registered then gives you username and password, otherwise Skip and display login page.
At login page you have to pass deviceToken, username and password thorough webservice.
Now you remove and again install app, Apps check using web service to passing DeviceToken, if user is login previous then give UserName and Password.

Related

How to provide an option to save username and password to iCloud Keychain on iOS in NativeScript Angular?

I am working on a NativeScript iOS app. The app has a login page which requires users to login before they can use the app. I just wanted to add more convenience for the users to not have to type in the username and password everytime. So, I added the nativescript-fingerprint-auth plugin to enable touch/face id, which is working fine.
Now, I also wanted the app to provide an option to save the password to Keychain on the initial login and provide an option to autofill the password in the next login. Much like shown in the screenshot. So any kind of information regarding this would be helpful.
Thank you in advance!
img source

How to create an anonymous user account using the users Apple-ID like Day-One does?

A new iOS app should be able to connect to a web service to sync data across devices.
I like the way the diary app Day One solved this:
On registration the user can choose to use mail address to setup a "real" account or to sign in with his Apple ID
When using the "real" account the mail address has to confirmed and a username and password has to be chosen
When using the Apple ID Sign In no additional steps are needed. The app is connected to the web services using some random user ID
When being installed on a new devices it is no problem to re-connect using the Apple-ID method.
Problem 1: How to access the Apple ID?
As far as I know it is not possible for the app to really to access the Apple-ID. Or is there some undocumented way to do this? How is this possible?
I suspect that the app instead might use iCloud to store some token? The iCloud storage is linked to the Apple-ID, thus when installing on a new devices it would be possible to recover the token from iCloud and use it to reconnect.
Or are there other / better methods?
Problem 2: How to handle the authentication?
Let's set Problem 1 aside and assume that we have solved the problem of creating some cross-device username. How could be handle the authentication?
Solution 1: Only the token (Apple ID / iCloud stored username / etc.) is used for authentication. If a request from the app to the server contains a valid username token access is granted.
Solution 2: In addition to the username token a random password is generated when creating the anonymous account. This could be done on the device or on the server. But since the password has to be known on both ends, it need to be transferred from one end to the other at some point.
2a: Trust in the HTTPS connection and transfer the plain password
2b: Use some other method (e.g. Diffie-Hellman) to agree on a common password
On first sight 2b seems to be the most secure solution but is the really the case? The sync data is not encrypted but "only" trusts in the HTTPS connection. Would it add extra security to transfer the password using another method?
Additionally, does it add extra security to use a "password" at all? This is not a password the user selects for his user selected username but a automatically generated password for a automatically generated username / token.
Would it not be the same to just use the generated username token? Only who has access to the token / Apple ID / iCloud account, etc. can access the web service.
So, which solution is the best? Am I missing something and there are better solutions?
As of iOS 12, Apple provide a SDK for developer to access user Apple ID - with user's consent, obviously. Developer can use AuthenticationService SDK to achieve this. Please read more at the documentation. I'm sure this is how Day One app does what you describe.

Limiting an iOS app to installation on only one device

I have an iOS app written in Swift where I want to limit each account to one device only – what is a way that I could go about limiting this access? I'm using Firebase and have a login system but the login system is not linked to Firebase Auth.
After login the use generate the token and save them into dataBase. And send this token in header when you hit any other API. If new same use login on other device, update the token in data base .
Now you check this token is same or not if not then send repose code 401 and logout the user.
One option that also works, that I found through research, is to store the uid of a device in the database used in the app (or in NSUserDefaults) via UIDevice.current.identifierForVendor!.uuidString. Then, when a user logs in, compare the uuid with the device's uuid and take the appropriate action.
This is not foolproof – if the user uninstalls the app and re-installs it, they will be assigned a different uuid. But in general, this is the best approach.

iphone app is logging out frequently

I've developed an app where in the entered username and password by user is saved using NSUserDefaults.
Any request from user for any service needs this username to be sent. So using NSUserDefaults I'm sending username for each request. Still the iPhone app is logging out without clicking the logout button and starts from the beginning asking for username and password.
As facebook app and others remains once logged in. Please let me know why the app is logging out frequently without clicking logout button.
Thanks in advance.
On launch check if there is a saved username and password, if so use them. When the user enters these save them.
You need to look at the page source from the server for the form request of the credentials, create the form response with the credentials and post it. This is doable and actually not very hard. On one project I did this for auto login and respond to many form requests so the user never saw them.
Do not use NSUserDefaults for credentials, it is not secure. Instead use the Keychain, it is secure.

Save wifi auth preferences in ios

I want to save authentication of my hotspot in my user preferences. Ex: I sign into my wifi using an app with my username and password, then unblock my network, so next time I'm go in this LAN, it should use the credentials I've put in app. So app has to save the wifi auth in user profile. I'm using NSUserDefaults to store my user and keychain for password. Is this the correct way?
As far as I know, there isn't a way for the app to directly setup an access point in the iOS system; I can not see a reason to save wifi authentication credentials in your app if the system will do this already (probably in a more secure manner)? If you simply save this in your user's preferences, then you will get into security issues if you want to change this password later.
However, yes you can distribute a provisioning profile which contains the credentials to your access point so that the user doesn't need to type it in. You could for example, from the app, open an URL pointing to a server web address that will serve the profile for your users. But then you don't even need an app just for that.. you could generate a QR code pointing to that URL and use one of the existing QRCode decoding apps for example.

Resources