I'm creating an SDK which provides features that the official app uses. I want to enable oAuth login like Facebook. If a user signs up with Facebook in the official app, how can I have them log in to the same account from via the SDK that is integrated in another app?
Would I share the same access token across the SDK to all clients that implement it? Or is there a way to be able to allow the user to sign in via oAuth into an account that they created through the official app? My current thought is that we pull some ID (e.g. email address) and do a lookup to see if that email address exists in our database and work from there (which could be a pain if the user changes their email address).
Thank you
Related
I'm building an app that shows users people they might be interested in talking to. If a user says he's interested in a person I show them, I want my app to create this person as a contact in my user's SalesforceIQ.
How do I do this? I see from the API documentation https://api.salesforceiq.com/#/ruby#documentation_contacts_create-a-contact that I can create a contact if I know my user's username and password, but of course I don't want my users to give me this information. Is there some way for the user to OAuth or whatnot by clicking a button that authorizes me to add things to their SalesforceIQ?
The SalesforceIQ API uses HTTP Basic authentication and does not currently support OAuth according to their documentation.
For a SalesforceIQ user to grant API access to your app to create contacts and for other privileges, the SalesforceIQ admin creates an API Key and API Secret for your app which is then used for the HTTP Basic authentication username and password. This way no user needs to provide your app with their credentials. This is configured in the SalesforceIQ admin UI under Settings > Integrations > Create New Custom Integration.
For the admin to provide these credentials to your app, you can have a UI where the SalesforceIQ admin enters this for your app to store and use with the API for their account.
This is described in the following places, briefly in the API Reference and in detail in a Help Desk article with screenshots of what the SalesforceIQ admin needs to do:
API Reference: Requesting Access
API Reference: Security and Authentication
Help Article: Set up API access
Currently I want to authenticate my user using facebook on IOS platform. I want to use node.js as the custom authentication, so that i could make it more flexible. My theory right now is to use node.js and passport-facebook via token, but my questions right now
1) Do i need to use Facebook ios sdk together with node.js /passport? or simply just serve it via node.js/passport https://developers.facebook.com/docs/ios
2) If the user already installed facebook on his iphone, how do i access the token?
This is my first time on creating an iphone app + facebook login, any advice would be highly appreciated. It is a project that I'm working on right now
Thank you
You can authenticate the user on the phone with the iOS SDK. That way the user will get the native "login with Facebook" flow and your application will get hold of the Facebook token. Then you take this token, pass it to your node backend (together with the email address of the user), and you can use passport/NodeJS to verify that the token belongs to the email address. If so, the user is authenticated and you can store the token together with the email (and other user related custom data) in you node node application for use later on and to fetch an existing user in your node application when they log in again.
For the rest of the authentication you can use something like JWT (Json Web Token), https://www.npmjs.com/package/passport-jwt, to secure your backend and to know which user sent the request.
In general, what's the best practice to authenticate a user via 3rd party (say Twitter) using iOS's ACAccountStore and then tie it to an existing user in my own service assuming that they were logged in already? Can I access and store the account credentials remotely over ssl, or is there a better way?
And if they had to re-login via Twitter, I could just search for the user with that twitter handle to know what backend user is tied to this account, yes?
And lastly if I wanted to be able to login via a browser later on, I would get new oauth credentials for the webapp as well, but could search for a user with the same Twitter account info and store these credentials as well, and know that they all refer to the same person, correct?
What you're asking involves many levels of a system "stack" that are custom to a particular environment. What is "correct" vs "incorrect" is dependent upon the environment you've set up and are connecting to from your iOS app.
So from what it sounds like you're leveraging iOS's Twitter functionality to create a Single Sign On (SSO) experience. There are several guides on Twitter's site for doing what you want to accomplish:
Integrating with Twitter on iOS: Single Sign On
Using Reverse Auth to Get OAuth Tokens on iOS - you can then store these server-side
Migrating tokens to system accounts - how you get OAuth tokens from your webapp to iOS.
I have completed my iOS app and now want to have user registration and authentication functionality.
When the user opens the app it must ask them to register or login and then when the app closes it logs out. I want to send their basic details to my server e.g. name, location.
Is this allowed my Apple and does anyone know of a service that I could use as appose to reinventing the wheel?
It is allowed by Apple.
There are apps on App Store that do not implement their own register/login mechanism. Those apps ask their users to login via Facebook. So any user who has a Facebook account, can login to your app using their FB credentials. You would have to use the iOS SDK provided by Facebook.
It is always better to provide multiple login options to your app user, instead of just relying on Facebook or any other provider. Allow users to login via GMail, for example.
Adding support for OpenID is another good option. OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities. Users may create accounts with their preferred OpenID identity providers, and then use those accounts as the basis for signing on to any website which accepts OpenID authentication.
I am using RPXnow.com authentication solution for a rails app and am now at the point of wanting to develop Facebook integration features using Facebook Connect and the client api. What I am unclear on from RPXnow docs is the level of integration their solution provides. When a user connects via rpx using their FB creds, are they now using Facebook Connect? Can I make calls to the client api from my app? Do I need to use the RPX api to access the FB client APIs?
Anyone with experience using both who can shed light here, much appreciated.
dnewman,
Great question. Facebook Connect is simply a javascript layer built on top of the Facebook Platform APIs. RPX uses the platform APIs to authenticate the user, and after they have signed in, you may safely use the native Facebook Connect javascript to implement FB specific features on your site like posting activity back to the News Feed. You just need to set your connect URL on the facebook developer site and drop in the Facebook Connect javascript and then start implementing. After authenticating via RPX, the user will already have approved and "connected" to your website, and you'll have access to the breadth of Connect directly.
Also, if you have an RPX Plus/Pro account you can make simple RPX API calls to set a user's status and post activity on Facebook (and Twitter/MySpace).
Brian Ellin
RPX Product Manager
Once you've hooked up RPXNow (JanRain) single sign-on, you can follow the Facebook documentation. The Server-side Personalization example is in PHP but the idea is the same in any language.
// Fetch the user's friends
$friends = json_decode(file_get_contents(
'https://graph.facebook.com/me/friends?access_token=' .
$cookie['oauth_access_token']), true);
$friend_ids = array_keys($friends);
The key point to note is that the $cookie['oauth_access_token'] referenced in this example needs to be the string returned by the RPXNow sign-on API response in the JSON field
['accessCredentials']['accessToken']
Hint: from your RPXNow dashboard, check out the Test Sign-In Widget page under Resources to see where that token is in the response.
Initially I thought this would be hampered by having your Base Domain set to rpxnow.com in your Facebook Application settings, but this is not the case. It works fine.