Is there a way to set allowed referers to a chrome extension url?
My chrome extension's quote exploded yesterday (40Mn in one day) and I believe someone is trying to manipulate with my youtube API key. How do I make sure that my api key can only be used in my chrome extension url, such as chrome-extension://<extensionID> ?
Related
What is the correct format for a redirect URL when authenticating with OAuth2 and the Harvest API from an iOS application?
oauth.com states that a redirect URL for a native application can look like myapp://callback. Problem is, Harvest doesn't accept such a redirect URL. It seems to require prefixing it with http/https, which causes problems when redirecting back to the iOS application at the end of the authentication flow. I don't seem to find anything relevant in the Harvest API documentation.
I have added a URL Type in Xcode where I set the Identifier value to com.example.myapp and the URL Schemes value to MyApp. No matter what redirect URL I specify (given the format mentioned above) in Harvest the authentication flow always complains that Safari cannot open the page because the server cannot be found. I am able to open the app manually with the appname:// URL from the
It sounds like you're looking for the URL to use regarding redirection from a web call. I'm not certain on oath2, but on SAML it is something like
https://where you are signing in/SSOpage?RelayState=https://where you are going
I hope this helps get you to your answer.
If anyone else has this issue, the identifier and URL Schemes should not be com.example.myapp and MyApp, respectively. You only need to set the URL Scheme to com.example.myapp
In Twitter's Developer Documentation we can read the following:
Mobile apps with app-specific protocols must use just the protocol
Example:
You want to use example://authorize as your callback URL
Add this to both your Twitter app dashboard and your call to oauth/request_token: example://
However; in the Developer's Dashboard I am not able to enter a protocol only URL, or any URL beginning with other than http or https.
My reason for wanting a protocol only URL is so that I can use in an iOS app that uses OAuthSwift to access web APIs.
Any ideas anybody?
I haven't found the answer to the original question but I do have an excellent work around. So, for anyone else who might land here:
The web app at https://oauthswift.herokuapp.com/callback
will perform redirections. If you access that web site with the url https://oauthswift.herokuapp.com/callback/target then it will redirect to oauth-swift://oauth-callback/target.
So:
In the Twitter Dashboard enter https://oauthswift.herokuapp.com/callback/SomeName for your app's callback URL
Register oauth-swift as a URL scheme in your iOS app's URL Types
In your iOS app, use https://oauthswift.herokuapp.com/callback/SomeName as the callback URL for the OAuth authorization request.
Voila. Twitter will redirect to https://oauthswift.herokuapp.com/callback/SomeName which will in turn redirect to oauth-swift://oauth-callback/SomeName, allowing your iOS app to regain control of the flow.
If you find any of this confusing then this might help: http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html
Currently interning in a mobile dev company.
Working on a task that they assigned to me.
Need to build an explore screen that receives JSON data.
They have their JSON data coming through Postman chrome extension.
I have authorization token and sample username/password.
As well as something that looks like a link that I can modify:
https://nameoftheapp.nameofthecompany.com/api/v1/search/surveys/app?searchCategory=explore&limit=10&offset=0&location=global
All iOS json tutorials shows that I need an API url.
How Can I build such URL?
edit:
here is what I've been given - the Postman chrome extension:
(sorry, had to hide some details because of non disclosure agreement)
Postman assist you in testing the functionality you have built into an API. These functionalities can be accessed by typing in the URL and then using the GET, POST, PUT etc HTTP requests.
I think maybe this video can assist you in learning more about Postman - Javabrains does a great job at explaining it:
http://javabrains.koushik.org/courses/javaee_jaxrs/lessons/Installing-A-Rest-Api-Client
Can I have a special URL like chrome://myurl or anything similar to that( like about:mypage in firefox.) for my google chrome extension.
Basically I am trying to authenticate the user using oAuth. The oAuth provider requires a callback url.
Extension resources can be accessed by the url
chrome-extension://<extension-id>/<resource>
The Extension ID can be found on the extensions page in Chrome. Within an extension, it can be obtained programatically using the chrome.extension.getURL method. For example:
console.log(chrome.extension.getURL('/'));
// "chrome-extension://jcjnnblkpjakjflggajpdalncflgbkgg/"
We're developing an HTTP API for an iPad app, and we're thinking of only allowing the API to be accessed via an HTTP request that came from an iPad.
I'm not thinking of something like the User-Agent, because that can easily be forged, but more like some kind of authentication scheme that ties in with the App Store? Maybe the App Store signs each app with some kind of private key, and then you could insert that signature as a query parameter or header in the request and check on the server side whether the signature is from a legit iPad.
Is something like this possible or even a good idea?
If you control both the iPad app and the server app, you should be able to use PKI to validate that a request came from a legitimate app. Embed the public key in the app itself, use it to encrypt a value you put in a header field, and then use the private key on the server to decrypt and validate the received header value.