I've developed an app where in the entered username and password by user is saved using NSUserDefaults.
Any request from user for any service needs this username to be sent. So using NSUserDefaults I'm sending username for each request. Still the iPhone app is logging out without clicking the logout button and starts from the beginning asking for username and password.
As facebook app and others remains once logged in. Please let me know why the app is logging out frequently without clicking logout button.
Thanks in advance.
On launch check if there is a saved username and password, if so use them. When the user enters these save them.
You need to look at the page source from the server for the form request of the credentials, create the form response with the credentials and post it. This is doable and actually not very hard. On one project I did this for auto login and respond to many form requests so the user never saw them.
Do not use NSUserDefaults for credentials, it is not secure. Instead use the Keychain, it is secure.
Related
I am creating a basic iOS app using objective c where the user needs to register and I am saving the login credentials(username, password and email) in keychain.
I want to give forgot password functionality and was thinking that once the user clicks on forgotten password, I will ask for the user email and match with stored one in keychain and if positive I will send email from the app in background to the user email with password in it.
However I am not sure is this safe and good practice?
I am not using server, so cannot send mail from server.
Or is there any better way to do it. Please suggest?
I'm working with AWS Cognito. I have my sign-up flow working just fine. They user fills out their email addresss and password and I create the account in the proper User Pool. I have email verification enabled, and the email is sent and is received in short order. After the Sign Up screen the user is presented with a verify screen to accept the code that was just emailed. Again, this all works great.
What I am trying to understand is:
Once I have a user signed up and verified, in order for the iOS AWS SDK to do it's thing, so I need to then tell the user to go sign in or am I just missing some call that can grab their credentials once they are verified?
My guess is, since we don't know when the user verified themselves, it could be hours later and they could have killed the app and restarted it in that time that the expected flow is to have them sign in again.
Since the app does have the password in memory (NOT stored anywhere on disk) that they used to sign up in the current signup navigation controller/flow I supposed I could just force the sign-in after the verify completes.
I just wanted to make sure I didn't miss something in the SDK or it's docs about this case.
Your understanding is correct, there is no verification flow that will skip sign-in. One option would be to keep the password they used to sign-up in memory and if they verify immediately use that. If they come back some time later or restart the app force them to sign in.
I have an Username & password. I want to save it for an App. If app will deleted then username password will save for that app only, during reinstall the app it will work. If I instal the app in another devices then that user name password will be work.
For same thing I have some data. I want to save that for future. Means suppose I deleted the App and again reinstall the app again or instal the app in difference device then that data will be secure.
For this purpose I used iCloud, but its taking too much time for sync & sometimes its not working properly.
Please anybody can suggest me how can I doable with this above 2 problems ?
Note: I don't want to use web services. My app is without webservices.
Thanks in advanced.
iCloud
Store Private credential using iCloud
WebService
At first time, User install App, make one service to check using DeviceToken user Device is registered or Not.
if user device is registered then gives you username and password, otherwise Skip and display login page.
At login page you have to pass deviceToken, username and password thorough webservice.
Now you remove and again install app, Apps check using web service to passing DeviceToken, if user is login previous then give UserName and Password.
I got the SSKeyChain working and tested that what is retrieved is same as what was previously stored. I am conducting all of this in the login action when user presses the button. I want to know if what I am doing is correct or not (illustrated in steps below):
User launches application for first time, landing page has creating account or logging in.
User provides logging in credentials and presses the button
In the body of the action, I take the parameters query database (HTTP) and if response is valid, user proceeds. If not, user requested to re-enter credentials.
Once and if user login successfully, I will use SSKeyChain to store his credentials (but what use are these credentials for me in the future?)
What I am really asking is: what is the use of SSKeyChain in above scenario? Also if the user login successfully, where am I going to store his credentials (is it via SSKeyChain) so that next time he will skip the login screen (like facebook, twitter apps).
How do I parse a webpage with login and password requirements to view the individual user's information, like facebook for example. I want my app to access to the individual facebook page, after entering login and password in the app.
By now I was able to parse usual webpages with TFHpple, but I have no idea how to pass the login and password requirements to get the page content.
Thank you very much in advance!
Usually the process for logging in is:
User POSTs data to a login form with username and password.
The server responds with a session cookie
Future requests include the session cookie and the server knows that the user is authenticated.
If you wan to do this login process on your user's behalf through our app, you'll need to save the cookies and send them on subsequent requests.
Why don't you use the Facebook iOS SDK:
https://developers.facebook.com/docs/ios/
I think it's a little bit strange from the architecture perspective that you want to parse the personal Facebook newsfeed, when there's the possibility to get the data via the Facebook API (given that you have the appropriate User Permission)...