It is a very useful function. I am curious about how engineers fulfill it.
There are different log-in pages from different wifi hotspots.I think HTTP POST with one username and one password can log in. But how to make it with compatibility?
Many captive portals use WISPr.
How this works is that the HTML that comes back from the captive portal contains a piece of XML whose format is specified by the WISPr 'standard'. In there there's a login URL, logout URL and other stuff.
The captive portal generates this HTML no matter which URL you're trying to load from your app.
By sending username and password to the supplied login URL result in internet access.
Related
i am trying to connect Smartsheet with Celonis. I already have a Client ID and Client Secret but everytime I try to connect both, Smartsheets shows an error saying Redirect URL ist missing or wrong. Thanks in advance
In the developter Settings of Smartsheet it asks for the APP URL and APP Redirect URL. I am currently still uncertain what to fill out in both fields.
As the App which wants to get the Data Sheet is Celonis, I have filled in an APP URL with the Celonis URL (something like -> https://xyz.celonis.cloud/package-manager/ui/studio/ui/assets/xxxyyy-11-123) and an APP redirect URL the Authorization Page URL (something like this -> https://app.smartsheet.com/b/autorize?form.....) and every other mixture of these and other URLs but nothing seems to work out.
I have also reviewed various Smartsheet Docs but found no answer until now.
First, registering an app in Smartsheet in the way that you’ve described is only necessary if your integration between Celonis and Smartsheet will use OAuth (i.e. Celonis will ask the user for permission to access their Smartsheet data and if approved by the user, then Celonis will be able to programmatically access the user’s Smartsheet data). Is this the functionality you’re trying to achieve?
If NOT (i.e. Celonis doesn’t need to make API calls as each specific user that connects to Celonis) — then you don’t need to register the app in Smartsheet. Just create an access token in Smartsheet for the app to use, and make sure the user (account) that owns the token has permissions to access the necessary sheets in Smartsheet.
If YES (you are trying to implement OAuth so that Celonis can access the Smartsheet data of the user that’s logged into Celonis)….then here’s some info about those two fields:
App URL is just the application’s main URL. For example, if I was implementing Smartsheet OAuth in my app where the home page was http://www.abctest123.com then that’s the value I’d enter in the App URL field when registering the app in Smartsheet. As far as I know, this field isn’t used for anything in the OAuth process — it’s purely for reference purposes.
App Redirect URL is the address of the page in your app where the user will be redirected after they choose Allow or Deny when they’re asked whether or not Celonis can access their Smartsheet data. This needs to be a valid page URL, for a page that you’re able to configure to read any query string parameters that are present in the URL — because when redirecting the user to that page, Smartsheet uses query string parameters to indicate whether the user allowed or denied access, and if they allowed access, to specify the authorization code and expiration info for that code.
If you need more info, the OAuth process is described very well in the Smartsheet Dev Docs: https://smartsheet.redoc.ly/#section/OAuth-Walkthrough.
I am writing a Reddit client that uses OAuth to authenticate the user. One of the features I would like to implement is the ability to use multiple accounts simultaneously. This requires the user to authorize my client on each account they want to use. The problem I'm running into is that if the user is already logged into Reddit in their browser, when I pop a browser to perform the auth, it will have them authenticate my client against their currently logged in user.
Is there a way to force the user to re-enter their credentials? I would rather not have to put some kind of disclaimer on my Add Account screen that says "Please log out of Reddit in any open browser windows".
I tried opening the Reddit login page in a WebView so the request is sandboxed, and while that worked, it gives the user access to the entire login page (including all the links that navigate to elsewhere on the site). I don't mind that experience when I'm popping an external browser, but in an embedded WebView I really just want to present a username and password box along with the OAuth validation prompt.
Note: I do kind of prefer the embedded experience because it doesn't interfere with the users existing browser cookies, I just don't like how cluttered the login page is this way and I'm not sure how to prevent the user from navigating away from login. Also, for completeness, this is a UWP app, though this problem is largely technology independent.
The problem I'm running into is that if the user is already logged into Reddit in their browser, when I pop a browser to perform the auth, it will have them authenticate my client against their currently logged in user.
It may be caused by the authorization server. If so, we can not do anything in our client app.
But if it is not the server issue, in UWP, there is a WebAuthenticationBroker class witch can help you to authorize your app to access the user info from Resource server by getting a token. You can try to use the class to implement OAuth authorization. You don't need to use the in a WebView so that you can authorize your app with multiple users if you can manage all the user with the token properly in your code logic.
See the Web authentication broker topic and the sample to learn more details.
I am currently using implicit flow to link user's account for Google assistant use. The linking works perfectly, the user is redirected to my website to login, user logs in and is redirected to the following url with access_token generated by the website.
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE_STRING
Google.com page is now displayed, which I assume means account linking has been successful. The problem however is on subsequent calls the access_token sent to API.ai is different then the one I sent back as a URL parameter.
I am failing to understand why this is?
NOTE: I am testing on Google Home Web simulator
For starters, check to make sure the other parameters in the URL for the google.com page actually do indicate a success. They may show an error.
If you are repeatedly testing with the same user, you may need to remove permissions to your application in between each test. You can do this at https://myaccount.google.com/permissions.
Since tokens never expire with the Implicit Flow, it is possible that Google is using an old token and never accepting one of the new tokens you're issuing, but always using the original token you issued.
How do I parse a webpage with login and password requirements to view the individual user's information, like facebook for example. I want my app to access to the individual facebook page, after entering login and password in the app.
By now I was able to parse usual webpages with TFHpple, but I have no idea how to pass the login and password requirements to get the page content.
Thank you very much in advance!
Usually the process for logging in is:
User POSTs data to a login form with username and password.
The server responds with a session cookie
Future requests include the session cookie and the server knows that the user is authenticated.
If you wan to do this login process on your user's behalf through our app, you'll need to save the cookies and send them on subsequent requests.
Why don't you use the Facebook iOS SDK:
https://developers.facebook.com/docs/ios/
I think it's a little bit strange from the architecture perspective that you want to parse the personal Facebook newsfeed, when there's the possibility to get the data via the Facebook API (given that you have the appropriate User Permission)...
I am working on an iOS app in Monotouch. Part of it is to connect to an exchange server and download a list of emails. I would like to include the ability to open the email in the OWA client as well (so I don't have to recreate a email client to provide features OWA gives me for free).
I don't want the user to have to input credentials again however. Opening OWA in safari would usually present the user with either a form or a pop up asking for username and password.
Say I have a user admin with password password1. Currently what I do is request safari to open a link in the following form:
https://admin:password1#mailserver/exchange
This passes the credentials to safari and bypasses the HTTP basic authentication that OWA would usually pop up, however it is not very safe and safari complains of a possible phishing attack.
What other options are there for performing this kind of bypass of HTTP basic authentication?
I would recommend using HttpWebRequest to download each page and set the UIWebView's text manually. Using HttpWebRequest gives you the flexibility to use whatever cookies, credentials, http headers, etc. you want.
This will be tricky, but probably the only way to safely get the credentials in there. Not sure if your OWA app will be able to handle it either.