I'm making use of push notifications in my iOS app, and it is an app which requires users to log in to access, so of course there is a logout function as well. I'd like to know if it is a good practice, or if it is the common thing to do, to "clear" the device token sent to your provider when a user logs out (I mean, to send an empty string as the device token).
Thanks in advance
1)
Send empty String to Provider and keep device token saved locally to access on Login.
OR
2)
Your logout service should set flag against current user and device token to disable pushnotifications and enable on login again.
Related
I have an iOS app written in Swift where I want to limit each account to one device only – what is a way that I could go about limiting this access? I'm using Firebase and have a login system but the login system is not linked to Firebase Auth.
After login the use generate the token and save them into dataBase. And send this token in header when you hit any other API. If new same use login on other device, update the token in data base .
Now you check this token is same or not if not then send repose code 401 and logout the user.
One option that also works, that I found through research, is to store the uid of a device in the database used in the app (or in NSUserDefaults) via UIDevice.current.identifierForVendor!.uuidString. Then, when a user logs in, compare the uuid with the device's uuid and take the appropriate action.
This is not foolproof – if the user uninstalls the app and re-installs it, they will be assigned a different uuid. But in general, this is the best approach.
I'm creating a book library app, where people buy an account and become able to read all the books...
In the past, we were able to get the UDID of the iOS device and the login only works from this specific UDID.. now apple prevents this, another solutions were there like OPEN-UDID but now doesn't work...
Are there any other means to prevent the user from giving the credentials to another people??
The only solution on top of my head now is this :-
When a user login, a flag on the server becomes true, and when another account try to login using the same credentials, it will show an error message "you are already logged in on another device".. when the original user logs out, the flag becomes false.. this will prevent the account from being used on multiple devices at the same time.. but the drawback is, what if the user unInstalls the app without logging out?
Is there a research on this topic that covers all these scenarios?
Is there a way to use apple keychain or iCloud or any other solution ?
What you can do is on new login invalidate api request(and send them to login screen) of previous login you can use device token with each api to check if you want to send data to device or it's a old login token and needs redirect to login. you have to just store a device token for each account login if it matches then send data else redirect to login
Edit 1:
if you uninstall the app then you have to login again from other device to access the books(data) and in each login you'll replace the old token with new one. Now only device which has this new token can access books. All other device if there are any login left in any device then they will get message from API that token not matched and you have to redirect them to login page again
Our app users can login their accounts and if a user is logged in, then he can receive push notifications when someone added him as a friend. Based on my understanding, our server needs to record the userID and its notification token, so that any events happened to the userID, the server can find its token and send to apple APN. If this token is changed, we also need to update the record in server. I am not quite sure if my understanding is correct or not. anyone can help? Thank you.
Yes, you have to store on your server a unique ID for each user and its notification token. You should update this token stored on your server with a connection in AppDelegate method "didFinishLaunchingWithOptions". Everytime something happens, as a new friend request, your server have to send a new push notification using the stored token.
I am creating an app that allows the user to log out of the app and log in as different user if they want to. Is there any way to obtain a new device token from Apple once the new user logs in? Is there a way to force call the didRegisterForRemoteNotificationsWithDeviceToken method?
No, you can't request a new device token. They expire from time to time, and only then will you get a new one (or if you have a different app with a different bundle id, the token will be different).
Create a function to handle didRegister and call that from didRegisterForRemoteNotificationsWithDeviceToken. Then use that function when you need to force the call.
Since users are logging in, pass the information with the device token to the server every time someone logs in and associate the user to the token on the server side.
There is no way to get a different device token. You need to remove the token from the backend when the user logs out.
I'm not sure how it behaves in iOS7 and later, but prior to iOS7, all applications on the same device would get the same device token, and therefore what you ask is impossible. As of iOS7, each application gets its own device token, but I'm not sure if that token can change on consecutive registrations.
You can always force call the didRegisterForRemoteNotificationsWithDeviceToken by calling registerForRemoteNotificationTypes, but usually you'll get the same device token.
If the goal is to associate notifications with specific users, then as of iOS 10, you can try implementing a NotificationService extension to filter only those notifications associated with the currently authenticated user. While multiple users on the same device will be associated with the same device token at the server, the client will only display notifications for the current user - assuming that only one user at a time can be logged-in.
This approach also allows for having notifications that don't require authentication - just pass those through unaltered.
As mentioned above, you can force a request-response token update after user login by explicitly calling UIApplication.shared.registerForRemoteNotification (Swift 3+). Then send that user+device token combination to your application server for use.
I have my app working with JQueryMobile and PhoneGap... I can send Push Notifications without problems to the devices, but I don't know how associate an user account with a device token. I register the device token in the event:
didregisterforremotenotificationswithdevicetoken
and I save the device token in my database.
But the problem is that I have the user login account in a HTML page (with jQueryMobile)... and I don't know how can associate the user id of my login page in HTML with the device token that I have in my database...
Can anybody explain me how can I save the device token of the device and associate to the user id (for example, an email)??? I want to use it because I want to send a notification only to one user, not to everybody!!!
Thank you so much, and sorry for me English!