It seems this used to be possible, but not anymore. Here's my dilemma: I'm creating an iPad educational software app, and I want to let students log in with their Google Apps for Education accounts using OpenID-Connect.
... I guess my first question is: is the current Google+ SDK the right way to perform login against GAFE? What about the forthcoming "Google Classroom"?
So say I do this - the student pushes the "login with google button", the sdk performs an app switch to safari and lets the user log in to their google account, push the permissioning buttons, and app-switches back to my app, and the user is now logged in. Fine. At the end of the class period, the user logs out of my app and hands in their device. The next period, though, another student logs in, and because the first user has forgotten to also log out of google in safari, the second user has access to their account.
... My second question is: is this a valid concern? Seems like this would be a pretty common usage pattern.
... Third question - can I get around this? Can I make Google+ sdk use an internal UIWebView, or no web stuff at all? This is what seems like used to be possible, but no longer...
EDIT: Spoke to google tech support for apps-for-enterprise (thx M!) and they say that there is no way to authenticate against google openid-connect without going through a browser. This is, I believe, a security problem - students being kids, they will forget to log out of the browser, and the next kids will get into mischief. Oh well.
The GPPSignin class describes itself as:
It provides single sign-on via the Google+ app (if installed), Chrome
for iOS (if installed), or Mobile Safari.
Internal web views are not mentioned. You may need to implement OAuth2.0 on your own to allow your internal UIWebView to manage authorization.
Google publishes an API which includes a method to signOut. You can use it at your app's discretion in addition to the SDK requirement that a user be able to sign out manually.
https://developers.google.com/+/mobile/ios/api/interface_g_p_p_sign_in
Related
I'm developing an app with a team - I am on the business end (not a coder). The app calls for sign-in with google functionality.
The team integrated this, but currently it requires that the user select his/her google login account, then manually enter their password if they're not already signed into their google account in the default browser.
This is a problem, as many google users (including myself) don't know my password by heart as its complex - it also requires the user exit the app which isn't ideal. Is there a way to make this more streamlined? I believe I have seen this with facebook logins where the user only needs to click 'accept' and they are returned to the app and logged in - no need for password.
Thanks for any input.
Bonus questions:
How did the browser know the user's existing login accounts?
This sign-in with google page is loading in the language of my current country rather than language of the user's google account. Can this be changed?
As far as I am aware, the user must be signed into the default browser in order to get the behavior you looking for. Once signed in, entering a password will no longer be needed unless the login is expired. I think this behavior is by design and is for security purposes.
Bonus questions:
Most probably it is using cache/cookies.
According to Google documentation, seems like there is no way to change the language (but I might be wrong).
Google deprecated the use of embedded webviews for authentication with Google Signin in devices like iOS and Android.
Android supports Kiosk mode. The concept of having numerous users share a single android device is not foreign. iOS is also frequently used in a "shared device" model.
However, the current implementation of Google Signin for iOS uses SFSafariViewController, which in turn uses system wide shared cookies. And this is where Google now stores all Google Signin information. An App can have no control whatsoever over this. Apple has stated this firmly.
So in Kiosk mode, if an app were to use Google SignIn, there is no "signout", not really. Each account used will use the same device wide browser cache for tokens... and any other user can then login as that user , within the token expiry period, without a password. Google will NOT prompt for passwords the 2nd time unless the user has explicitly signed out of their google account in Safari... which is not something the app can manage or control.
So the question is:
How can a developer ensure that when a user signs out of the app they signed in with using Google Signin they will be prompted for a password the next time they sign in?
(research suggests that apparently... they can't, but Google also closed down the forum for comments on this lovely stack claiming they would rather scan Stackoverflow then interact with the foolish gamblers that opt to use their APIs - leaving us to shift our focus to supporting AzureAD instead, which unlike google, does not seem to take such pride in making needless work for developers)
Google Signin is now a mess. No choice to but to toss it.
I hope someone proves me wrong with a clever answer as I would happily reverse my position :)
In this brave new world of continuous improvement... Everything is broken.
I'm new to Facebook development and I'm running into trouble with what seems like it should be an easy task. I am building an iOS app for a client, and that client wants to display a number of their most recent status updates in the app, along with a link to their Facebook page. These statuses should be displayed to the user of the app even if they are not logged into Facebook or do not have a Facebook account saved on their device.
My research so far seems to indicate that I'll need to make a request to the Graph API using a user access token (which I can do successfully in the app using a token copied and pasted from the Graph API Explorer), but it seems that the only way to get a user access token from within the app is to log the user of the app into Facebook using their account credentials. This is not a good solution because I need to be able to display the client's statuses to the user whether they have are logged into a Facebook account or not. Is such a thing possible, and if so, how? I've been all over the docs and can't find a conclusive answer either way.
I know that we would approach it quite differently. We would have our own web service periodically pull what we needed off of google and store it on our own server, then we would use AFHTTPClient to pull this information down to our app. That way we wouldn't have to spoof anything with FaceBook or put any requirments on our users, such as logging into facebook. It would require that you have a service that your client maintains (or you could easily contract that for a cost).
I'm currently working on an app (iOS 6) where the user will be signing in using their facebook account.
In regards to this I have a few questions:
a) Since the app asks the user for permission to access cetain data (like: basic profile info, friend list, access to post to wall etc), I assume that the app based on it's app id will be somehow authenticated to access this information as long as the user doesn't restrict access through their facebook account.
b) will it be possible for example via a service application to authenticate with the same app id as the mobile app, and hence be able to collect data from the facebook users who authenticated with the app?
The purpose of my question is, that I would like do some analysis on the users using the iphone app, but I don't want the app to first download the information from facebook, and then pass it on to my service for analysis.
If the above is possible, could anyone please guide me in the direction of what it is that I need to do? Perhaps links to tutorials that describes this setup, og simply tell me the right facebook terminology that I'm looking for to achive this.
Thanks in advance!
It's a bit late and you may have already picked a service. I have been using Parse.com
(tutorial site). They're very good. They have SDKs and sample code for many platforms a RESTful service for others.
They have recently been acquired by FaceBook, and already have strong links to Facebook's SDK.
I'm fairly new to iOS development, and I'm starting work on an App that will include some simple Facebook integration. As a proof of concept, I made a bare-bones, view-based application that has a simple button to log a user in to Facebook, and then another button to post a status update.
This is all well and good, but in a real world scenario, a user shouldn't have to login to Facebook every time they want to use the Facebook-integrated features of my App. My question is this: how would I go about persisting a user's login to a file, or to a database for use in a later launch of my App?
Ideally this solution would use Facebook's iOS SDK, but I wouldn't be opposed to building my own authentication system using their Graph API. The advantage of using Facebook's official iOS SDK, though, is that it can use the login information already associated with the phone's Facebook application (if installed), or the login associated with facebook.com on mobile Safari.
I'm not providing my current source code, on the basis that this is a general enough question to not require the specifics of my Facebook SDK usage. However, if you think it would be helpful, I'd be more than happy to post my code.
Thanks!
you wouldn't do that. check out facebook SSO in their SDK ( see https://developers.facebook.com/docs/guides/mobile/ ). You request the facebook token everytime you use it or otherwise get an long-term (read: use access token offline_access) access token and persist this token to the NSUserDefaults for use in your app. ( see http://coffeeshopped.com/2011/01/saving-sessions-with-the-facebook-ios-sdk )