I'm using omniauth-twitter for twitter log in to the website and it works perfectly well (go to /auth/twitter, user authenticates, and then redirect_to /auth/twitter/callback). Great.
However, on the iOS side, how can I implement sign in with twitter? Do I do it client side or server side? Could anybody go through the steps? (note: the only way to sign in to the app is through twitter)
We've tried:
using a UIWebView that goes to /auth/twitter, but on redirect, it goes back to the web version. Is there a way to get JSON data from the UIWebView?
doing sign in with twitter client side, and using a made up password to authenticate in sessions#create that matches a made up password on the db.
Is there another alternative for authentication? I know what we're doing has a lot of flaws but we couldn't find any other solutions even after asking in meetups and researching online for days. please help!
You could add an OAuth 2
implementation on your server. Your server authorizes the iOS app for an authenticated user / content owner. (You have completed the authentication part.) Once authorized, the iOS app accesses that particular user's content (via an api on your server) as if it is logged in as that user.
You will find one potential OAuth 2 provider implementation for RoR as
applicake/doorkeeper
You will find a sample iOS client application as
telegraphy-interactive/OAuthClientSetup
That is one suggestion, in any case. Not the whole answer, which would require a book chapter.
Related
We are using Jawbone API to pull data tracked using jawbone devices.
Our users are successfully able to sign in when they access Jawbone sign in page during OAuth process from our website.
However, they are not able to sign in when they access jawbone authentication page from our android app during OAuth process. This authentication page is launched in webview on andriod.
On log in page after entering correct credentials and clicking on Sign In button does nothing. The page even does not display whether credentials were correct or not.
Is the OAuth authentication user agent (web/app) dependent?
We have started facing this issue just recently and before it used to work perfectly.
Jawbone's OAuth2 flow operates through web login and approval pages, then issues a redirect callback to your server. Jawbone has several partners who do this within their Android apps.
It sounds like your app is not handling the callback half of the OAuth2 flow correctly, but it's hard to say based on this description.
Have you reviewed the Authentication documentation?
Also, consider Jawbone's Android SDK.
I would want to know how can I make user login OAuth via a UIWebView instead of Safari browser.
I've implemented Twitter OAuth with Deployd as backend, after making login with Twitter it redirects to my API url for a POST request and get stuck. It's not redirecting back to the application.
So any approach or suggestion would be greatly appreciated.
Any reason why you're not using the Fabric SDK? It makes it really easy to login a user via Twitter and it checks automatically if an account is set up in the System Settings. If there isn't one, it'll present the OAuth login option. In this way your user doesn't have to leave your app which is great.
I have developed a PHP website where users authenticate via Facebook and I get and store their auth_token.
On the other side, I have started developing an iOS app where users will be able to authenticate via Facebook too. The auth_token, as you know, will be different from the one that I got in the website auth process (same Facebook app as in the website)
My question is: can I use the auth_token that I got in the iOS app to make requests from the website? (same user, same app)
The reason is that sometimes I want some actions to be performed from the mobile device (ie. update status) while others to be performed from the web server (ie. checking which friends of the current user are already registered in my website)
thanks
Essentially, as long as you have a valid access_token for the specific user you can use it anywhere you want. Anywhere that you can execute an http request to Facebook and provide the correct parameters, you'll be able to make API calls on behalf of the user.
https://graph.facebook.com/USER_ID?access_token=XXX
This call should work regardless of where you execute it from.
I am using ShareKit to allow the user of an iPad application to Tweet a URL from within the application through their Twitter account. The following OAuth steps work fine:
ShareKit uses the Consumer Key and Consumer Secret hard-coded in the app to request the URL to load in a WebView.
The URL provided by Twitter displays correctly in the WebView.
The user is prompted to grant Read and Write permissions by logging into their Twitter account using the WebView.
The WebView shows a redirecting page briefly while it redirects to the callback URL.
At this stage in the OAuth flow things go wrong.
After the WebView displays a Twitter 'redirecting' message very briefly, a page saying 'Your session has timed out' is displayed.
I decided to create a Twitter application in my own personal Twitter account. When I change the app to use my own Consumer Key and Consumer Secret (but keeping the callback URL and permissions the same), everything works fine.
I have cross checked the Consumer Key and Secret with the values in the app and they match (for the Twitter account that failed).
I used Twurl and everything worked fine with both Twitter accounts. So I don't understand what could be wrong with only one of the Twitter accounts and only when using ShareKit.
I could do with some direction on how to track down the problem?
I can not help you directly but original share kit is obsolete in many ways. You might want to try ShareKit 2.0. At least, on ios5+ it uses Twitter.framework, so your problems might be gone.
I have a website that requires any user to be logged in using the Facebook auth system.
On the other hand I am making an iOS App that needs to consume functionalities of the website. I implemented the SSO system on the iOS system but I don't get how I'm supposed to call my webservices in a way that tells the backend that "it's ok, I'm authenticated on the iOS app".
Is there anything to do with the signed_request parameters on the iOS side? If yes, I didn't find anyway yet to get that parameter.
Do you have any clue to help me deal with my issue?
Thanks
https://developers.facebook.com/docs/authentication/signed_request/
The signed_request parameter is utilized to share information between Facebook and app in a number of different scenarios:
A signed_request is passed to Apps on Facebook.com when they are loaded into the Facebook environment
A signed_request is passed to any app that has registered an Deauthorized Callback in the Developer App whenever a given user removes the app using the App Dashboard
A signed_request is passed to apps that use the Registration Plugin whenever a user successfully registers with their app
Does iOS use any of these?
** EDIT **
Ok thanks, can you edit your answer and add the fact that I can't
access the signed_request parameter? – MartinMoizard
From Martin: iOS cannot access the signed request parameter probably because iOS is not a webserver that is able to accept HTTP Post paramteres.
I am struggling with this same problem, and it seems that OAuth is actually an authorization protocol, not an authentication protocol. See:
http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html
Seems like the signed request would solve this problem nicely. Not sure why we cannot get them on iOS. Best I can figure out is I need to pass my access_token from the iOS client to my server, and then it can ask graph.facebook.com what user it represents.