I send emails to my iOS customers with links to our app. When they tap the link, I want to check if they have the app installed.
If the app is installed I want to open it. If not it will redirect to download the app in the App Store.
The URL I'm using to open the app is:
rva://store?uuid=EFBBD9FF-3976-4816-8B77-C1462C99E256
And the check I was using is:
def responds_to_url?(url)
response = Net::HTTP.get_response(URI(url)).code
if response == "200"
return true
else
false
end
end
The problem is that passing my URL above to URI() returns a Generic (capital G) URI object, whereas it should (if it were http) return an HTTP object.
How can I do a similar check with just a link (i.e. no javascript)?
I thought about passing the URL to Mobile Safari and seeing if it responds, but I don't know how to do that or even if it's possible.
You could do client browser detection with HTTP_USER_AGENT, I believe there is a gem for that: Rails Browser Detection Methods
What you describe is not possible. Your rails app will have very limited knowledge of the client—mostly in the form of the User Agent—and there is no way for your Rails app to query for more information while handling a request.
Related
My application built upon spring-social-twitter that enables users to sign in with Twitter has stopped working recently.
I've got an error message as below:
Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings
Note: I'm using Spring Social Twitter version 1.1.2.RELEASE. And if you use Spring Social Twitter version 1.1.0.RELEASE, you might get a slightly different error message as below:
POST request for "https://api.twitter.com/oauth/request_token" resulted in 403 (Forbidden); invoking error handler
Twitter recently (in May 2018) enforced that sign-in-with-Twitter users must whitelist callback URLs for security reasons (see the announcement).
This means callback URLs have to be explicitly and identically set up for all supported third-party applications. You can setup the callback URLs in your Twitter's application setup page: https://apps.twitter.com
For example, if your callback URL is http://localhost:8080/myApp/signin/twitter, you must add it to the list of Callback URLs in your Twitter's application setup page exactly as it is: http://localhost:8080/myApp/signin/twitter
See also the documentation on Twitter callback URLs.
I struggled with this since Twitter made the changes to increase security. My android app would use a callback URL and the same URL in the Intent Filter. But since the change, the URL I was using had to be registered in the Twitter developer portal. I was using ouath://myapp, but Twitter does not accept that as a valid URL (website).
After a bit of digging, I found that for apps you can specify any scheme but only as a scheme. For example I used myapp:// as the callback URL.
In my app, my callback URL was myapp://whatever, and in the Intent filter, I used :
<data android:scheme="myapp" android:host="whatever">
Twitter accepted the callback URL and it correctly redirected back to my app after the user authenticated with their Twitter credentials.
I has originally used just a normal website, and that worked too, but after validation by Twitter, it asked if I wanted to redirect to My App, or to a Chrome browser. Using the above approach it will simply return to your app.
After I did all this, I realized that I could have just added Oauth:// as a call back URL and my app would have worked without change.
I fixed it by adding those callback URLs to Twitter's whitelist.
twitterkit-{Twitter API Key}:// for iOS.
twittersdk:// for Android.
Our iphone app allows for sign in via Foursquare via oauth. It was working fine and recently stopped working.
The error we get is: Connecting Failure: Callback uri is not valid for this consumer.
HOWEVER, if the user does not have the foursquare app installed on their phone it works fine as before. It seems as if FS is now doing a redirect to handle the oauth inside the FS app and this fails when attempting to return to the originating application. Via safari it seems to work.
This is on ios 9.
Solutions?? Thanks!
We've changed to use a SafariViewController and this seems to force Foursquare to not to this strange in-app redirect, solving the issue. This is also Apple's preferred oauth method, so probably the way to go.
Still seems like a problem on the Foursquare side that they may want to address for others however. I'm closing this question. Thanks.
Where does your redirect URL point? If you want it to launch your app after completion you should point to the iTunes store (pre-iOS9) link for your app or the universal link (iOS9 onwards).
More information on redirects for the native foursquare app is available in the README here: https://github.com/foursquare/foursquare-ios-oauth/
How to create a universal link in iOS9 https://www.appsflyer.com/blog/how-to-set-up-ios-9-universal-links-for-your-app/
A callback url is a webpage loaded after your web app has been
verified. In this case, you need to specify a page for to send data to
after authentication
Double check your Foursquare credentials and update the callback uri to a valid link. Tutorial link
Please follow the below points, may be one resolves your issue:-
Enter the callback in foursquare account in addcallback methods. Then in your code add the call back to the provider before you authorize. (Reference here).
You're getting that error because the URL you're pointing your users to (foursquare.com/oauth2/...) includes a redirect_uri parameter that doesn't match with what you configured in your app's settings under https://foursquare.com/developers/apps. Make sure these match!
I'm developing a Shopify App with Rails and have been using the query-string to detect which shop is accessing it. This seems vulnerable as users could alter the url to access someone else's settings.
Here's an example:
I click on the preferences link on my app and get redirect to http://example-app.com/preferences?shop=example.myshopify.com and get a page of settings related to the the store: example.myshopify.com
So what's to stop the user from changing the querystring to http://example-app.com/preferences?shop=notmystore.myshopify.com and logging in to a store that they don't own?
Should I use an authentication gem (https://www.ruby-toolbox.com/categories/rails_authentication) and make each user create a username and password to prevent spoofing attacks?
Interesting. There were live production Shopify App store Apps that did what you did Paul. When I found an App like that, I informed Shopify and they promptly knuckle wrapped the App developer. He learned his lesson pretty quick and was hopefully very embarrassed.
Shopify Partner accounts (free to get) provide you with a nice API token and a corresponding secret for your App that you can use to ensure when you get a merchant trying to access your App that the incoming shop
is actually a shop that installed your App and,
they have the right to use your App
You should really check that out.
I found the solution is to always retrieve the shop url from your session variables and not from the query string:
session[:shopify].url
also make sure this is at the top of each of your controllers to ensure the shopify session exists:
around_filter :shopify_session
as shown in this: https://github.com/Shopify/shopify_app/blob/f9aca7dfc9c29350f7f2c01bb72f77a54ece2b77/lib/generators/shopify_app/templates/app/controllers/home_controller.rb
This question may be too localized, but I'll try to give you a direction.
If you are using the query string as the only authentication method, then yes, you will get hacked/spoofed, etc. You need to do some form of authentication. - Shopify provides an API that can probably handle some/most of this for you.
https://github.com/shopify/shopify_api
I am an ios app developer. We have implemented a custom URL scheme 'my_app://section_name' or so where if the link is opened in the user's mobile browser, it will redirect the user to a specific section in the app.
We would like to be able to tweet these URLs and have users on their mobile device click on them to open up the app, however it just can click once
(when you click close , maybe you click wrong then you want to click it second but it does not work )
I hope this isn't too silly of a question. Thanks
Make sure to check the tweet body after it have been posted.
This may be due of an URL shortener, especially if the tweet is posted from the iOS 5 Twitter framework.
I'm having a similar issue with url schemes. We can include them in emails and text messages, and they highlight and work properly.
Unfortunately, when we do the same with a tweet, the iOS Twitter client fails to recognise the special URL scheme and so the user cannot tap on it to open our app.
Pretty big oversight, methinks. Anyone else had any joy including special URL scheme links in tweets?
A solution that you should consider involves not sharing the URI scheme directly, but rather creating a page on your web server to handle this. In fact, if you want to be able to share full URI schemes with paths, you're better off building a web server to dynamically generate a page with a URI scheme redirect.
This is a over-simplified representation of what we built at Branch. This includes some code to get you started though the web server will require a bit of setup not described here.
instead of testapp://some.data.here, you'll link to http://yoursite.com/hosted-redirect/some.data.here.
your server should listen at the route /hosted-redirect, grab some.data.here and build the following page (body here):
(source: derrrick.com)
So your server will have to generate and respond with this page, filling in some.data.here, anytime http://yoursite.com/hosted-redirect/some.data.here is requested.
A lightweight node app could do this with a single file.
I am trying to implement a SoundCloud app for blackberry phones using webworks frame work.
I am using OAuth2 scheme for authorization. So far I am able to display the SoundCloud log-in page from where the user can allow the app. But the problem occurs during the redirect which is essentially done by SoundCloud. The redirect page which is being pointed to by the call back URI is residing in my device, but after the user approves the app I get a page saying "something went wrong". However when I try to bounce the redirect from a third server, it just works fine. In this case I specify the callback URL pointing to a page on a website which only forwards the request to the page which is residing on my device. But the problem is that I do not want to use this "bounce server"
Could you please look into the code and advise if I am doing something wrong.
/**
* Authenticates the app against soundcloud
* This javascript method is called in the index.htm of my application.
*/
authenticate : function(){
var url = "https://soundcloud.com/connect?" + "scope=nonexpiring&client_id=MY_CLIENT_ID&" +
"response_type=code&redirect_uri=local:///testpage.htm";
window.location = url;
;
/************************************/
testpage.htm only displays "hello sound cloud".
Any help in this regard shall be highly appreciated.
The value for the redirect_uri parameter must match the value of the "Redirect URI" on the app edit page.
Example: https://img.skitch.com/20120411-q6yqada29tcadnep15jc6q75a1.jpg
IHTH
Hannes
The problem is the triple slash part in your redirect_uri. Although, it is a valid URI according to the RFC 3986, the Ruby URI library behaves a bit strange when parsing such values. We're working on a fix.
In the meantime, could you try to use local:/testpage.htm?