Is there an iCloud web api? - oauth-2.0

I'd like to be able to access a user's iCal and create events from my server, is this possible, preferably with some kind of OAuth2 setup like with Google Calendar? If so where can I find documentation on the API?

Unfortunately no. There is currently no OAuth whatsoever for iCloud. However, there are two solutions to consider:
Ask the user for their AppleID and password and store it on your server (not recommended for security reasons). This will allow access to EVERYTHING the user has enabled on their account; even the ability to log in and purchase content - thus the security issue. But it will give you direct access to iCal.
Ask the user for access to calendar through your app. Using EKEventStore requestAccessToEntityType: method you can gain access to the users local calendar. You could batch those events and send them to your server. You can find information on how to access calendar here.

It is possible. iCloud supports CalDAV on caldav.icloud.com, and that quite well. It allows you to create, modify and delete events and tasks. Unfortunately you have to have the user's credentials for this though.

Related

Better way to access Outlook Calendar without UI in a background application

Scenarios for accessing the Calendar usually involve the user signing in and granting consent to give delegated permissions. This seems to apply to both Office 365 and Graph APIs.
I have seen solutions here for accessing Calendar without UI, but it involves storing the username and password which is less than desired. The other option is using the Graph API with application permission - unfortunately, the Calendars.ReadWrite permission is for all users: "Read and write calendars in all mailboxes". It's unlikely I can get this access granted by an admin as I work in a large company, not to mention I simply don't need that much access.
So my question is, is there any way to get application permission (or any other way to access outlook calendar without UI) for only a handful of users?
You can use scoping https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/concepts/auth-limit-mailbox-access.md which allows application permissions to be limited to a subset of user. What type of application are you actually trying to create ? Something like getSchedule https://learn.microsoft.com/en-us/graph/api/calendar-getschedule?view=graph-rest-1.0&tabs=http can be used by the logged on user to query another users FreeBusy permission and retrieve a limited subset of information about appointments eg Start,End,Subject,location which is often ample for a lot of calendar applications.

How to ADD/EDIT/DELETE events in ICLOUD calendar using CALDAV

I am implementing a new functionality to manage events in ICLOUD calendar(includes my own calendar as well as other ICLOUD users calendar).I successfully implemented the functionality with CALDAV, but here I wanted to know is there any better approach to do the same.
Below mentioned steps will explain how I achieved ADD/EDIT/DELETE functionality with CALDAV in other ICLOUD users calendar.
otheruser#gmail.com :icloud account of a user who shares his calendar with me
myaccount#gmail.com: referring to my icloud account
otheruser#gmail.com will share his/her calendar with myaccount#gmail.com
Once i accept the request this calendar will be listed in myaccount#gmail.com
Using below CALDAV api I will get all calendars listed in my account
From the response of above request I will get each calendar url and perform add/edit/delete action accordingly.
Note:Here one drawback is I need to ask each user of my application to share(but sharing it private not as public) his personal calendar with my account.
I am using c# as it is a .net application.
Any help would be appreciated.Thanks in advance.
The question is quite broad so it is hard to really figure out what you are looking for.
In any case one thing about your PROPFIND request: You should also ask for the DAV:resourcetype property (defined in https://www.rfc-editor.org/rfc/rfc4918#section-15.9) and, in your response, only consider the ones that have a calendar value in their resource type (see https://www.rfc-editor.org/rfc/rfc4791#section-4.2).

Microsoft Exchange Server support in my iOS app

I want to read calendar events in my app from on-premise Exchange server. For exchange online, Office 365, I could use Microsoft's SDK for iOS. I want to know
Is there any SDK from Microsoft to support on-prem exchange server in iOS app
Is there any extension/plug in that enables my app to read calendar events from exchange server
Is there framework/service offered by Apple that can be used in custom apps to read calendar events?
Any link/info would be greatly appreciated.
As written in the comment. I personally would never ever enter my Exchange password in a strange app, which then access my Exchange mailbox (which also would explain the downvote). The app would then be able to write emails, read all emails ... means access everything in my mailbox.
So I think the best way to access the calendar in your app would be that your app access the user’s Calendar database using the EKEventStore class. However this has some limitations so normally not the whole calendar is visible here and most users sync only a subset. But for most apps this might be enough.
Via this approach your app also becomes more "universal" and can also work with WebDAV/CalDav calendars (e.g. Shared Calendars like google calendar).
Additional via that way you do not need to deal with:
bad network connections
Different authentication methods (e.g. two factor authentication)
SSL encryption (cipher vs. protocols vs. ...)

Accessing iCloud Calendar using authentication service

Is there a way to access Apple iCloud using an authentication service like OAuth or another similar service? I am trying to get access to a users calendar data. I have found a way to access their servers using CalDAV and a users login info. However I don't want to be storing sensitive user information in order to access the servers.
My understanding is that iCloud does not offer any such authentication service. The best you can do is to ask the users to create App specific passwords: https://support.apple.com/en-us/HT204397

Google Drive access without user login

I am making an app for the iPhone were all the users have access to the same google drive folder for uploading files. This google drive account is managed by the company and not by the users. There for I want to skip the google login form and just give the user access. Ideal the user does not even know he/she is using google drive.
I looked at the drEdit example and looked at oauth documentation. Is it possible to use one refresh_token for all the users to grand access? So I login once, grand access, somehow store the refresh_token and hard code that in the app for future use, so that all the users use that refresh_token for access. Or are there better ideas to do this?
Kind regards,
Stijn
Thought there was a similar question to this, but can't find the one I'm looking for. Short answer is you need to be very careful how you do this. Embedding the refresh token in your app like that is inviting abuse, particularly if it is authorized for write access. Once a clever user or attacker finds that value, they can use that token to call the API however they want. If authorized for the full drive scope, that means that can also maliciously modify or delete files, secretly store their own content, etc...
If you really need to have anonymous or shared access to content stored in Drive, you're better off proxying requests through your own servers so you can control the interaction with Drive.

Resources