I am using zkSForce with iOS for direct access to our SalesForce data and for logging in and viewing cases for customer portal users. This all works, a customer portal user can log in to the app and see the cases and make queries, etc.
The problem I have is, before the user is a customer portal user, they are a Person Account. We are able to go into SalesForce and select to enable the Person Account as a customer portal user. But what we want to do is be able to do this from the iOS device. From the device, we want to be able to say: Enable customer portal license for AccountId xxxxxx.
Have no idea how we would or if we can actually do this...
I'd say "it's better to not do it". Sorry, I feel the answer to this would be more philosophical than truly programming-related.
Obviously Customer Portal/Guest user cannot enable himself as a damn actual user. It would be wrong on so many levels:
He/she would be able to select to which Account he wants to be associated, out of many interesting possibilities ;)
If he can "elevate" himself that would defeat the whole purpose of limiting Cust. Portal user's options in the first place.
Hackers, data miners & screen scraping applications welcome!
You guys pay for Cust. Portal licenses.
So... you can hardcode username & pass of a dedicated "SysAdmin" user in your iOS app that'd connect and fix the data. Except what if it's hacked or password expires?
Or you can build something like "request Access" screen? Whatever. A form which they'd fill in (I'm John Smith, I work for company XYZ, my Email is ..., I need access because of Case 0123456, somebody I know at your org is...) and then either a human being looks at it or you leverage Web-To-Lead, Email-To-Case, a Site page or whatever to programmatically decide what to do with it?
Related
We are building a web app that lets Office365 customers create a realistic plan for their week, by showing them how much time they actually have to work each day (it's called Weekly if you're interested).
The problem we are running into however is that some companies, primarily large ones, block apps entirely from making Microsoft Graph calls to their users. What's tricky is that we send them to Office365 to grant us permissions, their company blocks the access request, and we never see those users again, so currently don't have any way of knowing what happened.
We'd like to be able to display our own message that says something like "Your company has blocked access to our application, please contact your IT department for help".
Is there any way of knowing before sending the user over to grant access that their company (the domain) even allows apps? If not is there some way to send the user back to the requesting app with some details about why the grant failed (did the user not grant permissions, did the company block access, etc.)?
Thanks for your help!
If the administrator disables the ability for users in the organization to consent then the error message will be something like:
AADSTS90093: An administrator of {tenantDisplayName} has set a policy that prevents you from granting {name of app} the permissions
it is requesting. Contact an administrator of {tenantDisplayName}, who
can grant permissions to this app on your behalf.
https://apps.dev.microsoft.com/portal/tools/errors?errorName=graph_user_unauthorized
I've recently had an app rejected due to the 17.2 clause
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
My app requires users to create a user account before they are able to use the app. All data in the app is tied to a specific user. Rather then create a custom login, it seemed simple enough to get users to signup with Facebook for "one-click" account creation instead of having to fill out a new account form. So I used the Facebook Graph SDK for iOS to accomplish this. However, I did not use any other features from the Facebook SDK and as a result of doing so, my app was rejected. I have a couple of uncertainties I was hoping could be answered.
Can I just implement a custom create account without the risk of getting my app rejected? The custom create account will require fields such as a userName, email, and account passWord.
I read somewhere that in order for Apple to approve custom account creation, the app must have some sort of Privacy Policy. Is this true?
What would classify as a "significant" use of Facebook services to justify the use of Facebook authentication? Would using features such as Share to Facebook and Invite Friends be significant enough to use in the app to get approved?
I'm curious to know how others have solved this problem and any advice or tips would be appreciated.
Facebook is very annoying with this clause. It isn't about how you are using the Facebook SDK, it is about asking users to create an account via any means. You have to justify your features so that they are user-oriented. You can bend the world in your favor on how you do this, though.
For example, even though a feature seems to be completely okay if user doesn't register, you can argue, "for better user experiences, we calculate user's performance on these features, and associate it with the account."
Or, you can go about saying "although this seem to be not user-related, we use the gender information to serve correct content."
Privacy policy is a must. You definitely need that accessible through the app and through the App Store page.
While working to get our app accepted after it got rejected by the same clause, my team spent a whole day trying to relate every major feature to something such that an account was necessary. But the good news is, it got accepted!
On another note, Facebook friend invites are fine, but making users upload a profile picture and create their own contents also need to be explained. They will ask questions such as "who will be able to see these contents?"
It is a tedious process, but more of a, "provide information and I'll let you pass" kind of thing. Good luck!
The company I work for owns an iOS Apple Developer account and I'm responsible for managing this account (I'm the Agent). We have hired a 3rd party company to build and release an iPhone app for us.
We would like to give them access to our developer account to publish the app, but was wondering what level of access the would require.
Obviously, I don't want to give them login credentials to our appleID, and I don't want them to have any visibility to financial and legal info on our developer account.
I took a look at the information here but still can't decide if they should be "Admin" or "User".
Any thoughts based on your experience? Thanks!
You need to review the roles in iTunes Connect, not the Developer Center, for publishing capabilities: https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Appendices/Properties.html#//apple_ref/doc/uid/TP40011225-CH26-SW24
If the deep link doesn't work, (and even if it does, you'll want to review the whole doc): https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/About.html and drill down through the "Setting up user accounts" section.
We are a registered Apple affiliate and have a website with a community of iOS developers. Membership is supposed to be only for developers who have published an app to the App Store and we would like to have some way of checking this.
Currently, we ask the developer for the App ID of one of their published apps and then we use this information to find their Artist ID (i.e. developer ID) in our database. However, the user can just copy any app's ID from the iTunes website and sign up with it, even if he isn't really that app's developer.
We thought of one way but don't think it is allowed or possible: the developer specifies the email address used to register in the Apple Developer Program and we then call some API or other resource to verify that email address really is registered. If yes, we then complete the registration process through that email address. Is this possible?
Or is there another way to check if the user has a published app? We don't need a 100% foolproof way: just a minimally reliable approach. Even simply verifying that the user is a registered Apple developer would be okay.
I would investigate using the developer's certificate to sign something, proving that they are the controller of the private key. You would first need to verify terms of use, since I don't know if this use is permitted by Apple, but the cryptography should work fine as an authentication.
You have to be a developer to read the dev forums. Make a post to the dev forums with a code number and then ask the user for that code (post the link like: https://devforums.apple.com/message/799093). It would at least prove they have access to the forums (or to someone who does). I don't think there's a fool-proof way validate a user unless you're Apple.
I've got a company web app. I have integrated it without much problems with Twitter.
This means, when a staff of our company creates a new product, it posts onto the company's profile on the Twitter web site as well.
However, Facebook is another story. Facebook encourages registrants to sign up as "individuals".
For example, on the registration page:
You are not allowed to put generic emails such as (support#company_email.com, sales#company_email.com)
You may not have the first and last name as a company entity. For example Foo Distribution or Foo Inc
Their automated system simply rejects any clever attempts to register as a "non-individual". With Twitter, it was a breeze. Since Twitter allows / encourages companies to register an account with them directly, and not as individuals.
Moving along on Facebook, I found out that I can create a 'page'. Which I can use for the company. It has the option of allowing other "individuals" to be admin of the page. However, this would mean that each staff would need a Facebook account.
I don't really like this approach, since some of our staff may be negligent with their Facebook passwords. I rather have our web app have one 'method' of accessing Facebook's API isntead, the way it is done with Twitter.
How else would you go about this?
I'd make yourself the admin of the page, install an app that you develop, and then let your users make posts to the page through that app. This way, you're controlling access to the page while letting your users still have access to it.
You'll need to use an offline_access-enabled access token for this to work continuously (permissions documentation), and if that token changes, you'll have to log in yourself and refresh that token (it can change when you change your password or uninstall/reinstall the app). Additionally you'll need a manage_pages permission, and you'll need to use the access_token for your page that you can find in /me/accounts to make posts to the page.