I'm working on my first rails app and am trying to make it so that Users can create a joint Playlist and then play that playlist. I planned on using Hallon/Libspotify to create the playlist but am running into a problem because Spotify requires users to login with FB.
I currently have it set so that Users login to the site using Facebook but I don't think the information FB gives me is enough to auto log the User into Spotify. Any suggestions on how to implement this functionality would be super appreciated!
You can't use a Facebook auth token with libspotify.
libspotify requires a username and password pair, whether it's a Spotify name/password or a Facebook name/password. Once you log in with libspotify, you'll be given a separate login auth token for storing and future logins.
It's important to abide by the libspotify ToS when writing your app, as it's easy to break them when writing a web app. The two most important are:
Never store a username/password yourself. Only ever store the token you get (it's safe to store unencrypted).
Never log in on behalf of the user when they're not using your application.
Related
I know, this might be a very naive question, but I'm having hard time imagining a complete picture of how Facebook SignUp and Facebook Login should be used in my application. I understand Facebook documentation, but it gives me scattered pieces which I can't figure out how to put together. I would appreciate any links for how-tos regarding this issue.
The problem I'm trying to solve, is simply to use Facebook SDK to register users in my application. But, what does this mean? Generally, if we take e-mail registration, this means getting e-mail address and a password, which will be used for later logins. For every login, my server will generate a session id, which will be used in API calls.
Now, I can obtain user's e-mail using Facebook SDK. But now what? What about the password? How should I generate a session id now on my server? Do I have to perform Facebook login call every time I start the app? Or should I send access token to my server and store it in users table and use it for generating session id? I don't need to perform Facebook Graph API calls in my app. All I need - is "single-click" signup/login functionality. What's the right way to do it?
I am wondering if there is a way to login automatically so that the username and password would be hardcoded into the app and it would be used as a way for the user to upload photos without them having to have a Flickr account?
From the sound of your question, you want your app to have a Flickr account associated with it so that users won't have to have their own Flickr account. Then, you want your app to authenticate with this account, and allow users to upload to it. Storing login credentials "hard-coded" is a terrible idea - someone poking around with the app bundle may be able to find the login info - which is why we have OAuth authentication schemes. By reviewing Flickrkit's github documentation, they have an API for authenticating your app. So what you would do is first generate the authorization token for the shared account using your app, then distribute the auth Token that's generated in NSUserDefaults in your application and use that as the auth Token for general distribution.
So...
Your question is kinda broad so I'm not sure this is the answer your looking for but maybe it'll help.
If the user must login then somewhere the login information must be stored as a variable. All you need to do is save those variables containing the login info and when your app loads run your function to login with those saved variables.
Is it possible to get Tweets/Facebook posts using the iOS Social Framework without using Facebook or Twitter accounts?
Not possible to query data without active account.
You can create new SLRequest, even set its parameters with valid FB access token but you will still need to associate the request with valid, accessible account.
See the example of the possible request here
For FB queries, You can use the FB SDK to perform the queries without active user login using access token generated for your facebook app, I can explain more about it if needed.
In general, what's the best practice to authenticate a user via 3rd party (say Twitter) using iOS's ACAccountStore and then tie it to an existing user in my own service assuming that they were logged in already? Can I access and store the account credentials remotely over ssl, or is there a better way?
And if they had to re-login via Twitter, I could just search for the user with that twitter handle to know what backend user is tied to this account, yes?
And lastly if I wanted to be able to login via a browser later on, I would get new oauth credentials for the webapp as well, but could search for a user with the same Twitter account info and store these credentials as well, and know that they all refer to the same person, correct?
What you're asking involves many levels of a system "stack" that are custom to a particular environment. What is "correct" vs "incorrect" is dependent upon the environment you've set up and are connecting to from your iOS app.
So from what it sounds like you're leveraging iOS's Twitter functionality to create a Single Sign On (SSO) experience. There are several guides on Twitter's site for doing what you want to accomplish:
Integrating with Twitter on iOS: Single Sign On
Using Reverse Auth to Get OAuth Tokens on iOS - you can then store these server-side
Migrating tokens to system accounts - how you get OAuth tokens from your webapp to iOS.
We are using google oauth2 permitting users to use their existing google accounts to log in to our system.
After being authenticated what is the proper way to manage active user session in our app for ex.
Let's suppose the user has logged in to our system with google account A. Then user logs out/changes google account to account B but not within our app but rather from its gmail. Should we also log him out him from our app???
(which seems to me bizarre and impossible as soon as there should be google API to check that the given user at the given time is logged in to google services).
The only way which seems to me reasonable is to invalidate user session after given timeout and only then we could make user re-pass oauth2 authorization flow.
Thanks in advance for your help.
The access_token or id_token your acquire from the Google OAuth2 Login flow is not coupled with the login sessions in the various Google apps (gmail, plus, ....).
There's no way for your app to know that the the user logged out of his gmail. Your app shouldn't care.
If your web app makes it clear to the user what account has been used to login initially (by displaying a username/picture or other info retrieved from the Google User Info call you should be ok.
Most users will not try to link your web application session with a gmail session for example.