I need a solution for Mac OS X server (hosting an internal website) that will limit device access to the website. It needs to be a solution that will only allow certain devices, including iPads, to access the website. I was thinking it can be done through a configuration profile, but not sure how to set it up on the server side.
Related
I followed the tutorial on learnforge.autodesk.io and was able to create a functioning app that accesses data from Construction Cloud and displays them using Forge viewer. The problem is, I'm not able to access Autodesk's login screen behind a firewall (which usually happens when sales team visits a client's office).
For what it's worth, I'm using ExpressJS for backend and have HTTPS enabled. The firewall at client's site also blocks access to virtual machine services like Parsec.
I don't even know exactly what the problem is (or how to troubleshoot), all I know is that this login link:
https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code
&client_id=<client_id>
&redirect_uri=<callback_url>
&scope=<scope>
doesn't work behind a firewall (it works fine through mobile data hotspot though).
So is there anything I can do on my end to make it work?
If that's not possible, what must the client do in order to access my app from behind their firewall?
We develop .net core based web server app with web browser client. This app will be installed on our client's dedicated servers. Our app will include, among others, contacts and calendars and we want to allow users sharing data between our and cloud agendas (via Azure graph-api, Goods api) .
We registered our app in Azure (for now, we assume it will be very similiar for Google) and got some codes (client, secret etc.). Now, we are not sure, what's corrent auth/usage flow.
Client side - a new browser window will be displayd to the end user, asking for grand types and login, but then the server should ask for an access token, as it will interoperate then. As I understand - this is done by using "redirection_uri" going to the server address.
The main problem here is that when registering our app in cloud environment, limited redirection address list is defined and checked later with "redirect_uri" parameter. Our application will be installed on customers' servers and we don't want to force them to register their own applications in the cloud's administrations as they even will not have their own cloud subscriptions.
Edit 2020-11-18:
I'll try to describe again what is our task we want to find solution for:
We develop web app with browser based clients
We sell this app to other organizations and they will install it on their own servers and will have their own customers (final customers) using this app
These organizations don't have to have O365 subscriptions
We, as developers, want our internal app calendars and contacts (among others) to be connected to final customers' Azure/Google calendard and contacts.
It means, that the synchronization itself will be between organization's instance of our app and their customer's Azure/Google calendars/contacts.
I'm sure this must be quite common problem but I have't found any reliable answer.
I'm new to the OAuth Authentication process so be gentle:
Goal: To create an embedded application on a device that will integrate with Google Drive, Dropbox, One Drive, Box to retrieve & store documents. This can be easily accomplished with OAuth2 authenticaiton.
Problem: The devices have limited input capabilities (and no browser) that prohibit users from being directly redirected, for them to input username/pass on the device.
Research: I've noticed looking through the documentation for these APIs that Google provides something called OAuth2 For Devices which allows the device to request a "User Code" when they first attempt to use the application on the device. The user can then go to a computer, navigate to a specific URL, and input that code to authorize the device to access their account. This circumvents to need for user input, or a browser at all, on the physical device.
Question: Do Dropbox, Box, OneDrive, or any others allow for this type of functionality, or anything comparable? As far as I can tell Google is the only one supporting this type of workflow.
Recently i've researched the same question and i've found out that while Google Drive Api supports OAuth2 flow for limited devices, it supports a very limited set of scopes. It means that Drive api for limited devices can offer only application data synchronization (files uploaded by app), because it won't find any files created by the user (outside of application, i.e. from web) even in a dedicated application folder. (assuming that user understands that application owns that folder and everything placed there ideally should be accessible by that)
By 2022, i've found the most promising api is from Koofr which doesn't have such limitation for devices and bundles multiple cloud services into one package.
Their documentation doesn't mention support for limited devices, yet it's fully working and can be found in their online HTTP api test suite.
I'm developing a corporate web application.
The devices it is supposed to run on devices that have MobileIron and a corporate profile installed.
The app uses a corporate authentication service that authenticates based on client certificates. When I open the app in the Safari browser - the authentication is working properly. But in order to provide some of the features the app had to be wrapped in a PhoneGap shell. And the authentication has stopped working.
As far as I understand it is due to the fact that the UIWebView is unable to get the certificates from the device.
Is there any way to entitle it to or implement the handling myself?
Using MobileIron AppConnect, you can distribute certificates directly into those apps (instead of to the system keychain, which is only accessible to the built-in apps like Safari). The app can then be coded to provide that certificate to the web server when challenged. This is pretty easy to do.
http://support.mobileiron.com/appconnect will have the details.
I have an iPhone app which needs to securely connect back to our hosted environment. It is doing this using SSH, and then uses port forwarding to connect to localhost:port which is really a service running on the host.
Currently the way I have the proof of concept working is by including the certificates (private and public) in the app, and then connecting by SSH to the host.
This means that passwords do not need to be distributed, however is this good practise? Should the private key be included with the app?
If not, how should I do this without distributing passwords, and what should I include?
Distributing the password or distributing the private key are exactly the same thing and both are generally no-nos.
You haven't given us enough info on what you're actually trying to do, but it sounds to me like you're take a very convoluted approach to what is most likely a solved problem. If your iPhone app needs to communicate with the server, then you should, at the very least, have each iPhone app generate its own private/public key combo and add their public key to your authorized users on the server out-of-band, as that way you can selectively revoke access for individual users.