I wonder if someone may be able to help me please? I've been trying to find an article which can run me through username / password authentication within iOS with limited success. I found a good article from http://www.raywenderlich.com/6475/basic-security-in-ios-5-tutorial-part-1 and I thought this would answer my questions. Unfortunately, I hit a snag after following the tutorial to the letter whereby I was just presented with a blank screen. Whilst I've contacted Chris Lowe (the chap who done the tutorial) I haven't had a response back and I've hit a bit of a brick wall.
I wondered if anyone could point me in the right direction where I could learn how to do this and whether there were any code snippets which could be used etc etc?
Ideally I'm trying to get my application to prompt users for a username / email and password so that I can authenticate them using a web service connection from a company called parse.com. Its all very very new to me and I'm struggling but any help would be greatly appreciated.
Thanks in advance,
Sean
I realize this is an older post but what type of authentication were you trying to implement? A custom system where users enter a service specific email/password? Facebook auth? Twitter Auth? Google account auth? MSFT account auth?
If you're looking for any of the latter four, you may want to check out WA Mobile Services and these two tutorials:
-Getting started with authentication: https://www.windowsazure.com/en-us/develop/mobile/tutorials/get-started-with-users-ios/
-Authorizing users with server-side scripts: https://www.windowsazure.com/en-us/develop/mobile/tutorials/authorize-users-in-scripts-ios/
Essentially, once you obtain the Client ID and Client Secret from the relevant service, you're then your to write a method that checks to see if a user is already logged in. If not, you'll then display the relevant login option (the first tutorial shows a Facebook auth walk through).
If you were looking for a custom authentication system that allows users to create a service/app specific account, then you might find this post helpful: http://thejoyofcode.com/Exploring_custom_identity_in_Mobile_Services_Day_12_.aspx
Hope this helps,
Miranda
Related
I have a problem (or maybe it isn't). In one meeting, I was showing a demo of an authentication app for 2FA, when two people at the same time, register their authentication apps with the same QR code. So, it works what they do. They have the same code for enter to the application. And that's the problem.
I don't know if that is a user problem as sharing password with someone or another kind. Whatever of that, I would like to know . If I can allow just one authentication app. The primary source is this one: https://jayanttripathy.com/two-factor-authentication-using-google-authenticator-in-asp-net-mvc/
Greetings,
I would like to know there's a way to just allow a single authentication app or it is an error from the user.
I am currently developing an app that will use the FB SDK (for the first time) to log a user into the app. The flow is typical, I assume. User taps "log in with facebook", facebook graph authenticates, then we do a call to our api and log the user in via their facebook email (only) we have on file.
However, whats freaking me out here is, theoretically if some knew our api_token, and knew that calling a POST to a login url with only a valid existing email to log them in, isn't that a security issue since they could actually log in as someone else. Am I over thinking this? Understandably, they'd have to know every aspect of the api to do any damage. But still, I'm not feeling comfortable with this flow. Am I missing something?
This shouldn't be something you have to worry about. Facebook first protects you by having the requirement for the user to be logged into Facebook. Next, the user's UID(readily available to anyone) and your API Key isn't enough. They'd still need your API Secret Key (which if someone has is a bad thing) to sign requests as you.
What you're really using is OAuth (though Devise, through OmniAuth). I'm not an expert but you can read more here: http://hueniverse.com/oauth/guide/security/
When a user registers via OAuth, you aren't going to have a password set for them, and that's not a huge deal as they have to also first log into Facebook. It might be a good idea though to ask them to set a password if they ever edit their account, that also means they can sign in the old fashion way if they desire/delete Facebook/etc.
My goal is to use these bundles to connect to MailChimp OAuth or Facebook (not necessarily as a login option but that could come later - right now just want my app authorized to access the MailChimp API) - I've got the whole process somewhat working in the sense that I can be redirect to MailChimp or Facebook, allow my app and the I am always redirected to to my failur_path as defined in my security.yml. I presume this is correct behavior since I do not have users with the matching tokens. My question is... how do I create these users in the first place? Or rather how do I get the provided oauth token into the user's data for later user/authentication?
Thanks
I know it's old, but in case someone didn't find it:
https://gist.github.com/danvbe/4476697
I am making an instagram application using rails. Is it possible
to save some kind of 'token' or 'id' in my database that can be used
to automatically authenticate the user and allow the application to
access the user's profile data, images,etc,etc without asking the user
to enter the login details/authentication again and again. If it is possible please
tell me how it can be done.
Thanks in advance! :)
Yes, it is possible to get a token. Take a look at the documentation concerning authentication, it's pretty comprehensive.
http://instagram.com/developer/authentication/
I'm trying to use MyOpenID for my sign-in, but it doesn't seem to be sharing the email address.
If I use Google or others I do seem to get the email address, though. I thought that this was a standard field to return.
I even see some documentation here that seems to suggest they would share email:
https://rpxnow.com/docs/providers
(I'm using Ruby on Rails and Janrain for this project)
One interesting thing is that if I setup an identity page on MyOpenId, then the email IS shared with my application. I thought that there was supposed to be a way when logging in with MyOpenID to specify what data is shared during "SimpleRegistration"?
The problem was that I was testing with my own MyOpenId account and the very first time I logged in to my development server I had not paid enough attention.
When logging in the first time it said something along the lines of "blah site is asking you to share information with it. Click here to use an existing persona or to create a new one. I didn't select one and it defaulted to "don't ask again".
I was able to fix this by going in to MyOpenId and revoking permission for my site. Then the next time I logged in it asked me again and it worked.