i searched a long time but could only find really basic information, so i decided to ask here:
The simple thing is, that I wanna authenticate an iOS Application against a rails web Application.
I thought about something like HTTP Basic or Token based - but this isn't what I really want.
I wanna authenticate against OAuth from Facebook, Twitter and so on.
On the rails side this is really easy. Device with omniAuth did this job great.
But how shall I authenticate the iOS App with this method?
It would be great if anybody could give an more detailed view on how to do this.
I think you have two solutions.
1: WebView
Use WebView for OAuth request/response.
SHKOAuthView of ShareKit will help your understanding.
- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType
{
// "OAUTH_DID_FINISH_SUCCESS_URL" is URL your wab app display after finishing OAuth authentication successfully.
if ([request.URL.absoluteString isEqualToString:OAUTH_DID_FINISH_SUCCESS_URL])
{
// OAuth success
return NO;
}
return YES;
}
After finishing OAuth authentication with WebView, iOS app automatically save cookie(if web app save cookie), so iOS app can normally request/response to web app. Incidentally Android may not save cookie automatically, so token based authentication is better if you have to support Android app too.
2: RestKit
RestKit support OAuth.
I think Device is not the best solution for iOS Application with OAuth.
I think scratch authentication with omniAuth is better.
Related
I have searched lot about that implement CCAveneue payment intergration . i have also checked on CCAveneue websiter but did't get any information. if anybody have implemented CCAvenue in IOS then please provide any solution for that.
* backend in JAVA
what i'm doing is just getting rsa key from server then what i have to do with that.
Thanks in advance
Integration with CCAvenue was a difficult task. After long conversations with the support team and back-end teams, this is how we achieved integration with iOS app :
iOS app sends all the data (POST body key-value dictionary) to your backend server
Backend server redirects to the CCAvenue payment gateway by passing all the relevant information required by CCAvenue (please check CCAvenue integration guide for this)
User on iOS app fills in the payment details on the CCAvenue page and completes the payment
After payment completion, CCAvenue redirects to your backend server url (provided in the "redirect_url" key of POST data)
Here your backend server can process the payment response
Now is the important step
Your backend server after processing the response, should then redirect to a decided URL (YOUR_TRACKING_URL), which your iOS app will track to notify the completion of payment flow. This URL will be a server-client contract and must remain same in the iOS app.
In your iOS app, you can check this URL using UIWebView's delegate method as
-(BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType
{
if ([[request.URL absoluteString] isEqualToString:YOUR_TRACKING_URL])
{
// Payment flow complete.
// You can close the UIWebView here, or do whatever you want on payment completion
// Do not allow redirect to this URL
return NO;
}
return YES;
}
Our iphone app allows for sign in via Foursquare via oauth. It was working fine and recently stopped working.
The error we get is: Connecting Failure: Callback uri is not valid for this consumer.
HOWEVER, if the user does not have the foursquare app installed on their phone it works fine as before. It seems as if FS is now doing a redirect to handle the oauth inside the FS app and this fails when attempting to return to the originating application. Via safari it seems to work.
This is on ios 9.
Solutions?? Thanks!
We've changed to use a SafariViewController and this seems to force Foursquare to not to this strange in-app redirect, solving the issue. This is also Apple's preferred oauth method, so probably the way to go.
Still seems like a problem on the Foursquare side that they may want to address for others however. I'm closing this question. Thanks.
Where does your redirect URL point? If you want it to launch your app after completion you should point to the iTunes store (pre-iOS9) link for your app or the universal link (iOS9 onwards).
More information on redirects for the native foursquare app is available in the README here: https://github.com/foursquare/foursquare-ios-oauth/
How to create a universal link in iOS9 https://www.appsflyer.com/blog/how-to-set-up-ios-9-universal-links-for-your-app/
A callback url is a webpage loaded after your web app has been
verified. In this case, you need to specify a page for to send data to
after authentication
Double check your Foursquare credentials and update the callback uri to a valid link. Tutorial link
Please follow the below points, may be one resolves your issue:-
Enter the callback in foursquare account in addcallback methods. Then in your code add the call back to the provider before you authorize. (Reference here).
You're getting that error because the URL you're pointing your users to (foursquare.com/oauth2/...) includes a redirect_uri parameter that doesn't match with what you configured in your app's settings under https://foursquare.com/developers/apps. Make sure these match!
I am using Xcode for a social media network site and I have a quick about the login/ signup process. For instance, I have a UIWebView that is linked to the login API page. (ex. www._.com/api_login.php?) When the user logs in with their credentials on that page the website redirects them to the success page (www._.com/api_success.php?) with the API authentication token that is stored in the iOS app for user specific tasks embedded in the website source code.
Here is my question: How can I tell Xcode to execute Javascript to grab the authentication token once it is on the (www._.com/api_success.php?) page? Keep in mind that the URL is specific to the user and has a user specific api key at the end of the link. (www._.com/api_success.php?apiconnectkey=123456789)
Thanks in advance for help with this,
Technology Guy
I'm not sure I follow 100%, but here are some things to look at:
Implement UIWebViewDelegate in your view controller and set the delegate property, then implement this message
-(BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:
Docs
https://developer.apple.com/library/ios/documentation/uikit/reference/UIWebViewDelegate_Protocol/Reference/Reference.html#//apple_ref/occ/intfm/UIWebViewDelegate/webView:shouldStartLoadWithRequest:navigationType:
This will let you see each URL that is being set on the web view. So, you could grab apiconnectkey.
Also, you can execute JavaScript on the page with
[self.webView stringByEvaluatingJavaScriptFromString:#"getToken()"]
where getToken() is a function on the page. This will return a string.
https://developer.apple.com/library/ios/documentation/uikit/reference/UIWebView_Class/Reference/Reference.html
I have been trying for ages now to get OAuth 2.0 integration in my iPhone application.
I have searched and searched for libraries, tutorials, etc... But they have all lead me to a dead end. The main problem I have is that they either have deprecated code, or they just don't work or they have some documentation but its really hard to follow (for me anyway...).
The best OAuth2 library I could find for Xcode is this one: https://github.com/nxtbgthng/OAuth2Client
But the main problem with that one is it doesn't seem to do anything... I have followed all the documentation and instructions that came with it, but after building and running, it doesn't seem to authenticate....
So I guess my main question is: does anyone know of any good and up to date OAuth 2.0 tutorials for Xcode or any libraries for such a thing?
Because I am really struggling at the moment.... :(
Thanks for your time, Dan.
UPDATE 2: Here is my code (App Id and secret removed for security):
- (void)viewDidLoad
{
[super viewDidLoad];
// Do any additional setup after loading the view, typically from a nib.
oauthClient = [[LROAuth2Client alloc]
initWithClientID:#"MY_CLIENT_ID"
secret:#"MY_APP_SECRET"
redirectURL:[NSURL URLWithString:#"app://instagram-callback/?code="]];
oauthClient.delegate = self;
oauthClient.userURL = [NSURL URLWithString:#"https://api.instagram.com/oauth/authorize/?client_id=ab6dc96859bf43b3a488199ec72d9964&redirect_uri=app://instagram-callback/?code=&response_type=code"];
oauthClient.tokenURL = [NSURL URLWithString:#"https://api.instagram.com/oauth/access_token/"];
[oauthClient authorizeUsingWebView:myWebView];
}
- (void)oauthClientDidReceiveAccessToken:(LROAuth2Client *)client;
{
LROAuth2AccessToken *token = client.accessToken;
[NSKeyedArchiver archiveRootObject:token toFile:#"Path/To/MyAccessToken"];
}
- (void)checkAccessTokenForExpiry:(LROAuth2AccessToken *)accessToken;
{
if ([accessToken hasExpired]) {
[oauthClient refreshAccessToken:accessToken];
}
}
- (void)oauthClientDidRefreshAccessToken:(LROAuth2Client *)client;
{
LROAuth2AccessToken *token = client.accessToken;
[NSKeyedArchiver archiveRootObject:token toFile:#"Path/To/MyAccessToken"];
}
In almost all projects I have used AFNetworking because it's very powerful
-why re-invent the wheel every time :)
Furthermore, it also has an OAuth2Manager which is quite easy to implement and works rock-solid.
In Instagram documentation says that there are two ways to authenticate. One Explicit (for server-side auth) and one Implicit, for auth in a client (without server).
You are using the Explicit one inside the app, try changing the userURL to https://instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token and the tokenURL to http://your-redirect-uri#access_token=ACCESS-TOKEN.
You most likely cannot use a client secret in an iPhone App (because the client secret cannot be protected), you will need to authenticate through the services mobile app or mobile web site and then handle the redirect url, according to this link I found on the Uber api developer site:
http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified
There is some code on this page to do just that, which I am testing now:
https://medium.com/swift-programming/learn-nsurlsession-using-swift-ebd80205f87c
There is also some good information on the bottom part of this page: http://www.idmworks.com/blog/entry/getting-started-with-oauth2client-on-ios
I recently made simple pod https://github.com/kohtenko/KOSocialOAuth.
You can easily connect Instagram, VK or LinkedIn. Feel free to send Pull Request with any other OAuth endpoint.
Check out this for using the Instagram API: https://github.com/shyambhat/InstagramKit. In the comments I see that you're having trouble with the redirect - look into Xcode's Redirect URI's for help with that: What's a redirect URI? how does it apply to iOS app for OAuth2.0?
My goal is to build a standalone RESTful Rails 3 service that communicates with a Rails 3 web application via ActiveResource JSON and an iPhone application via iOS 5 native JSON. I have each running so that a single table of data is being exposed in the service app and that can be called and rendered via both a Rails app and the iPhone app.
My question is around authentication and something that can be reusable for both the web application and the iPhone app or in the future an Android app.
From the research I have done on this site, it seems HTTP Basic would work for both, however I would be unable to properly logout a user on the web side like sessions or cookies could and I have the browser login form to deal with. If I use sessions, how would that translate to setting up authentication on the iOS side of things?
This project is a code learning exercise, so I am hoping for implementation or architectural guidance rather than simply implementing Devise or Authlogic, etc.
It sounds like you're conflating at least two problems.
The first issue is authentication: you need to determine if the user is who they say they are. For authentication, you can do basic auth. You could also use client certs, though that's probably not what you're looking for.
The second thing is session management: First, you can do basic auth on each page request and store the session state in the database, but you're right about not being able to log the user out, as the browser will cache the credentials.
You may want to consider a login page that requires basic auth and shoots back a cookie to do session management. All other pages don't require basic auth, but give a 401 unauthorized if the cookie isn're present. Or you could redirect. The iOS client code will have to know to call the login page first to get the cookie and then use it after that. Logging out is deleting the cookie.. hrmm, but the browser will still cache the basic auth credentials.
I'm thinking the only way you're going to get what you want is to have a form-based auth for your web users (to allow them to log out and log in as someone else), and a basic-auth based system for iOS users. As a result of both authentication mechanisms, return a cookie that has to be used for all other pages.