I have my iOS app and my web app. Say I have n authenticated user in my iOS app and now I want to open a specific page of my web app for this user in a web view.
What is a good practice of doing so? Do I have to implement a special web page that would do the auth check and redirect to the page needed or is there a way to do this just via WKWebView?
Any kind of help is highly appreciated.
I am using identityServer4 in my web application and it's amazing.But now we are creating Mobile application for the same project and in mobile application we want to implement Login functionality on the basis of User's registered mobile and OTP sent to that user. Is there any way to implement that functionality in IdentityServer4 ?
Since IDS4 doesn't dictate any particular authentication mechanism you can implement an authentication UI flow you like. Can you explain your desired user experience a bit more?
I am experimenting with an iOS app that utilize a REST API (ASP.NET MVC Web API) and I want users to be able to logon/register using either:
Username and password (default)
Facebook authentication
I have setup the iOS Facebook SDK and users can logon/register using it.
When a user register with Facebook, what access token should be used to bind it with the REST API account? AKFAccessToken or FBSDKAccessToken?
HavenĀ“t found any tutorials where an iOS app and ASP.NET MVC Web API is combined. If anyone knows where I can find one that would help a lot.
If I am going at this problem completely wrong please correct me, I am still trying to wrap my head around it.
I will mention in details the best practice I know.
The server have the facebook App ID (special ID for the app given from facebook when you register your new app).
You send the FBSDKAccessToken for the server
the server will encrypt the FBSDKAccessToken with the app id as a key and return to you the result named 'AccessKey'.
You save the accesskey and use it as a relation with the server from now on.
This way, no one can know the userFBID since u encrypted it and you didnt share your facebook app ID since it should be a secret.
Hope this helps!
I am working on a MVC web app that requires authentication(Cookie) and a web api that uses token based authentication(Bearer). I also have an IOS app that communicates with the Web Api. So far everything is working fine.
Now I have to implement a new functionality on the IOS app that basically needs to show a web view and load a specific part of the web app, but that page requires authentication. The user was previously already authenticated on the IOS app, so what can I do to avoid that the user has to authenticate twice, one for the Ios app and also in the web view?
Please advice,
Thanks.
This is the solution:
If you set the Authorization header in the same way we do it for Web Api requests (Bearer + Token) then it works. It seems that the Mvc.Authorize attribute not only check for the cookie but also for the token(in the same way the Http.Authorize does it).
We have an ios app that uses native Facebook login just fine.
Then we also have a website (app is basically an optimized client for it) where people can login via Facebook too. When they open our website in mobile safari, they are directed to Facebook pages to authenticate there and it works, but.. it is still far from native and users have to retype credentials they often have in ios already.
So could it be possible to to somehow launch system fb authentication for just a web page (maybe using some clever URL schema?) and get granted token back to web?
Difficult way
As described here http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#mobile-apps you could find URL scheme to trigger the native iOS app for app authorization:
fbauth://authorize?redirect_uri=[redirect_uri]&client_id=[client_id]&response_type=token
But if you call that link it's not possible to have a redirection. You could try to hack that redirection but maybe you could not find a way out.
A secure way to solve that problem is to use a SSO token to authenticate user on your App when he logs in, and next on Safari take a redirection, with a custom url to your APP, that do as bridge to FB App via Token stored in your APP. After FB authentication you can directly redirect user back to your landing page in Safari. As said by #Lego it's an alternative way to direct authenticate that could be made by going deep to custom URL used by FB.
No, it is not yet possible to directly authenticate the user via the native Facebook App, but it's possible to authenticate the user using a custom URL scheme which opens your native iOS app which then handles the authentication flow:
The user authenticates natively with your iOS App. You then store the user login (not password) in your app (i.e. using NSUserDefaults).
Then the user opens your web page in Mobile Safari. You redirect the user via a custom url scheme to your app (i.e. using myapp://authenticate). Apple documentation on implementing custom URL schemes: click
Now, if you have an active FB session in your iOS app, you can either directly redirect the user back to your landing page in Mobile Safari, passing the access token via url get parameter or you first re-authenticate the user, displaying a login view with the user name pre-filled, which you have stored in your iOS app before (step 1) and then redirect the user to your landing page, again all depending on session state and your security needs.
For opening face book app you can use Custom URL scheme. But i am not sure if u can authenticate user from it. In case if you could also then it will be confined up to the fb account which is already configured on that device app .so better try to use face book api or something
I don't get your question exactly but i think as per your question you want to create fb app Login in safari or in your custom web view.
is this perfect ?
as per my knowledge web view is different thing and native app is different thing.
if you are Login in web view then no need to check anything token or other thing because it will give you Logout thing there.
but if you are Login in your application then "developer.facebook.com" will definitely help you.
and yes, you will do most of the thing in your app as native facebook app do.
Hope it help....