I’m a little bit stuck on a subject.. I was developing 2 mobile applications with Flutter, each with an authentication system. I would like to develop the following functionality:
I log on to the "A" application, I save my credentials.
I open the "B" app, I can find the account with which I signed in the "A" app. (For example: On my iphone, if I sign in with my google account to Gmail, I find the same account on all the google apps on my phone).
So I would have to be able to store the passwords & identifiers securely on the phone, and only my 2 applications could have access to this "common" database. I looked at Hive/ SQFLITE, but I don’t think it’s suitable for this kind of functionality to share between 2 apps...
Thank you for your help,
JH
This sounds very similar to Google Account Linking with OAuth-based App Flip:
OAuth-based App Flip Linking (App Flip) allows your users to easily
and quickly link their accounts in your authentication system to their
Google accounts. If your app is installed on your user’s phone when
they initiate the account linking process, they are seamlessly flipped
to your app to obtain user authorization.
This approach provides a faster and easier linking process since the
user does not have to re-enter their username and password to
authenticate; instead, App Flip leverages the credentials from the
user's account on your app. Once a user has linked their Google
account with your app, they can take advantage of any integrations
that you have developed.
That said, you will need to go Android/iOS-specific to solve this on your own, but you can draw a lot of inspiration from the App Flip example code provided by Google!
On Android you will be using Intents that return data to their caller. The idea would be to have the "A" app listen for a custom intent for example using package receive_intent that shows some kind of "Allow B to login with A" screen and returns the credentials like this:
import 'package:receive_intent/receive_intent.dart';
// ...
Future<void> _setActivityResult() async {
// ...
await ReceiveIntent.setResult(kActivityResultOk, data: {"credentials": "abc123"})
}
// ...
Best of luck!
Related
We would like to add the Uber Deeplink functionality to our iOS, Android and Windows Phone app. Our users are business users. The business wants them to travel using Uber for Business so their expenses will be paid by our business.
Some questions:
What is the purpose of the client_id parameter keeping in mind we would like to use Uber for Business? I've mailed myself two Deeplinks to test the implementation, one with and one without the client_id parameter; I saw no difference between these two when opening the Uber app using the Deeplink. Also the developer pages only gives information regarding Affiliate tracking: In order to attribute any deep linking action back to your application, be sure to always include the client_id parameter.
We would like to remind the users that they need to check their invitation e-mail from Uber to use Uber for Business, or use their Uber for Business account if they already created one. Is it possible to redirect the users to create or login using their Business account? Now it always gives the possibility to create a new account when opening the app using the Deeplink, but we don't want users to think they need to enter their creditcard details and travel using their personal account.
Many thanks for your replies in advance!
1) The client_id is only used to track deep link calls and provide attribution to earn through our affiliate program.
2) It is not currently possible to force a user to login via the uber for business invite link via a deeplink. They need to login with their uber account and than accept the invite from the email they receive when enrolled in the uber for business organization.
We currently have an Alexa app that lets users ask for details about upcoming events, now the company wants to implement the same thing for Google's assistant. It seems like this is supported through "Actions On Google", which is very similar to Alexa.
One thing Alexa allowed us to do that I cant figure out with Google is setup a login screen. When a user first accessed the app via voice command, it would take them to an authentication page. We used this to tie an Amazon user to our internal records so that we could identify their specific information when they made a request. It was also used for authentication and authorization.
I dont see how to do that with Google. I assume that you can, but I havent been able to find it. Is there a way to set up a login screen so that when someone says "Hey (Agent), tell me about my day tomorrow", I can confirm who the person is to look up their information?
Yup, you're looking for Account Linking.
The term comes from linking the account they log into with your service to the account that Google uses to track them. You'll need to implement a basic OAuth server, including the page where they log into your service when they're directed there from the Assistant, and a way to issue authentication tokens to the Assistant. When requests come in from a user with a linked account, you'll get the tokens from the user, and you can use this to identify who the request came from.
I would like to do Google Sign-in for a Fire TV app. Unfortunately I can't use Google play services for this so I need a work around. The only thing I could think of is have the login screen be a uiwebview Google sign in web page. Has anyone ever got Google sign in to work with amazon devices? Any input would be appreciated.
To answer your question, yes it's possible to do that using a webview by following the guide here:
https://developers.google.com/identity/sign-in/web/sign-in
Once the user is signed in you would get the onSignIn() callback in the webview which provides you with the user's details that you can send back to your java class to carry on with the sign up/in steps.
Would I do it? Not in a million years!
My main concern is that you would be affecting the user experience on a device that doesn't have a traditional touchscreen entry point. The 10-foot UI has a different interaction than a tablet or a smartphone (try typing a complex password without a touchscreen keyboard). Why should I put my users through ~200 remote clicks just to type an average length email address and password?
The convenience of Google signin is in the native integration with the Android identity system, where with a few taps you can grant permissions to read your userid and much more.
Why don't you instead take advantage of a similar method, native to the Amazon platform?
You would start with the assumption that a user on Fire TV is already logged into their Amazon account, which means that if you had the ability to read their email address and userid you could achieve the same as what you do on Android TV... and you do!
Take a look at https://developer.amazon.com/public/apis/engage/login-with-amazon
UX: it displays a "Log in with Amazon" button, shows the user a permission pop up and, once they accept, you will get a callback with some of their details. No need for a webview.
I'm currently building an app (android and ios) for which I now need users to be able to login. It must be possible to both sign up regularly (entering username, password, name, mail etc.) and to login through various not yet determined social media such as facebook, twitter, gmail, hotmail.
Now my questions are as follows:
1. Are there any framework's supporting this kind of in-app+social media login scenario ? (I know there is stuff like auth0 but it seems that you don't have that much control with this. As I'm going to save statistics about user navigation and such I think it would be preferable to store all my users in my own db, regardless of their way of logging in. Thus to me it seems like what I need is just an easy way of getting information from these social media and then register users as if they had just signed up regularly am I right ?
2. Anything obvious I'm missing ?
All of these social media sites have their own sdk's that allow you to login users and get certain information from them. So using a website like facebook's sdk you request certain information about the user logging in such as email and first/last name, then save this information in your database including it came from facebook. You will need to also create/encrypt a password for someone coming from a site like this. This is very important, obviously they won't give you access to a user's password but you don't want the user's account on your website to be vulnerable. I would limit the number of ways to login because you will have to program and work with each websites sdk in order to do this. Probably just use your own login and a facebook login to start
Here is a link to facebooks website for developers which gives you access to their sdk's for different platforms https://developers.facebook.com/docs/apis-and-sdks
If there is some sdk (let's assume facebook here) that is implemented in multiple apps.
Now facebook asks a login one time from the user (the first time user uses fcbk app/sk on device). Once logged in, if any app (in same device) tries to access the sdk again, it does not ask user to login again (but just the permissions).
How does Facebook/Google know that user is already logged in that device once? Do they store Mac address of device. Do they have some universal sharedprefs? Do they have db/file on local sdcard.
I want to create similar functionality for my app. Any help would be awesome.
The implementation is both simple and complicated, but generally it centers around registering an account with the AccountManager (http://developer.android.com/reference/android/accounts/AccountManager.html) which then handles authentication requests coming from other apps.
Here is a step-by-step that should still be current enough to get you started:
http://www.finalconcept.com.au/article/view/android-account-manager-step-by-step-2