I am currently creating a remote control app which uses IP control to control devices. I have created this and now I am looking to add a way for you to say for example, "OK Google, Power on 'device' in 'app name'". I have looked at Google's app actions console and I could not find a way to make this as a custom command. I have seen that there is a way to do this by adding deep links into my application. However everywhere I look this requires me to have a host web server which I do not want. Is there any way to do this without a web host or otherwise using the device as it's own host or it's own fulfillment server within the app?
The URL may or may not be resolvable by an HTTP client and it won't send a request to this links. Alternatively, you can also define a custom URL scheme. e.g. myapp://example/{foo}.
https://developers.google.com/assistant/app/action-schema#fulfillment
Related
I am trying to control home appliances through my app. And I have a web server to take requests and make mqtt publishes with this parameter. And I want to make this requests with google assistant. But some parameters should come from my app and some of them come according to user says. For example:
"Turn on kitchen Light"
What google assistant should do:
http:/myserverIp/incoming/param=kitchenLight¶m=On¶m=userId
What my server should do:
mqtt publish: topic:home/userId/kitchenLight payload=1
I've read google assitant sdk, I watched google io-18/17 assistant talks but I couldn't find right answer. According to picture below I should use "Url template model" but I couldn't find out even where I should locate actions.xml in my android project!
Is it possible to pass data to google assistant from my app and making GET/POST request which is user based?
According to picture below I should use "Url template model" but I couldn't find out even where I should locate actions.xml in my android project!
I think this is the source of your confusion. If you are building a Smart Home Action for the Google Assistant - you're not building an Android project at all. You are building a cloud- or server-based webhook that will take JSON from the Assistant and handle it in some way that makes sense for your devices.
In your case, it sounds like one approach would be to have this webhook act as a sort of proxy to your existing service. So it would take the JSON from the Assistant and turn it into the URL query you are currently expecting.
I want to ask about the security of web application.
I'm developing on web site for an inventory management system by web service.
And wrapping as android application with the webview.
But my client ask the website can be opened in android application only.
I think it is possible with agent header when web server response to request.
But it just a makeshift.
So is there any way to check the website is opened in browser not authorized application?
I used spring boot for web server.
This is not possible. Once you expose an endpoint publicly, you can always try to connect to it with whatever software supporting the protocol (or an analyzer which will reverse-engineer the protocol).
This said, you can make it difficult by obfuscation.
One solution is to use information provided by the client (browser in your case). This is usually the agent header (as you mention) but can also be some fingerprinting. You could for instance detect the size of the screen and make some decisions from there on.
Another solution is to use some secrets (better call them "secrets") to show the backend application (or API) that some specific code is calling. I can imagine that you could bundle the HTML/JS/CSS code in your application, together with a key so only the application owners will be able to send a recognizable traffic (recognized by the backednd).
All of this is more or less difficult to crack but with some layers you will get rid of at least some population which would like to access the site via other means than an app.
I want to make HTTP requests to a server (such as Node-red or Arduino) on my LAN directly from my Google Assistant.
I would like to reproduce the behavior of this widget which, however, does not work from google assistant.
Using the IFTTT with webhooks makes the IFTTT website to ping on the internet from their server, not from my mobile in my private LAN. I think same will happen if I use google actions with api.ai with webhook. For example, this app, Wake On Lan can LAN requests, but it won't take links like 192.168.0.2:1880/test, it only takes IP addresses, but it works with the Google Hot word, OK Google.
So how can I make HTTP POST requests directly from my Google Assistant?
I'm not 100% sure what you are looking to do here, but I THINK ngrok might be able to help you.
If your goal is to be able to access a server that is only accessible within your local network, then what you really need is a way to make that server accessible from outside the network, but only to you. You have two ways of doing this. One is to open up a port on your router, which is inherently unsafe. The other is to use ngrok. ngrok is an application that you run on your local server which opens a secure tunnel into your local network. You access it using a url externally that looks like this:
https://02355cab0.ngrok.io/
The hash is unique and only you know it. That URL is accessible from anywhere on the internet, but points to a server on your local LAN, ie:
https://02355cab0.ngrok.io/ -> http://192.168.0.2:1880
Check it out here:
https://ngrok.com/
Using this ngrok url then, you can give that to the Google Assistant or whatever app (IFTTT if you want), to make calls from the web directly to your local network.
I'm stuck with a Not allowed to load local resource: file:///android_asset/www/index.html?code=[code]&state=[state] when the Authentication API, using OpenID Connect standard, is trying to redirect to my local Android application.
When I launch my application, if I am not connected yet, a redirection is performed to an Authentication API which asks for the user credentials. Then, if the credentials were good, the API will perform another redirection to the redirectUri passed in the first redirection (as a query parameter). This redirectUri is the previous file:///android_asset/www/index.html.
I don't know how to configure my app/phone to let a remote application (the Authentication API) redirect to my app after a successful authentication.
There are a couple of options available to accomplish this. Looking at the ones suggested in OAuth 2.0 specification, more specifically the ones assuming an external user-agent.
External user-agent - the native application can capture the response from the authorization server using a (1) redirection URI with a scheme registered with the operating system to invoke the client as the handler, (2) manual copy-and-paste of the credentials, (3) running a local web server, (4) installing a user-agent extension, or by (5) providing a redirection URI identifying a server-hosted resource under the client's control, which in turn makes the response available to the native application.
Option 1:
You configure a redirect using a custom scheme that your Android application registered, this way your application gets called when an external user-agent, the browser, receives a response indicating a redirect to your scheme. Given, there a few Android applications out there :), the scheme should be pretty unique. A recommendation is to use the reverse domain name notation for a domain you own, for example if you owned "app.example.com" the scheme could be "com.example.app".
Option 2:
You redirect somewhere that just shows a pretty page with the code and ask the user to input it manually in your application.
Option 3:
Your application starts a local web server and you configure the redirect to be something along the lines http://localhost:[port]/. Here you there might be issues with port conflicts if multiple applications decide to use the same one.
Option 4:
By installing a user-agent extension you would have code running with the browser and that could communicate the code automatically to your applications, more for desktop scenarios.
Option 5:
You configure a redirection URI that points to some server-side code you host and that your client Android application is aware of so that it can grab the code from that URL.
for much more information on this topic, check: OAuth 2.0 for Native Apps
As a final note, using the file URL scheme will not be an option. Additionally, if you don't want to go full server-side on the options that require some logic on the server, you can accomplish the same using much less lines of code by writing something as a Webtask (be sure to use a custom domain).
Disclosure: I'm an Auth0 engineer.
In my own app, I'm using various 3rd party SDKs that make network calls( HTTP requests) in some form or other. Without editing this code, can I write code separately within the application to intercept all GET and POST requests that my app is making?
I want to record these HTTP calls in my app
I am aware of using Fiddler and Charles proxy tools but that is outside the app but this won't work because I can't record these HTTP calls in my app.
Is there a way to do it?
EDIT: I am using Google Analytics SDK and Facebook SDK in my code. I want to monitor all the network calls these SDK's are making from my app
On non rooted phone you can use android OS proxy and redirect traffic. But some apps doesn't respect it. Makes direct connections. Some tweaking could be done. Use Drony with VPN mode to redirect all traffic to SandroProxy. Here is video how capture then traffic with SandroProxy SandroProxy with Chrome devtools SandroProxy can also capture pcapfiles. Can also make ssl mitm on pcap flow. from SandroProxy support
Try HTTP Toolkit - it's an open-source tool I've been building to do exactly this. It can automatically intercept traffic from an Android device, with no manual setup required, and then allows you to inspect & rewrite all HTTP traffic from your computer, like so:
To intercept HTTPS traffic from your app, you just need to either a) trust 'user' certificates in your application's network security configuration (see https://stackoverflow.com/a/38770284/68051) or b) use an emulator or rooted device (in which case HTTP Toolkit can inject a 'system' certificate, which your app will trust automatically).
Charles proxy is a good way.
Others include if app is using singleton network class (which it ideally should), make one function for get and one for post. Call these functions from your classes and use log.d to output data on console. You can track request response or time taken.
If you are specifically looking for your app to be capable of recording the HTTP calls.
Android Snooper library can be the solution you are looking for.
Have you considered Stetho?
http://facebook.github.io/stetho/
You can monitor and modify all incoming and outgoing requests, among other things.
https://github.com/jgilfelt/chuck/
it adds a new app that send notifications each time a network request is made, and you can see the details of the request.
https://github.com/facebook/stetho
it allows you to use the chrome dev tools to monitor your requests created from an android app. (among other cool features)
If you root the device or running over debug (adb), then maybe this will help:
http://code.tutsplus.com/tutorials/analyzing-android-network-traffic--mobile-10663
Else I don't think its possible to do what you want to do. But you can monitor general network stuff like:
For all traffic stats see:
https://developer.android.com/reference/android/net/TrafficStats.html (just pass in your apps user id)
For monitoring network status:
https://developer.android.com/reference/android/net/ConnectivityManager.html
You Can use this as the better option. Remember to scroll down the app and check network intercept is on.
Link is here https://appetize.io/upload