I am making a mobile app w/ a rails server for the backend. The basic premise is when a user signs in successfully, the server returns a unique token and their user_id. I store only those 2 things in local storage (window.localStorage not any library)
localStorage.setItem('user_id', data['id']);
localStorage.setItem('authToken', data['auth_token']);
I then use the token/ID to communicate with the server.
The problem, is recently in testing (app is already live w/ a couple dozen users), the token is occasionally not getting set or saving, and as a result, I get a 500 error. I say occasionally because sometimes it does work. I guess I'm mainly just confused. It was working fine w/ my initial pushes on the app, and works on ionic view. I don't know what has changed, as I have not changed any code.
From my standpoint and in my initial debugging, it looks like local storage is either unreliable, i need to use an angular/ionic option (not window.localStorage), find another way to store data like I have been (SQLite?), or it could be a permissions bug?
If anyone has experience something similar to this and found a viable solution, I would love to learn more about this and find a solution to fix it.
I think that before you choose another data store option, you must see your application in execution, try inspect the app in Google Chrome inspect or in Safari (case iOS), look at the localStorage proprieties using your app, I believe this is enough for you do fix your bug.
Inspect Chrome: https://developers.google.com/web/tools/chrome-devtools/remote-debugging/
Inspect Safari:
http://phonegap-tips.com/articles/debugging-ios-phonegap-apps-with-safaris-web-inspector.html
Related
For anyone who is trying to authenticate via firebase phone number using ionic, this post is for you.
I spent weeks trying to solve this problem for my own app, and have moved on to using email because solving the phone number problem was taking too much time, but I am making this post to save you from wasting your time on red herrings.
The Issue:
Phone number can only be used when attached to a url, so if you are making an ionic application through a website, phone number auth via firebase will work, however, if you are trying to do it on mobile it won't work because firebase requires a url attached and there are no urls in mobile apps of course (firebase).
Option 1: Plugins
So, the easiest option would be to look around for third-party plugins to implement phone number auth on. I believe there is a Cordova plugin for this, (cordova-plugin-firebase-authentication), however that library is not compatible with Capacitor (compatable plugins).
There are a few other plugins that I tried to implement without much success. Notably, the (capacitor-firebase-auth plugin). It claims that phone auth works for ios and android, however, the actual method for doing that seems very complicated and follows a different path using .p8 codes that I was unable to follow-through with (confusion). And this plugin has some major limitations.
Option 2: In-App-Browsers
Since option one doesn't seem very feasible right now, the second option is to put code up on a website for phone number authentication and then open a browser within your app to authenticate. I spent a ton of time trying to get this method to work to no avail. It seems possible theoretically, but in practice, it is a mess. The biggest problem with this method is that what you want is to be able to run the signInWithPhoneNumber(phoneNumber, appVerifier) on your mobile app, because then your app treats users that have signed in through phone number like any other user and it makes general authentication much easier downstream in your application. However, in order to do that you need a verified appVerifier, which is of the class firebase.auth.RecaptchaVerifier. The firebase.auth.RecaptchaVerifier is supposed run .render() to initiate the recaptcha provlem and then run .verify() to verify a token that is given after the user does the recaptcha (documentation). I have tried to run .render() on a website and then .verify() on a mobile app, passing the token between the two. I am not sure why this doesn't work, it could just be a problem with my setup, but after trying for over a week on this method, I gave up on trying to get it to work. The token I pass just doesn't confirm. I don't know how these two functions work under the hood, there may be some identification system for each unique instance of firebase.auth.RecaptchaVerifier that is invalidating this method, I really don't know.
If you want to take a stab at this method, I recommend using the cordova plugin (it is compatible on capacitor projects) instead of an iframe or the capacitor browser plugin for in-app-browser to the website because it is easier to use and there is better functionality for passing data between the app and the website.
Option 3: Implementing Manually on IOS and Android
I haven't tried out this method, however, theoretically, you could go into your android studio and Xcode projects to actually write swift and java code following the firebase instructions for firebase phone auth (android tutorial) (ios tutorial). This would probably work, but I am not sure how you would notify your ionic project to defer to the swift and java files when authenticating.
Please let me know if there are any methods that have worked for you or any solutions to the roadblocks I have encountered, this is what I've tried so far!
I am the OP. After doing more work I finally got the phone auth system to work using capacitor-firebase-auth (https://github.com/baumblatt/capacitor-firebase-auth). I also created a git repo showing my code example and how to use it: https://github.com/Darrow8/capacitor-phone-test
In my previous attempt, I was running into issues with getting cfaSignInPhone to work but after more tweaking, it worked. Another major issue was getting firebase.auth().signInWithCredential to work. It turns out I had to combine the aformentioned capacitor-firebase-auth library with #angular/fire https://www.npmjs.com/package/#angular/fire
You can simply use cordova-plugin-firebase-authentication its compatible with capacitor, it works for me.
https://ionicframework.com/docs/native/firebase-authentication
We have at least two Android applications that use the webview component with persistent offline data in the form of IndexedDB, LocalStorage, and Cookies. They appear to lose all of this data with the upgrade from Android 9 to Android 10 on Pixel XL (and at least one other device). This has not happened with these apps on other device upgrades over the last 5 years on any device that we know of.
This has the potential of data loss if users do push WebView data changes to the server before performing the upgrade.
We're trying to figure out if this is:
A bug in the upgrade process?
Intentionally done for some reason (and is it documented)?
Some change we are expected to include in the app to survive the Android 10 upgrade without this data loss?
Other Notes:
We confirmed that if we reload the data it operates normally but, as mentioned, users can still lose data with the upgrade
We tried restarting the device again
We created a debug version to inspect and the data
There were some changes in a way that WebView works. It is no longer provided by Google Chrome, WebView is now a separate app. Reason behind this is EU restrictions.
You can find more information here.
I am trying to understand BlobCache.UserAccount option using akavache. So far I could successfully implemented BlobCache.LocalMachine which works only offline.
Accoridng to akavache documentation;
Xamarin.iOS will may remove data, stored in BlobCache.LocalMachine, to free up disk space (only if your app is not running). The locations BlobCache.UserAccount and BlobCache.Secure will be backed up to iCloud and iTunes.
Windows 10 (UWP) will replicate BlobCache.UserAccount and BlobCache.Secure to the cloud and synchronize it to all user devices on which the app is installed
I guess this is something done automatically by the OS when you place the data into the certain folders, it is being backed up and this is what akavache is doing. Is that correct?
If yes, Is there a way to have something similar with Android. Nothing is described for Android. Is there some backup happening on google drive or we can implement easily?
I think this is iOS specific indeed. I tried to look it up into the code, but couldn't find something specific for the UserAccount. So, I think your assumption is correct. It might be for a different reason though, but I honestly think its iOS specific.
It looks like with android it doesn't store into google drive
https://github.com/akavache/Akavache/blob/master/src/Akavache/Android/AndroidFilesystemProvider.cs#L40
I haven't done that much with saving files into google drive but it doesn't seem quite as straight forward as it is on Windows or iOS. On Windows just save into a Roaming Folder and run with it. Where as with Android it seems less plug and play
https://developers.google.com/drive/android/get-started
Creating a new Android application that uses the Google Drive
Android API requires several steps.
I think in theory you could register your own IFileSystemHandler into Splat if you want to wire that connection up.
i am developing an mobile application(using Cordova and JQuery mobile) and i found that ios,android can anyone view my source code as is !!!
this is very dangerous for me , so i have used Cordova plugin for that
cordova-plugin-crypt-file
and it's pretty simple and good for ios , but for android i got problem with ajax and it's not work any more and always gave me 404 http error but ios using same everything works just fine
so my question is : how can i secure my source code with effecting other's
thank you
A lot of people have asked this type of question and basicaly you cannot get full protection on your app.
You can do a combination of the following
Obfuscate - there are reverse obfuscators
Encrypt - you may need to keep the encryption JS and the key on the app, unless you make the app connect online every time it is opened. If you are doing this anyway then is may be better to port sensitive code online and run it there. If your app decrypts the code at run time then someone may still see it via developer.
Paid protection
None of these will completely protect your code but the latter probably does the best. You do have to pay and I have not seen any independant write up on its efficacy. If you look at the links below have a look at the encryope ios one, this is the best so far.
Here are some links to other question on this
obfuscate
encrypt
encrypt ios
paid
Recently I tried to figure out where the application Meet Mobile's data was being pulled from. This is mostly out of curiosity as I noticed they have this free app for Android/iOS but nothing available from a computer which struck me as odd.
I set up fiddler on my computer with my phone using my computer as a proxy to access the internet, but when I do this Meet Mobile is not able to fetch data, even though I can use the browser to navigate the web without issue. I followed this guide to set up my proxy:
http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler
I have discovered that the main site the data is being pulled from is https://awmobile.active.com/, and I believe it is being pulled via port 443. However, I cannot figure out the correct syntax to query from this site (which I believe the application uses JSON).
Please let me know if there is a better way to go about capturing the web requests my application is sending off to its home base. This is mostly an exercise of curiosity, and I'm excited to see what potential answers there are.
Cheers!
I figured it out - I needed to install the Fiddler certificate on my Android phone for it to allow the connections. I followed the steps listed here:
http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler
Thank you for your help and time!