While sending out an App invite in my app, I am trying to find a way to add metadata to it so I can track internally who sent invites and how successful they were (Facebook only shows data from when the dialog is opened and there is no way to track specific funnels).
my code for sending the invite is:
private void openFacebookAppInvite() {
AppInviteContent content = new AppInviteContent.Builder()
.setApplinkUrl(FACEBOOK_APP_LINK_URL)
.setPreviewImageUrl(INVITE_PREVOEW_IMAGE_URL)
.build();
// WANT TO ADD METADATA HERE
AppInviteDialog.show(this, content);
}
Maybe this is not the answer that you had hoped for, but I think it will help to implement your requirements.
Part 1: send data directly with an AppInvite
As far as I know, it is not possible to send custom data with AppInvites created with an AppInviteContent.Builder directly. I will explain a more complex possibility in Part 3. But maybe a GameRequest is an option for you. A GameRequestDialog can be initialized with a GameRequestContent object. The method setData of the class GameRequestContent.Builder "sets optional data which can be used for tracking".
Part 2: tracking invites
Of course you can track that an user opened the AppInviteDialog (by do a simple request to your server). Sadly it is not possible to track which or how many users are invited.
But after an invited user accepts the invitation, installs and run the mobile app (or give you the permissions on a canvas, if you have a canvas app too), you are able to get all AppRequests (Invites) by do a query to /me/apprequests with the Graph API.
Also possible:
Canvas App: The POST request, your server will get after an invited user opens the canvas page, contains a parameter request_ids. This is a comma separated list of app-request-ids, which can be used in a graph query.
Mobile App: After the invited user installed and started the app in response to an AppRequest, you are able to get the app-request-ids from the intent or by the use of AppLinkData.fetchDeferredAppLinkData and appLinkData.getTargetUri().getQueryParameter("request_ids"). See the section "Supporting incoming links" in the documentation. Now you are able to create a graph api request.
Part 3: send data with an AppInvite via an App-Link
As shown in Part 2.2., you will get a targetUrl after an invited user opens the app. This targetUrl is specified in the AppLink found under the AppLinkUrl you used for the AppInvite. With a "Dynamic App Link endpoint" it is possible to send data to the invitees.
Here an idea how to implement this:
Your server defines an endpoint with the uri-template POST:http://example.com/users/${USER}/invites/. ${USER} is the username of the sender of the invitation.
Before creating the invitation dialog, the client sends a POST request to the endpoint from step 1 and will get an UUID as a response, which references the planned invitation and the user.
the server defines a second endpoint GET:http://example.com/users/${USER}/invites/${UUID}. The response to this endpoint is a page with a defined AppLink where al:android:url is example://users/${USER}/invites/${UUID} - of course the placeholder ${USER} and ${UUID} are replaced with the correct values from step 1 and 2.
The client uses the endpoint from step 3 (http://example.com/users/${USER}/invites/${UUID}) as the app-link-url when creating the AppInviteContent.
The invited user accepts the invitation and opens the app. Now we are able to get the UUID from the targetUrl (see step 2.2 / "Supporting incoming links").
Related
My idea is to use verifiable credentials for logging into my Kotlin Android app. For that purpose I use Aries Cloud Agent (aca-py). For communication with an agent there is an API. This agent enables creation of the connection between wallet (lissi, trinsic, esatus, etc.) and agent and afterwards sending proof request. The data from proof request (verifiable credential with for example first name, last name, email) are than used to login.
Each of these steps requires specific API request. It is possible to implement each step as separate button. In that case, user should first press button to create QR code that can be scanned from wallet and therefore establish connection. After than second button should be pressed to send proof request. And once the credentials are presented, third button should be pressed so that an app takes that info from agent with a GET request. However my idea is to automate this whole process.
That can be done using agents webhooks that can inform app once there is a new connection created and that can be used as trigger to send second proof request. The same happens once the proof request is sent. However, I am not sure how to implement push notification into my app once there is a new webhook.
I read that it can be done with Firebase and AWS Amplify. In both cases I think should pay for it and to be honest I am not too familiar with their services. Is there some other option? Does anyone know some free alternative? Currently my idea is just to build like a prototype so there is no need for production services. Thanks in advance!
A web hook is basically an external-facing URL which can take a payload, etc. You can create these endpoints using Cloud Functions onRequest. these use express based request/response callbacks
https://firebase.google.com/docs/reference/functions/providers_https_#onrequest
http://expressjs.com/en/4x/api.html#res
For example:
From the client side,
Start a listener in realtime db to the users ID, then: Create a dynamic link or a cloud function URL which can be rendered as a QR code A B C, and from there: a series of URL's and Dynamic Links for each step of the way. the user's client can get real-time updates from Firebase while this process is going on, allowing you to update the user with the current process and instructions.
https://firebase.google.com/docs/database/web/read-and-write#web-v8_2
The keynote is to associate the process with a one-time disposable token, so that your webhooks can know which user the process can follow. You could use the user's ID, but this can be predicted and spoofed if any webhook endpoint is exposed.
Realtime DB:
processing: // location for all clients processing can listen to for updates
+userId: { // userID so that the location is predictable should the client disconnect
+--"State": "state1",
+--"URL":"https://url.for.qr/code?=disposable_token"
}
status: // location for all webhook processing and tracking of stats
+token: { // userID so that the outcome is predictable should the client disconnect
+--"User": "userID",
+--"stage":"authenticating"
+--"createdAt":"Date.now()"// track when the process started, ensure that requests can expire after X minutes/hours
}
To the client, the button presses can be automated purely with a realtime db listener
I am currently working on a pkpass library for Android. There is one point that I cannot figure out. The Apple's PassKit Web Service Reference specifies how to register a device for automatic updates. This seems to work only with iOS devices.
However, there are a couple of apps out there for Android that are able to register for automatic updates somehow. Wallet Passes | Passbook and Pass2U Wallet for Passbook for instance.
I created a demo pkpass file using PassSource's API. When I update the file on their website, those apps get notified somehow and then show a notification to the user.
This is the behavior I'm trying to create but I cannot figure out for the life of me is what URL with which parameters to call.
I tried every possible combination of values for:
POST request to: webServiceURL/version/devices/deviceLibraryIdentifier/registrations/passTypeIdentifier/serialNumber
Parameters
webServiceURL
The URL to your web service, as specified in the pass.
version
The protocol version—currently, v1.
deviceLibraryIdentifier
A unique identifier that is used to identify and authenticate this device in future requests.
passTypeIdentifier
The pass’s type, as specified in the pass.
serialNumber
The pass’s serial number, as specified in the pass.
Header
The Authorization header is supplied; its value is the word ApplePass, followed by a space, followed by the pass’s authorization token as specified in the pass.
Payload
The POST payload is a JSON dictionary containing a single key and value:
pushToken
The push token that the server can use to send push notifications to this device.
as specified on the apple documentation.
I also studied Walletpasses Documentation and Pass2U Documentation
Help is greatly appreciated!
Thanks!
I am currently working on implementing a mobile app for our site that uses Ruby on Rails and Devise. The idea here is, at first, create a mobile login form that on successful login opens a web frame that is authenticated and allows the normal use of the (mobile optimised) site. Theoretically that should be possible.
I am having trouble with the following issues:
How do you get the pure session key for the user session via a json request? What methods can be used to manually generate it from devise, something that the sign_in(:user, user) method does?
Is it even possible to take that key and put it into the browser cookie the way it normally happens in devise, but on the mobile side?
I know that this is not the standard method of making mobile applications for the site, but I believe it should be possible.
You might want to consider using Devise Token Auth and treating your mobile application like just another webapp that requests permission from your main site. DTA is particularly nice since it takes care of managing the session tokens (renewing/expiring) and passing them onto the app requiring access. The issue is overriding your session controllers so that it automatically logs in after you already log in on the mobile app (or just rewriting your log in so it occurs in conjunction with the Rails site, rather than before). Considering you're already using Devise, this may also be more refactoring than you'd like.
If you want to put your authentication form on the mobile UI and pass the credentials over to the web frame, you need a way to pass data from the mobile app to the web frame.
How you accomplish this depends on what platform you're building on. I'm not really a mobile developer so I don't know for certain how difficult / easy these options are:
When opening the web frame, instantiate it with session data
Find a way to call methods on the client from the web frame. Something like getSessionData.
You could generate a fingerprint for the web frame, have the mobile UI send this data to the server, and then have the web frame authenticate with the server by sending the fingerprint.
Again, I'm not entirely sure how possible all these options are.
You should use token authorization and Android deep linking. It will allow you to login in the web browser and send a token to your app via deep linking.
OK, so I decided to make a webframe solution as follows, basically you post the login and password to a certain sign_in method specially designed to generate one-time sign in tokens for the application. You need two methods in the system to do that:
routes.rb
devise_scope :user do
get "sign_in_with_token/:token" => "sessions#sign_in_with_token"
post "get_login_token" => "sessions#get_login_token"
end
sessions_controller.rb (don't forget to add the method that increases the failed_sign_in_count on wrong password, otherwise that can allow brute force attacks)
def get_login_token
user = User.find_by_email(sign_in_params["login"])
password = sign_in_params["password"]
if user and user.valid_password?(password)
token = SecureRandom.hex(16)
user.update_attribute(:authentication_token, token)
render json: {token: token}, status: 200
else
render json: {error: "error"}, status: 403
end
end
and the method to sign in with that token
def sign_in_with_token
#user = User.where(authentication_token: params[:token], email: Base64.decode64(params[:email])).first
if #user
#user.update_attribute(:authentication_token, nil)
sign_in(#user, bypass: true)
end
redirect_to '/' # or user_root_url
end
That way the mobile app will work like this:
use the generic web frame to send ajax requests to the server and get that token for the user email if password is correct.
make a /sign_in_with_token/#{token from ajax}?email=#{base46 encoded email} link inside the app.
open that link inside the web frame and use the app as though you were logged in normally. Now the app can save email and password locally and use that logic to get the token again for another session. Later logging in will also be able to set the app id so that push notifications can be sent.
Appreciate any feedback or criticism on this solution.
I'm trying to implement one-time code sign in flow in my system.
Application contains of two parts:
1)Android application which requests Google+ for one-time authorization code
2)Rails server that receives one-time code from android application in request header and tries to exchange code for access_token and id_token from Google+
The problem is that everything works well if I get one-time code using JavaScript sign-in button in browser, but doesn't work when one-time code is obtained by Android application and then sent to my server.
I'm getting always
"error" : "redirect_uri_mismatch"
My server settings are following:
{ "web":
{ "client_id": "MY_REGISTERED_WEB_APP_CLIENT_ID",
"client_secret": "MY_CLIENT_SECRET",
"redirect_uris": ["postmessage"],
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token"
}
}
Now, how I'm requesting one-time code from Android app:
I use the same MY_REGISTERED_WEB_APP_CLIENT_ID as on my server for requesting one-time code. I don't know, maybe I have to use on Android another client id, that corresponds to my Android application? But all found documentation and articles are pointing to registered
Web app client_id.
Or maybe my rails server should be configured not for web, but for installed type of registered in Google Console apps?
Now regarding redirect_uris.
I've tried to set several redirect_uris in Google Console:
empty field
http://localhost:5000
https://localhost:5000
http://my.deployment.url/auth2callback
Web origins in Google console are set to
- http://my.deployment.url
- http://localhost:5000
Can't figure out what I'm doing wrong.
Actually I don't understand why I need to set this redirect_uris values, since I don't want to have callbacks from Google, I just want to get access_token and use it for accessing Google+.
This is happening because the redirect_uri your android app is using to create the initial login flow is different from the redirect_uri the server is using when it tries to excange the code for an access_token. The redirect_uri the user returns to and the redirect_uri used in the token exchange must match.
The proper redirect_uri in this case is "urn:ietf:wg:oauth:2.0:oob"
I'm thinking about how to solve the next problem:
An Android App which I want to connect to facebook, and to a Server backend(Srv).
Server backend(Srv) which I want to connect to facebook.
The server will run a task that will Get all the Friends of the user(on fb), and the user Statuses(on Fb), and store them on it.
Base assumptions:
I use android as a Mobile device
Server is GAE
Entity key in GAE is the user’s FB-id
User Entity contains:
User fb_id
User verified list(FB_ID String)=> friends of the user that have the app) // maybe use HT?
User statuses list(Status text, date, url)=> whatever I can get from a Status of a user in facebook..
Main questions:
Is the Data representation thought out? can it be better?
How do I handle a situation where two users which are connected to one another add the app at the same time- how can I avoid overlapping?
Should the device Authenticate itself, also with the GAE server?
How to Authenticate GAE with FB
Algorithm:
Android side:
User login and get access token from FB
Posting to my server(Srv) FB Token & myUserFBId // Should I use REST protocol or HTTP
POST?
Server side:
A Servlet handles the POST
{
Query FB ->for the user's friends ids(into friendList = arrayList<FBItem))
foreach FBItem item in friendList
{
//check which FB-ids are in my DB
friendEntity = getKey(item.fb_id)
if(friendEntity != null)
{
// friend exists
verifiedFriendsList.add(item.fb_id) //verifiedFriendsList is ArrayList<String>
friendEntity.getVerifiedFriendList().add(myUserFBId)
}
}
Query FB ->for the user's statuses(into statuses = arrayList<StatusItem))
add new FBEntity(myUserFBId, verifiedFriendsList, statuses) to DB }
Thanks
I have not done anything like this but I think you will need to
Ask user to authenticate your application to use FB- Read about OAuth Api of Facebook
Once your app is authenticated with sufficient permissions you can get users data as per your requirements .
Once you get the data you can process it.
Oauth on FB is what you are searching for..
I'll give you my 4 cents:
The questions that should lead you in developing the DS are: (A) On the
server side, How does the data persist? to a File? to a Database? (B) How much of that data is required to perform the calculations you want done, and how do plan to access it (for example, for an O(n) run, I wouldn't use a HashTable) (C) How does the persist / de-persist work? with an ORM? custom queries?
About concurrency, you'll have to explain what's bugging you. People sign in to SO simultaneously all the time.
3/4. Not an android developer, can't help.