When I use parse.com, I am not sure whether there a module for Mobile registration, it will use my mobile number and a sms verification coder, the way just like like WhatsApp does?
I don't believe Parse has a service like that.
Nexmo, where I work, has an API that enables you to easily verify that a user has access to a specific mobile device. Nexmo sends a single use code by SMS or Voice, retrying when needed. Once the user enters the code to your app/website, the Verify API confirms if it is valid.
Nexmo’s Verify API
Make a call to https://api.nexmo.com/verify/json (or /xml)
Add parameters: api_key, api_secret, number (to be verified), & brand/app name
Optional parameters: language, length, etc. (Full list of parameters in documentation)
Take a look at the Nexmo's Verify documentation here
Related
I am using the Android Voice SDK to build an app where one user can call another app user. Calls can only be made to other app users (by searching their username and calling them with a simple click).
(1) In this scenario, are each users provided with a Twilio phone number?
(2) Say user A calls user B. How does Twilio know that user A is calling user B? (Both a general AND technical explanation would be really helpful here). What is the workflow from making that call to answering it?
The current documentation on the Voice API doesn't explain its technical use in conjunction with Android except for the quickstart Android project on github. However, as this is focused more on implementation rather than technical explanation, there are a few aspects I am still trying to understand like phone numbers not seemingly being used and the other points mentioned above.
When you are making app to app calls, your users do not need a phone number. Instead they are identified by the identity that you provide for the user when you generate an access token for them or when you create a push credential (as Stephan points out).
When you create an access token for your app's user, you provide a TwiML application SID. That TwiML application defines the URL that Twilio will make a request to when placing outbound calls.
When you place a call with the Voice SDK you pass a set of params to the connect method:
HashMap<String, String> params = new HashMap<>();
params.put("to", contact.getText().toString());
ConnectOptions connectOptions = new ConnectOptions.Builder(accessToken)
.params(params)
.build();
Voice.connect(VoiceActivity.this, connectOptions, callListener);
You can send any params you like, in the example above we send a param called "to" with a string from an input field in the view. When you place the call, Twilio then sends those parameters to that URL set in the TwiML application.
When your application receives that webhook it needs to return TwiML to Twilio to tell Twilio what to do next. In your case, you need to return TwiML that will use <Dial> and <Client> to connect to another application. In this case, you would take the incoming param "to", as defined above, and use it as the client identity you want to call.
<Response>
<Dial>
<Client>
<Identity>IDENTITY_FROM_PARAMS</Identity>
</Client>
</Dial>
</Response>
That way Twilio will connect the dialling application to the receiving application identified by the identity.
I am trying to automated a flow where I can read sms and then parse the SMS to read the OTP and enter it in another webapp. Looked through all forums but couldn't find an answer.
I am writing code in java and trying to run a webapp on android device using appium.
Can someone suggest how to do it?
If you want to read sms from device in Appium session there is a good approach described in discuss.appium.io
I think you can create several sessions in one test: 1 - to get sms with native app, 2 - open webApp in mobile browser and do whatever you need
This approach worked for me
Suppose your OTP sms is like "OTP is 12345 for your order", and it shows up in your notification panel,
Reach the OTP Screen
Pull down the notification bar ((AndroidDriver) driver).openNotifications();
Wait for this element otpElement with xpath //android.widget.TextView[contains(#text,'OTP is')] is displayed (ie, While the sms arrives)
Use OTPmessage = otpElement.getText() to get the OTP message text
Extract OTP using this code : String OTP = StringUtils.substringBetween(OTPmessage, "OTP is ", " for ");
Close notification panel using ((AndroidDriver) driver).pressKey(new KeyEvent(AndroidKey.BACK));
I dont think this is a good approach if you are testing the app. It might take lot of time for the OTP to arrive thereby failing your test unnecessarily. Better ask your devs keep the OTP fixed so you don't need to receive it through the sms everytime.
You can add a key to store last OTP in an in-memory storage like Redis or closured Dictionary in your backend language, you will then update this key with the value of the OTP you want to send out via an SMS service provider. The last sent OTP stored in this key should then be exposed via an additional api endpoint in your service, which you would then call as part of your automated script after doing an action that will make the OTP to be sent.
A more reliable and robust modification of this will be to expose an API that retrieves the OTP stored against each phone number, you must have this stored already of course before you could do the verification in-app. This endpoint must only be exposed within a test environment, that's the precaution to pay attention to, or you make the endpoint available only to authorized user roles.
I am currently working on a pkpass library for Android. There is one point that I cannot figure out. The Apple's PassKit Web Service Reference specifies how to register a device for automatic updates. This seems to work only with iOS devices.
However, there are a couple of apps out there for Android that are able to register for automatic updates somehow. Wallet Passes | Passbook and Pass2U Wallet for Passbook for instance.
I created a demo pkpass file using PassSource's API. When I update the file on their website, those apps get notified somehow and then show a notification to the user.
This is the behavior I'm trying to create but I cannot figure out for the life of me is what URL with which parameters to call.
I tried every possible combination of values for:
POST request to: webServiceURL/version/devices/deviceLibraryIdentifier/registrations/passTypeIdentifier/serialNumber
Parameters
webServiceURL
The URL to your web service, as specified in the pass.
version
The protocol version—currently, v1.
deviceLibraryIdentifier
A unique identifier that is used to identify and authenticate this device in future requests.
passTypeIdentifier
The pass’s type, as specified in the pass.
serialNumber
The pass’s serial number, as specified in the pass.
Header
The Authorization header is supplied; its value is the word ApplePass, followed by a space, followed by the pass’s authorization token as specified in the pass.
Payload
The POST payload is a JSON dictionary containing a single key and value:
pushToken
The push token that the server can use to send push notifications to this device.
as specified on the apple documentation.
I also studied Walletpasses Documentation and Pass2U Documentation
Help is greatly appreciated!
Thanks!
While sending out an App invite in my app, I am trying to find a way to add metadata to it so I can track internally who sent invites and how successful they were (Facebook only shows data from when the dialog is opened and there is no way to track specific funnels).
my code for sending the invite is:
private void openFacebookAppInvite() {
AppInviteContent content = new AppInviteContent.Builder()
.setApplinkUrl(FACEBOOK_APP_LINK_URL)
.setPreviewImageUrl(INVITE_PREVOEW_IMAGE_URL)
.build();
// WANT TO ADD METADATA HERE
AppInviteDialog.show(this, content);
}
Maybe this is not the answer that you had hoped for, but I think it will help to implement your requirements.
Part 1: send data directly with an AppInvite
As far as I know, it is not possible to send custom data with AppInvites created with an AppInviteContent.Builder directly. I will explain a more complex possibility in Part 3. But maybe a GameRequest is an option for you. A GameRequestDialog can be initialized with a GameRequestContent object. The method setData of the class GameRequestContent.Builder "sets optional data which can be used for tracking".
Part 2: tracking invites
Of course you can track that an user opened the AppInviteDialog (by do a simple request to your server). Sadly it is not possible to track which or how many users are invited.
But after an invited user accepts the invitation, installs and run the mobile app (or give you the permissions on a canvas, if you have a canvas app too), you are able to get all AppRequests (Invites) by do a query to /me/apprequests with the Graph API.
Also possible:
Canvas App: The POST request, your server will get after an invited user opens the canvas page, contains a parameter request_ids. This is a comma separated list of app-request-ids, which can be used in a graph query.
Mobile App: After the invited user installed and started the app in response to an AppRequest, you are able to get the app-request-ids from the intent or by the use of AppLinkData.fetchDeferredAppLinkData and appLinkData.getTargetUri().getQueryParameter("request_ids"). See the section "Supporting incoming links" in the documentation. Now you are able to create a graph api request.
Part 3: send data with an AppInvite via an App-Link
As shown in Part 2.2., you will get a targetUrl after an invited user opens the app. This targetUrl is specified in the AppLink found under the AppLinkUrl you used for the AppInvite. With a "Dynamic App Link endpoint" it is possible to send data to the invitees.
Here an idea how to implement this:
Your server defines an endpoint with the uri-template POST:http://example.com/users/${USER}/invites/. ${USER} is the username of the sender of the invitation.
Before creating the invitation dialog, the client sends a POST request to the endpoint from step 1 and will get an UUID as a response, which references the planned invitation and the user.
the server defines a second endpoint GET:http://example.com/users/${USER}/invites/${UUID}. The response to this endpoint is a page with a defined AppLink where al:android:url is example://users/${USER}/invites/${UUID} - of course the placeholder ${USER} and ${UUID} are replaced with the correct values from step 1 and 2.
The client uses the endpoint from step 3 (http://example.com/users/${USER}/invites/${UUID}) as the app-link-url when creating the AppInviteContent.
The invited user accepts the invitation and opens the app. Now we are able to get the UUID from the targetUrl (see step 2.2 / "Supporting incoming links").
With the purpose of learning about endpoints I'm building an app called "Where Are You?". The app lets users request the location of other users. The idea is that it does so by letting the user select a contact, lookup the contact by phone number in my endpoint. If found it means that the contact have the app and GCM is sent requesting the location. If the contact isn't found a SMS is sent with an url which will request the location through a browser, perform a http post of said location and have the server GCM it back to the person requesting the location.
I need to authenticate users of the app and store phone numbers of several contacts as well as users of the app. As of now I'll mainly focus on the server side of things.
How can I archive the above in a safe manner?
So far I'm enabling OAuth 2.0 for my API and passing the user_required=True as argument to my Model.method decorator. Resulting in the following code:
from google.appengine.ext import endpoints
from google.appengine.ext import ndb
from protorpc import remote
from endpoints_proto_datastore.ndb import EndpointsModel
class User(EndpointsModel):
owner = ndb.UserProperty()
phone_number = ndb.StringProperty()
reg_id = ndb.StringProperty()
created = ndb.DateTimeProperty(auto_now_add=True)
#endpoints.api(name='whereareyoudroid', version='v1',
description='Where Are You Users')
class UserApi(remote.Service):
#User.method(user_required=True,
response_fields=('id',),
path='user')
def insert(self, user):
user.owner = endpoints.get_current_user()
user.put()
return user
#User.method(user_required=True,
request_fields=('id',),
path='user/{id}',
http_method='GET')
def get(self, user):
if not user.from_datastore:
raise endpoints.NotFoundException('User not found.')
return user
But the above code only requires a valid gmail account. I'm thinking something where you only can access a user if you already have the phone number? Which would be the case if I limit the response fields on the get method to exclude the phone number... unless someone decides to brute force the service. Suggestions? Comments?
From this I gather that I can configure my endpoint to only accept requests from my apps. Is that right? And if so, couldn't someone extract the need information from the apk or modify it to perform... evil? :)
Update:
A makes a request for B's location
Querys endpoint by phone number
if not found simply send a request per SMS
if found... go to 2.
Request is forwarded to GAE app
This is done by inserting a Location endpoint whoes id is a UUID and sends a GCM to B about the request
GAE app verifies that A's secret ID is on B's whitelist
There is no whitelist and the secret id is the UUID so this step is eliminated
The app then queries for B's location
If B decides to grant access to it's location B simply updates the Location endpoint based on the UUID
Once the app retrieves this information, it then verifies that it is only sending this information to the user identified by A's secret ID
When B updates it's location GAE sends a GCM to A informing about the update
The info is then sent securely to A's client
Done! GCM and SMS (and HTTPS) can be considered secure... right?
Update: GCM isn't secure... but does it really matter that much?
You are wanting to acquire a rather sensitive combination of information - user email (as identity), phone number, and location.
So firstly, you'll have to be very considerate about privacy issues for users, having a policy on how this information is stored and distributed and make it clear to users what they are allowing. I would suggest not storing any aggregate of this type of dataset in the client, in as much as possible.
For this purpose I would recommend using GAE storage as much as possible.
Your app querying a user's location shouldn't be too worrying, provided things are done over secure channels kept well.
What is worrysome is that that information only reaches an allowed source. i.e that only a mutual contact can request this information.
I'd suggest that for each user, a whitelist of allowed contacts would be best. For each user, have a secret random uuid associated (that never goes out to any client) on GAE. A user registering for your service would create this ID. The whitelist would then consist of a list of secret IDs.
A process could then be-
A makes request for B's location
request is forwarded to GAE app.
GAE app verifies that A's secret ID is on B's whitelist
The app then queries for B's location
Once the app retrieves this information, it then verifies that it is only sending this information to the user identified by A's secret ID
The info is then sent securely to A's client