I want to create a User Session on Android so that i do not have to login every time.
What content should be stored in Shared Preferences so that i can authenticate every time my server gets a request from the user i can make sure people are not hacking into my system.
The users can login via the following in my app
Facebook
Google
Do i need to convert and store some encrypted data in Shared Preferences ?
Or just Storing the users Email or Username should be enough.
Its easy to store the credential in shared preferences So that when you splash screen comes it you can check it and redirect the user to the next screen without asking user to Login into google or facebook.
I have used the preferences to login using facebook and our own server. For that i hae stored one boolean variable that user is is login with facebook or our own server then if the user loged in with our own server then we have called the webservice in background with stored usercreadential in preferences and if user loged in with facebook then we have usered
if (Application.prefs.isFacebookLogin()) {
facebook = new Facebook(Application.APP_ID);
// Instantiate the asynrunner object for asynchronous api calls.
SessionStore.restore(facebook);
SessionEvents.addAuthListener(new FbAPIsAuthListener());
if (facebook.isSessionValid()) {
Application.prefs.setAccessTokenFb(facebook
.getAccessToken());
Application.prefs.setExpirationFB(facebook
.getAccessExpires());
}
// redirectHome();
// finish();
}
Here after that we have redirect user to the first screen if the creadential goes right.
Related
when user first login I save it like this:
SharedPreferences pref = getApplicationContext().getSharedPreferences("pref01", MODE_PRIVATE);
SharedPreferences.Editor editor = pref.edit();
editor.putString("username", username);
editor.putString("password", password);
editor.apply();
next time he opens the app I get this username value in loginactivity automatically and, automatically, open user area if username is set by shared preferences.
So everytime the user upload an image, do some changes on his account I give this username stored in userpreferences to PHP.
My question is, is it ok? or do I need to check user and password everytime user opens my app? can user change the sharedpreferences? because, for example, if user 'maria' changes it to 'josh' she will login automatically in josh account... is it possible to happen?
Instead of saving login detail use token. When user login then in response of api call send token generated from server itself & Save it to preference. Use this token in every other api as Auth key. So user also can't change it and even if token is changed then server will know that token is inviladate as your token generation logic then logout user from app redirect UI to login screen.
I want to launch a new activity after successfully logging in using facebook login and maintain my session across all activities. I also don't want the log out in the next screen.
Samples for the new sdk don't provide any info about sessions so I am not sure how to go about this. Do we use AccessToken or Session class to maintain session and could anyone please provide links or examples for the same?
Once you initialize the Facebook SDK in your app and go through the login steps and get the user access token, your application will be logged in until you logout from user account via code.
And you can fetch the access token and check its status and validity (once the user logged in via your app) from any of your application activities via:
mAccessToken =AccessToken.getCurrentAccessToken(); // Which is a static function.
if(mAccessToken == null) // user are not logged in
{
// Proceed with your log in logic / code.
}
I have an app which do the canonical email/password login and signup to the server.
Note: I need to do the login / auto-login every time the user open the app.
Now I want to add login/signup with fb.
Currently I'm using the android Account manager with a custom authenticator where I save mail and password. If a user log in with fb I will not have any password to save in the account: I have to save something else instead or I'll leave that field empty? In the latter if I'll add another auth system as Twitter how can I know to which system the user belong?
Speaking about the server, which data I'll have to send to it to authenticate Fb users? I thought about the couple email/id, but it doesn't seem too strong to me...
Thank you for your time
how can I know to which system the user belong
Use SharedPreferences in order to save which system the user belong to:
public static int TWITTER_ACCOUNT = 0;
public static int FB_ACCOUNT = 1;
onLogin(){
if(fb){
SharedPreferences sp = getSharedPreferences(context);
sp.edit().putString(PREF_ACTIVE_ACCOUNT, FB_ACCOUNT).apply();
}
}
which data I'll have to send to it to authenticate Fb users
Why not sending the access_token?
If a user log in with fb I will not have any password to save in the account
Just keep the access token. you should use fb access token to get data from FB or login to your system. have a look at oauth2
Also do note that you are missing the point if your users need to login each time the app starts
To save user data in AccountManager use:
public void setUserData(final Account account, final String key, final String value)
public String getUserData(final Account account, final String key)
I'm creating an android application in which i am using facebook login.I'm using graph api for this purpose.I want to display the profile picture,name and location of the logged-in user.I have a method for getting the profile information.I want to display the details each time i open my app without calling the login method each time.ie.i want to display the details automatically as long as there is an active access token.How to do this ?
My method for login is working fine.How to display the details automatically as long as there is an active access token ?
Use the Session object to create a new Session using your Facebook access token, and token expiry date
You can store user info in Shared Preferences
for example; You can save user data after login
// this Application Context
SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(this);
SharedPreferences.Editor editor = preferences.edit();
editor.putString("name",retrievedName);
editor.putString("picture",retrievedPicture);
editor.putString("location",retrivedLocation);
editor.commit();
Then you can check easily if user authenticated
getString(String key, String defValue)
//if it is null login again
String name = preferences.getString("name",null);
Or you can use sqlite as well but if you are developing native app it would be better to use facebook android sdk
If you're trying to request data from an API/Web Service how do you design the login process?
If it is sensitive data, do you send a login request to the server /w username+password, and receive a session-token or similar, or do you send username+password every request?
Assume you do get back a session-token. How do you get a fresh token, without asking the user to reenter their credentials. Do you save username+password on the device?
It is best to use client credentials flow of auth2:
show web page with login page
user enters username + password
page reloads and you get parameters from new page (auth code)
issue token request with auth code retrieved from previous step
save token with refresh token
use refresh token to obtain new token but remember that refresh tokens will have 'refresh_token'
value set to null so you will have to save refresh token retrieved
at the beginning to issue new tokens after they got too old (usually
3600s)
This: http://bshaffer.github.io/oauth2-server-php-docs/grant-types/client-credentials/ and this http://brentertainment.com/oauth2/ will make it easier to understand and implement