I would like to have a twitter connect on both my desktop and mobile applications. The problem is that for my desktop application I use the callback authentification. And for my mobile applications I use the Pin authentification. So when I connect my mobile app to twitter it is redirect to my website. Is it possible to use both of these options without creating two different applications?
Is anyone met this problem?
So basically you would like to use the same consumer keys in both of your application with different callbacks?
If so, in your desktop application set the callback URL (oauth_callback parameter) to your website and in the mobile application set it to oob. (You can set these parameters in your requests, don't have to rely on the callback URL you explicitly entered in your app settings. Take a look on this part of the API doc: https://dev.twitter.com/docs/auth/oauth#registering-an-app). If this won't work (for example because Twitter does a check on if your application is mobile or desktop) then you will have to register two apps for this. And why wouldn't you do that, if you have two applications.
Related
I want to restrict users to login from one device only using java for the app and I want to know how it possible to do the same thing for the web and if there any better solution.
I want to ask about the security of web application.
I'm developing on web site for an inventory management system by web service.
And wrapping as android application with the webview.
But my client ask the website can be opened in android application only.
I think it is possible with agent header when web server response to request.
But it just a makeshift.
So is there any way to check the website is opened in browser not authorized application?
I used spring boot for web server.
This is not possible. Once you expose an endpoint publicly, you can always try to connect to it with whatever software supporting the protocol (or an analyzer which will reverse-engineer the protocol).
This said, you can make it difficult by obfuscation.
One solution is to use information provided by the client (browser in your case). This is usually the agent header (as you mention) but can also be some fingerprinting. You could for instance detect the size of the screen and make some decisions from there on.
Another solution is to use some secrets (better call them "secrets") to show the backend application (or API) that some specific code is calling. I can imagine that you could bundle the HTML/JS/CSS code in your application, together with a key so only the application owners will be able to send a recognizable traffic (recognized by the backednd).
All of this is more or less difficult to crack but with some layers you will get rid of at least some population which would like to access the site via other means than an app.
Is it possible to use CloudKit Web Service from Android native app? How will that authentication popup window appear in a native app if I want to let user able to modify records?
Can I put a button to the native app, that will open up browser and the redirected content will appear there, and when authentication successfull, specify a callback where token which uniquely identifies users, I guess user record name can be received?
Apple engineer talks about login from web here on this session video: https://developer.apple.com/videos/wwdc/2015/?id=704
CloudKit Web Services is intended "to provide a web interface for users". If you use it to provide a native Android interface, you will probably get your iOS app rejected and lose your CloudKit access entirely.
But if you want to try it, Apple already has documentation for CloudKit Web Services which explains how to authenticate users.
From looking at the session video you mention, and also at the links and comments from Richard, I would say the answer is No to writing full native Android CloudKit apps. The reason is that Apple does not give you the option to enter the userID and password in your own dialog. The user can enter those only in a web window popped up by the apple code. So it seems at least that part of the app (authenticating the user) needs to be done using web code. I am not an Android programmer so perhaps it is possible to put together a hybrid app that addresses this issue.
Having said that, public database access does not require an iCloud account so you may be able to write an app that only uses access to the public part of your container using native Android code.
I am no expert but this is what I read on Apple website.
Use an API Token from a website or an embedded web view in a native app, or when you need to authenticate the user.
Maybe its like Netflix. Because Netflix iOS app looks just like netflix.com. To me it looks like netflix is using embedded web view. Maybe you can do the same with CloudKit.
I have a web based service (running for years) that works with google apis.
Now I would like to create an android and iphone ui (using xamarin) that uses my web services which in turn talks to google apis.
Given that I don't talk directly to google apis from the phone, do I need to use a web browser control to let the user login, or can I authenticate my server and establish a session natively on the phone?
I'm afraid I need to use a browser window, and I don't think it's user friendly to have to login to a google account in a browser window on the phone.
(I want to keep the logic on the server, so that the phone apps and the web ui uses the exact same code for it's calculations.)
EDIT: It seems Cross-client identity is what I'm looking for.
It can be done natively. See this video https://www.youtube.com/watch?v=9wAx39s10yw which explains all of the procedure using cross-platform authentication.
I am developing a sencha based application for iPhone & Android. As a S/W requirement, i need to identify device (on the basis of IMEI or MAC address) accessing the service.
e.g. If a user of iPhone visits my sencha-web-app first time, he will need to register. And if he visits again, Application will detect and registration process will be skipped.
Q: How can i get IMEI or MAC of device using sencha, to identify it uniquely?
You will need to wrap your Sencha application in a native wrapper. I recommend using PhoneGap, they have a nice UUID property as documented here: http://docs.phonegap.com/en/1.3.0/phonegap_device_device.md.html#device.uuid
If this is a web app running in the browser there is no way to get that information. On iOS, the IMEI is actually restricted information that you can't access anyway. If you simply want to remember users, the standard way would be to just use a cookie. Is there a particular reason you want to tie this to a hardware identifier and not use a cookie?