I'm trying to add Azure Mobile Service authentications to my WinRT app. I got everything working and I can sign in with all the 4 social media accounts(Facebook, Twitter, Google and Microsoft Account). But when I close the app and restart it, I have to write my user name and password even if I check the Remember Me button on either one of the options. Let say I logged in with my Facebook account, what I want to achive is, when I restart the app and click Login with Facebook, it shouldn't ask my username and password but automatically authenticate me. The remember me button seems to not working. Is there a way to achive this?
Thank you for the answers.
Edit: I'm using C#/XAML for my my app.
The following blog post covers caching the user's identity. http://www.thejoyofcode.com/Setting_the_auth_token_in_the_Mobile_Services_client_and_caching_the_user_rsquo_s_identity_Day_10_.aspx
According to this page: http://www.windowsazure.com/en-us/develop/mobile/tutorials/get-started-with-users-dotnet/
Note
... This method is easy to configure and supports multiple providers. However, this method also requires users to log-in every time your app starts. To instead use Live Connect to provide a single sign-on experience in your Windows Store app, see the topic Single sign-on for Windows Store apps by using Live Connect.
Related
I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.
I have a simple question that I can't solve with the resources about moodle and LTI.
I want my users to login into their App with moodle credentials (as often done with e.g. "login via facebook") - is my app the consumer or the provider?
I first thought the app is the provider but some points make me question that:
No, I do not want to start the app from within moodle.
No, I also do not want to embedd my app content in moodle.
I just want the users registered in moodle login to an app with their moodle username and password
All content I found on LTI provider assumed the opposite of point 1 and 2.
However, I also found that moodle can be a provider itself. It has been shown to be embedded in an external application. But in my understanding, the consumer is responsible for authenticating the login (which is opposite to point 3).
Am I missing something, that makes it so hard to see the soution here?
I found Atomic Jolt's try_oauth repo will do exact what you want. It also has an excellent code along video which explains the workflow really well.
You navigate to the app and it opens up a Canvas authentication page and grabs the users credentials.
https://github.com/atomicjolt/try_oauth
Hope that help.s
There is a plugin for moodle which makes it a oauth2 provider. You could use that to allow authentication in your app with moodle credentials.
https://github.com/projectestac/moodle-local_oauth
I want to read/write some content to Google Drive Programmatically from a ASP.NET MVC Application. Here i want to use Email ID and Password as hot coded instead of navigating user to authentication page.
I looked at some examples, all are redirecting user to Google authentication page. But My requirement is to use a fixed Google user account.
You can no longer use username/password for authentication. Just let go of it.
You can use the steps in the answer here How do I authorise an app (web or installed) without user intervention? (canonical ?) to achieve what you are looking for
I've recently been doing a bit of web development so I've been thinking more about authentication and stuff. On Netflix I noticed there is an extra option on the Account page to de-authorize other devices. My girlfriend changed her password but I was still able to use it without re-entering the password till she logged out other devices.
So my question is how does authentication for Netflix work if it doesn't have to locally store your password?
Netflix uses a version of Open autentication to allow a device to access an account. Once the device has been authorized it will then have access to that account until its has been deautorized.
Chaning password doesnt matter becouse the device has autorization already probably in the form of a refresh token stored someplace. So its not storing a password its storing an autorization token of some kind.
Lets use facebook as an example: (response to comment below)
https://www.facebook.com/settings?tab=applications
This shows a list of all the crap I have loged in to using my facebook account. Now I have probably changed my facebook password sevral times it wont matter I will still have access. Some of these are mobil apps i have installed on my cellphone at one time or another. Even if i dont use them they still have access.
This doesn't technically answer the question, but is related and, I think, helpful:
You can forcefully invalidate the previously-validated tokens for other devices by going to https://www.netflix.com/ManageDevices - as soon as you go to the page it will ask if you want to sign out other devices.
(from "Someone is using my Netflix account without my permission" at https://help.netflix.com/en/node/18)
I am making a mobile application where users can connect their twitter accounts to the app. I am just kinda curious what's the best way to do it.
Right now, I would love to be able to make my own custom page (without having to use a UIWebView).
Is this possible? If how, so?
Thanks.
As I understand, you don't want the user to be redirected to Twitter's OAuth authorization web page. You can use xAuth instead, but you have to send Twitter an email why you want this, and they won't allow xAuth for your app until it is in a very late development state (when your app is almost complete). You can find the manual for xAuth in the Twitter development documentation.
Basically, what xAuth does is it allows desktop and mobile applications to skip the request_token and authorize steps and jump right to the access_token step. This way, you can provide the user with custom fields (e.g. UITextField objects) to fill their username and password in. Just make sure you don't save them anywhere, only the access token. Good luck. :)
A quick web search reveals MGTwitterEngine