Where can I find a good detailed tutorial using sskeychain to store and retrieve usernames and passwords and to do basic authentication in a UIWebView? Secondarily, am I on the right track as far as the methods needed to store and use authentication for a web based application? (See explanation below.)
I found a couple tutorials using different methods:
Interacting with keychain directly
Handmade keychain wrapper (sic)
SFHFKeychainUtils
According to recommendations from other SO questions below, sskeychain is recommended for an easier use of the keychain to store authentication parameters.
Cocoa interface to MacOS X Keychain
https://stackoverflow.com/questions/8381072/save-username-and-password-for-url-like-gmail-com-iphone
My plan is to store a username and password locally on the device in the keychain as recommended and connect over a UIWebView using basic auth to my PHP code. Is there a good step by step tutorial for xcode/Obj-C newbies on the topic of user authentication that would be recommended by experienced iOS developers?
The Apple documentation seems less than helpful. It's either pages with simple sales jargon or just head imploding descriptions of methods and parameters without many helpful examples.
Update:
I ended up just using NSUserDefaults to store the username and password locally and the AFNetworking library to do the authentication. If these are unwise I'd welcome an answer that supplies guidance on a better method.
Using AFNetworking to do the authentication and calls to the server is great! But I would highly discourage you from storing credentials (username and password) in NSUserDefaults, since the contents are stored in a plist as plain text and can be read just by plugging your device to a mac. I recommend you to check these other questions and great post of a well-known case for further details on the topic.
You were right going for Keychain and using SSKeychain is easy and fast. You can find this good example on how to use SSKeychain to locally store the credentials.
// Store credentials in Keychain
[SSKeychain setPassword:#"thePassword"
forService:#"com.yourCompany.yourApp"
account:#"theUserName"];
// Retrieve credentials from Keychain
NSString *password = [SSKeychain passwordForService:#"com.yourCompany.yourApp"
account:#"theUserName"];
If you want to do basic auth, you might be better off using a networking service like AFNetworking. They all you to create a webclient, pass in a username/password combination and they take care of the rest.
This link show you the exact method call you need to invoke:
http://engineering.gowalla.com/AFNetworking/Classes/AFHTTPClient.html#//api/name/setAuthorizationHeaderWithUsername:password:
There is also a large community and a bunch of examples of developers using AFNetworking in all types of iOS project.
I would recommend to you to use
Lockbox
It's lightweight, works with ARC and easy to use.
Related
I have an application with (nuxt js using nuxt-auth) with local authentication so far (later I want to add git and google auth).
Now I need to add authentication to invoke other services / API (like google cloud rest API, payment system, youtube API, etc...)
The question is: the user is authenticated only once (during login to the application.) but each of these 3rd party APIs has its own authentication.
How to implement multiple authentications. (I read the documentation and google for the entire day but there is no clear answer).
As of today, it looks like it is not doable (people are needed on this module): https://github.com/nuxt-community/auth-module/issues/889
So, you would need to make it manually by plugging the APIs yourself.
Answer to your latest question~comment
Nuxt is indeed nice with some of it's modules (but you can totally dislike it, no problem :D).
First thing that you need to know, is that this project (nuxt-auth) is not the biggest one, #pooya is doing his best but he is on a lot of projects, so he cannot give all of his love to it. Then, you also need to understand that it's working great but it's still in a decent beta state with a lot of missing features, needed documentation and a lot of small things to make it an all rounded solid top notch solution.
That do not mean that you should not use it, I'm just saying that this module do have some limitations. Hence, the fact that it is not supporting a whole lot of OAuth solutions in a clear + simple + flexible way. And some breaking changes may be introduced in future updates.
The module is aimed towards having an OAuth solution to block the content of your website behind it (in my opinion). It means that you will usually use a single login solution and then, being able to have access to your app. I don't think that it's a viable multi-OAuth solution (yet).
Some services don't even need to use a solution like this. Stripe for example, should not be handled on the frontend but communicate with a backend for sensitive variables and just send minimal info thanks to Stripe Elements.
That said, the most common solution is JWT or OAuth2, and you could totally have a backend service or service like Okta, Auth0 or alike, do the heavy lifting by allowing simple logins to providers (Github, Google etc...).
To sum up, you do connect to this backend/service thanks to nuxt-auth, the service itself does the provider connection and you get the best of both worlds while still connected in a secure way through your initial nuxt-auth entry point login.
Or you could try to reach the community on Discord, see if somebody knows how to do it. Or even try to read the source code to see if it is currently feasable.
And that's my 2cts.
Is there any way to work with data in shared web credentials directly, like with keychain, without showing popups on SecAddSharedWebCredential and SecRequestSharedWebCredential?
Or are there any other methods to work with it?
I want to share some data (string) between apps with different development teams.
I will recommend you to use the KeychainAccess which is a simple swift wrapper. And using Keychain is the best way to store small pieces of data that are critical to your app, like secrets and passwords.
Also the tutorial from raywenderlich would help you use the Keychain Services API.
App groups can be an option for your use case. Read below the apple API documentation and medium post
App Groups
Use a shared app group to share data/files between two/more apps or containing apps. An app group creates a secure container that multiple processes can access. Normally, each process runs in its own sandbox environment, but an app group lets both processes share a common directory.
Apple API docs - https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_application-groups
https://medium.com/#dinesh.kachhot/different-ways-to-share-data-between-apps-de75a0a46d4a
Also here is another stackoverflow post answering similar question - Communicating and persisting data between apps with App Groups
I built a web app in Laravel 5.2, and now, I would like to use Angular or Vue, so I am separating an API from my controllers.
Thing is actually, in my controllers, I use a lot :
Auth::user() to refer to the logged user.
What is the best way to deal with it???
Read books about API design. If the existing app isn't designed to be a RESTful API in the first place then you're in for a lot of learning. Laracasts has a great series called Incremental APIs.
Laracasts.com
Build APIs You Won't Hate
OK, I'm expanding my answer, despite this is not a great question, it is probably too broad. You need to look into Oauth 2.0 authentication for your API, you can still use a username and password, but OAuth 2.0 tokens over SSL is probably the best simple way to provide authentication for your API. If it is only used internally, or is read only then you may not really require authentication for the API at all. There's not enough information about your use case to even make a guess about that. Good luck!
I am relatively new iphone developer. I need authentication process for my apps and I need the password and username to stored securely. I had read up some of the topics relating this in this forum.
It seems that the keychain is the better way to store the data securely and I come across the post about recommending this library.
PDKeychainBindingsController
I have tried the library and it is as easy to use as NSUserDefault. But what confuses me is that NSUserDefaults is not used in the first place to store credentials because their content can be easily hacked as some of the post mentioned.
Then my question here is that how secured is it to use above mentioned library as it still uses NSUserDefault to access keychain and my key in NSUserDefault would be still visible if the NSUserDefault is hacked.
I am a bit confused on that part and I would like any clarification on the topic if possible. I think I am missing something.
When you use PDKeychainBindingsController, you should call [PDKeychainBindings sharedKeychainBindings] and then set/get all string to/from the keychain. The PDKeychainBindingsController will call keychain API(which is C, hard to use) for you.
That means actually all [[PDKeychainBindings sharedKeychainBindings] setObject:... forKey...] will be kept in keychain. Don't worry to use it!
I'm currently trying to upload an image from my Mac application to Facebook. To do this, I'd like for the user to simply input his username and password, and to click a button.
The only issue is, Facebook doesn't actually have an API for the Mac, it only has one for iOS. This shouldn't be a problem, except for the fact that to login, you must use a web view, something I'm not to keen on doing, since I'd like the interface to be two simple text fields.
I've also looked into PHFacebook, a class I found online, but it also seems to utilize an NSWebView.
I'm wondering if there's a security issue when you use text fields; indeed, it's slightly strange no available API offers this function !
So, to conclude, is it possible, or is there an API, that lets you upload an image and lets you provide the user's credentials through simple NSStrings?
There's a Cocoa framework called MKAbeFook that lets you access Facebook APIs. I don't know if it's up to date, but you should give it a try.
It looks like this is not supported unless you can embed a web browser.
If you scroll to the bottom of: facebook authentication docs, it seems to say this.
Embedding a web browser is generally doable, but may be overkill for what you are trying to do.
Good luck!
You could do this through JSON on your mac app but I think the way Facebook protocols work you simply provide the image to upload and then the user logs into their Facebook account through a webview and has to authorize it.