I'am using LVL to get server response data. I want to know if I can get the same server response data for my two different applications and if so, what changes I have to do in LVL to make it possible?
This can only happen if you are using the same SALT for both your applications. I am also modifying LicenseCheckerCallback to return userid, packagename and versioncode to the application. I then store it for local usage. The good part is that I can now do activation checks once. But I have to do it again when the version number is upgraded. And ofcourse I check the local storage first for a valid activation before asking LVL to check.
Related
I am developing an identity server 4 dotnet core application so this is as much as a dotnet question than and IDS4 question. One example of state I need to maintain between pages (login, signup etc...) is the returnUrl. The application I'm migrating from used to store it in a session variable but, as I understand, unless I run a persistent session strategy, this won't scale well.
So currently, I'm passing it around as a field in each View Model used by each view so it can be returned. Is this a sound approach? I'll be needing other fields to be passed around as well so I'm wondering whether this is a secure and logical way to do it.
So currently, I'm passing it around as a field in each View Model used by each view so it can be returned. Is this a sound approach?
Yes, how you choose to pass it around is up to you, I choose this same approach. You could use TempData, Sessions or even localStorage as an alternative. I think having it in the models (view models) is a good approach because you are explicitly specifying where you want the return url to exist, otherwise it might persist in context that you wouldn't want.
Now the security question because obviously you might be able to see the return url in the browser address field.
As part of Identity Server 4 setup you specify which return url's you are allowed to redirect back to, so I don't think there is any harm in having the users see the redirect url.
Something to consider is what if the user would share the url to someone else in the middle of the authentication process, would they be able to resume from that part of the process that the initial user has stopped? is this something you want in your app?
If you mean reliably instead of securely, write tests which will provide you with confidence that your code works.
I've been using Netlify for storing 100% of my app (both frontend and backend) for the last three months. So far, so good.
The only problem now is that I need to store a custom property for each user (say, the phone number), and apparently Netlify Identity doesn't support this (only email, name and roles https://www.netlify.com/docs/identity/).
I don't want to change the whole app to migrate to another hosting provider just for this detail (actually, I can't, it's for a client and I just don't have time), because it works great, but at the same time I need it.
Can you think of any workaround to this? The less "hackish", the better, but I understand that I'm going beyond the intended use of Netlify Identity.
So it actually does look like Netlify's GoTrue API has a specific endpoint for updating custom user data. After a user is created, you can update metadata by including it as "data" within an authenticated PUT request to /user.
PUT /user
{
"data" {
"custom_key": "value",
}
}
See https://github.com/netlify/gotrue for more info.
There are dozens of ways to do this, so I'll talk about two generally applicable ways now:
the most "generally capable" one is probably using lambda functions: https://www.netlify.com/docs/functions . This lets you run dynamic code, such as "store to database hosted elsewhere" or "email to our office manager to update a spreadsheet" or even "commit to our closed git repo so it's available in-code" (last one is probably a worst practice, but is possible). You can similarly use a function to read that data back out without exposing API tokens (code example: https://github.com/netlify/code-examples/tree/master/function_examples/token-hider)
you could have the data gathered via a form submission (https://www.netlify.com/docs/form-handling). I'd probably use zapier.com to receive a notification of the form submission (https://www.netlify.com/docs/form-handling/#notifications). Zapier can of course connect to just about anything on the planet :) . Getting the data back out if you want to show it in your UI is a bit more of a challenge, but you could use the above mentioned functions if you need to connect to some private data store to pull it out. Or for an MVP, just not show it, only let people enter/update it ;)
In Titanium you can set and get data using:
Ti.App.Properties.setString("token", "")
A customer has an issue with a live app. I suspect it has something to do with how some of this data is set.
How can I find out what the values are for his phone? Where is it stored?
I assume it's in a file somewhere but where???
I'm not sure if it's possible to retrieve the local properties in the file system of the phone itself. And even if that's possible I assume that those keys / values are encrypted.
The thing I know is that Appcelerator uses pre-reserved keys in local properties. Meaning that every time you build your app the key will be overridden. I often, instead of general key names, use more descriptive key names like 'api_token' or something like that.
I'm not sure if this helps but another thing that you could try is to log the incoming token on the server end and evaluate from there.
I have an application that generates a barcode using a third party library. This barcode is not static and changes every 30 seconds or so from within the app.
I'm aware the proper way is to get a signed pkpass file from your server to supply to passbook, and use APN or some sort of trigger within the iOS app to acquire a new barcode. But...due to certain reasons...some of this is not viable at the moment...
So...
Ideally, I would like to be able to allow the user so that every time they select my pass, I'm able to supply them with the dynamically generated barcode (or pkpass file) from the application.
Is such a way even remotely possible? I know it doesn't really conform to "best practice"...
the proper way is to get a signed pkpass file from your server to supply to passbook
This is not just the proper way, this is the ONLY way! Passes cannot be dynamically generated and signed on the device as it would require embedding of your Pass Type ID certificate into your app.
Also, if you are generating and replacing passes with such frequency, the Passbook App will throttle your pass to preserve your users' battery and bandwidth. This would prevent your pass from updating.
An ugly hack would be to educate users to use the "pull to refresh" function on the back of the pass, then serve a new pass in response to the user request, but this would require a degree of synchronisation between your server, your app and the pass.
Practically, if the barcode is changing every 30 seconds or so, then there is a probability that the barcode expires before the user is able to retrieve the pass and present it for scanning. Perhaps there is a better way to achieve what you want without such frequent rotation of the barcode?
I need the store id for an external js script that will be put in the theme's header and try to find the store based on this id (on our side).
If just trying to grab it manually, you can find it by logging in to the store. The URL will be https://store-XXXXXX.mybigcommerce.com/admin. XXXXXX is the store ID.
If trying to get it via the API, you will want to use the Store resource (https://developer.bigcommerce.com/api/stores/v2/store_information).
I am not aware of any supported way how to get Store ID.
Unsupported way (which theoretically can break anytime, but I believe it should work for quite long time) is to get it in Javascript from Fornax.configuration.defaultEventProperties.storeId variable.