Is there an API that we can use that displays the usual username field, password field, and remember checkbox? This dialog can be usually seen when connecting to a server via Finder or when Safari requests for proxy information.
I am currently implementing this via CFUserNotification API to save myself from creating a window, etc. but I have to specify the fields and checkbox and retrieve them. What would really save time is an API that will abstract developers from having to worry about it. Does such API exist?
I don't think so. Actually I don't have an idea why apple should deploy an api for such a small task.
That's only a NSSecureTextField and a NSTextField. There are plenty of classes that help you add a password properly to the keychain.
Related
Apologies for the general nature of this question. Hoping this doesn't get shot down as "too broad", but oh well, here goes:
I'm writing a React Native app that is purely informational (medical information), with a Rails API for the back-end.
The first main question I have is whether its necessary (or a good idea) to use authentication at all. We don't want the user to have to enter any information to use it (username, password, etc). They should just be able to download the app and jump right in to use it and read the information it provides.
However, I'm thinking that I would at least want the API to only respond to someone hitting it from within the React Native app (or not? Is it considered a normal practice to have an API completely exposed in the case of an app like this which is purely information and doesn't have users, like a website?)
Second - at some point we may want to be able to store some simple preferences for that user (I.E., are they a patient or a doctor, so we can tailor the materials based on that / send them to a different home screen when the open the app). Wondering what strategy someone might use to store simple preferences if the user doesn't ever create an account?
I would at least want the API to only respond to someone hitting it
from within the React Native app.
This probably can't be done, as in a mobile app everyone has access to your client secret and can try to reverse engineer your code.
You could make it more difficult by sending a dynamically generated token to your API on the request, for example, a hash based on a time frame, and check if the hash was sent the correct way. Then, you'd have to obfuscate the code in order to make it difficult for someone to reverse engineer it.
Second - at some point we may want to be able to store some simple
preferences for that user (I.E., are they a patient or a doctor, so we
can tailor the materials based on that / send them to a different home
screen when the open the app). Wondering what strategy someone might
use to store simple preferences if the user doesn't ever create an
account?
If you use a Parse Server instance as your backend, you could benefit from the anonymous user functionality. As you're using a Rails API, you could generate a uuid for each installation of the app and save the preferences on your database based on that uuid. If you don't need those preferences stored on your backend, just store any information you need on the device through any abstraction of AsyncStorage.
I really do not need authentication when it comes down to it - there are no users.
I could verify that the data is coming from my app based on a user agent or a hard coded password. SSL should help keep those secret.
But yeah, there would be nothing preventing someone from disassembling the app and getting that information. Great idea by #felipe-martim about generating a dynamic token.
I really just want to prevent basic abuse, and I could deal with that if it ever happened, or protect myself with something like Rack-attack.
And storing user preferences locally should work just fine for local preferences.
Bottom line is that I'll deal with this if I ever need to / the client budget allows for it!
I am well aware of the security implications of this, so much so that I'm betting it doesn't exist, so before you call me crazy, that's why I'm asking.
I got really tired of having only my phone on me and installing a new app/whatever and finding myself needing to suddenly create a new application-specific password on the fly, and having to navigate Google's decidedly non-mobile-friendly security page to do that. I want to create an app of some kind that allows me to generate an application-specific password, whether by text or an Android app itself or something else. As I see it, there are two options here:
Use some Google Account Security API (if it exists) to create the application-specific password
Do scraping-type behavior (with proper credentials, of course) to automate its creation. I really don't want to do this.
Does anyone know (a) if this type of API exists, or (b) if there are any other ways to go about doing this? This app would be published on Github for self-hosting, obviously.
There is no official API to generate application-specific passwords.
I've solved this myself by doing a couple of things:
1) printing out the QR Code for the account that can be scanned by the Authenticator app in order to generate codes. I keep it secured in my desk. This allows me to reformat my phone without needing to turn two-step off each time.
2) use the browser sign-in for my Android device. When adding a Google account to an Android phone, just before the screen where you enter your username and password, click the menu button (or 3 dots on the screen if you have no menu button) and choose Browser sign-in. This allows you to login to an Android device with your username, real password and verification code rather than an application specific password.
This saves me from needing to generate application-specific passwords 95% of the time.
Jay
Everything I have tried requires the end user to sign in to yahoo...this won't work because the end user doesn't know the password or the username. This should be automated otherwise flickr wont work
You probably won't get this to work the way you want. OAuth requires the end user to authenticate with the service (Flickr) and physically authorize your application. So at the very least, you're going to have to interact with their server as a user if you want to authorize your application for use.
As a side note, you may want to investigate whether or not you can POST the required variables to Yahoo via some sort of script. Use Firefox and the Live HTTP Headers extension to view the POST information. This may or may not work, as my previous experience with some Yahoo forms require cookies designed to foil robotic submissions.
I want to make an application witch involves logging into google. It is basically a small application to always have your gmail with you without always having to go to the web browser and log in. Basically what I want to do is, when the person signs into their google account (or the page url changes) I want the webbrowser to refresh and go to a new point in the form and create an animation using a timer. I dont need help with the animation, I just need to know how to link it together with the person signing into google. And also, If it's possible I would like to have the person log in without the actual google web interface, but with 2 textboxes and a button. I am using Visual Studio 2008 and help with my application would be greatly appreciated!
One of the great things about GMail is that it gives you Pop3 access to the mailbox. Your application should be able to use Pop3 to login to the mailbox directly and not require the user to use the google web page (or any web page) at all.
This would be much more secure and fault tolerant than highjacking a browser session or scraping a web page for emails (as your application would break as soon as google updated the gmail app or the user changed their preferences).
You should be able to find numerous Pop3 tutorials, libraries and samples on the net (and most probably here on SO).
If you still insist to use the web browser control, you should investigate crafting your own HTTP-Post query to the page that takes the GMail login. Once you craft the correct message (including the user's username and password as the appropriate POST variables) you should be able to login directly.
Finally, you might want to have a look around on code.google.com as I'm certain this has been done before and you will most likely be able to find some sample code (whichever way you go).
Good Luck!
I would like to make a vb .net application that auto logs into places and retrieves data from them. I have already succeeded in doing this by opening internet explorer programmably and tabbing to enter name and password. But this is messy, and needs to be well timed. I'm using VB .Net. Is there a way to interface with sites to auto login. Maybe I could inject a cookie, but then the browser could change. Any suggestions would be very helpful. Thanks
Well, it really depends on what authentication scheme the sites use. It is possible to pass a Credentials object with an HttpWebRequest which can be used to authenticate against sites that use basic authentication, windows authentication and similar. But I can't think of a reliable way that would work for any and all sites.
May not be something you'd consider, but the ideal tool for you is Selenium rather than reinventing the wheel and writing your own version in VB.net.
Best thing to do is have a quick look at that link, see what you think.
'In vb.net...add a webbrowser control. Then use
webbrowser1.navigate("www.gmail.com")
'Then in the webbrowsers document completed event paste something like this.
'where I wrote "123456" you will put the id of the html element for the username textbox.
'where I wrote "abcdef" you will put the id of the html element for the password textbox.
webbrowser1.Document.GetElementById("123456").InnerText = "yourusernamehere"
webbrowser1.Document.GetElementById("abcdef").InnerText = "yourpasswordhere"
webbrowser1.Document.DomDocument.forms(0).submit()
WatiN could be used for some of what you describe but I think almost anything will be messy unless you can find a way to do a silent login where some token is passed along to impersonate someone.
And CasperJS and PhantomJS may be a way forward too. Using a headless browser you can identify steps in JavaScript you would like to perform at a Website. Useful for interaction through to scraping.
Is there a way to interface with sites to auto login.
Yes, there is. Well, its just a POST HttpRequest or OAuth token.
You can always use direct POST requests with the required headers for any token auth. You can also test these command with cURL from the CLI.
~Without taking VB.net into account~, you can auto login to a website
by using:
Autologin via Keypass - http://keepass.info/ or https://www.keepassx.org/
Keypass automatically opens the login URL of the website, fill the login form and submits it.
Select website from your list, then press CTRL+U & CTRL+V - and you are logged in.