Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to authenticate iOS/iPhone users with remote web application and re-use authentication ticket in future requests to the same web application?

Tags:

authentication

ios

objective-c

ruby-on-rails-3

iphone

I am building an iOS application and I need to be able to make authenticated requests to a Rails 3 application for various bits of data. The Rails 3 application is using omniauth and URLs like https://myapp.com/auth/facebook to, for example, authenticate users via facebook ... and once authenticated, stores the authentication in a secured cookie named "auth.""

What I want to know is how to authenticate my users from the iOS/iPhone application, persist the authentication token and send it along with future requests to the Rails application?

Using ASIHTTPRequest I'm thinking of doing something like this:

  1. Open a UIWebview, loading with a URL from my web application specific for the provider they want to authenticate with (e.g. myapp.com/auth/facebook for facebook or myapp.com/auth/yahoo for yahoo, etc....).

  2. On success, somehow parse out and store the authentication cookie in the iOS application without displaying the webpage folks usually see when authenticating via the website ... and instead closing the UIWebView and navigating back to another UIVewController in the iOS application.

  3. Somehow include the persisted authentication token with future web requests to the Rails application.

  4. I also want to allow users to allow the iOS application to store this information locally so they don't have to re-login to the remote application if they choose too.

Is this approach appropriate? Is there a better way? And of course, how to actually implement the above?

Thanks - wg

like image 620
wgpubs Avatar asked Oct 03 '11 07:10

wgpubs

People also ask

What is Web authentication on iPhone?

Web Authentication is a JavaScript API to allow you, Web developers, to use public key-based authentication on the Web.

2 Answers

Using OAuth is pretty easy (well, easy is not the word...), but I made an iOS application and a java server that use OAUth as identity schema and, following the full cycle, finally I adquired a token that identifies this user and (as only can be accessed using signed requests) can be safely stored in the phone (I use just the standardUserDefaults to store it). Only your application (using the secret) can sign the requests.

I don't know if this serves to you...

Ah! After the identification via web, the browser redirect a special url (registered for my application) and the url opens my application including the token in its parameters, so it is easy to retrieve the token after the identification phase in handleOpenURL.

like image 186
yoprogramo Avatar answered Oct 04 '22 03:10

yoprogramo

  1. Once the UIWebview has authenticated with said service, get it to load another URL (for example: through a javascript on the page which said service returns to after authentication).

  2. Capture this request using a UIWebViewDelegate object which implements the following protocol method:

    - (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType

  3. From here you have the NSURLRequest object. You can extract the headers of the request to NSDictionary which will contain the authentication cookie details, token, etc. using the following method of NSURLRequest

    - (NSDictionary *)allHTTPHeaderFields
like image 31
Ross Avatar answered Oct 04 '22 04:10

Ross
Sign in to Comment

Related questions

iPad - iPhone Large UIActivityIndicatorView
Are cookies in UIWebView accepted?
What's the easiest way to remove empty NSStrings from an NSArray?
iphone - How do I add videos to iPad simulator?
How to change tab bar item text color
Overlaying a UIImage with a color?
Select Multiple Images (UIImagePickerController or Photos.app Share UI)
When does NSURLConnection's initWithRequest return nil
Is background tasks the solution for this problem?
How to prevent iPhone 3GS from filtering low frequencies ( < 150Hz )
Detect which version of an app is installed in iOS?
Xcode 6 how to set separate @2x images for iPhone 5 and 6 devices?
iOS Game Engine [closed]
GraphicsServices: GSEventRunModal crash on iPhone
Google Plus Sign in iOS using UIWebView
Adding EKParticipants to an EKEvent in EventKit
ios CoreBluetooth[WARNING] Unknown error: 1309
How to resolve position:fixed for a bottom toolbar on iOS (iPhone/iPad)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!