Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Yes, that sounds similar to what i do. - i created a custom auth user table, it happens to be called end_user (though it can be called auth_user): auth.settings.table_user_name = 'end_user' auth.settings.table_user = db.end_user.table auth.define_tables() - My end_user table has some fun fields, the one you are interested in is: Field('apns_tokens', 'list:string') - Oauth happens with the client - client then does a POST to our api (/api/v7/user) with the APNS token as the payload - if i don't already have the APNS token i add it to the list and register it with my APNS service (you may use a 3rd party service such as UrbanAirship or Parse, or build your own) - note that i keep a list of tokens because my users have multiple devices and so multiple tokens. - we are starting our android port nowso i don't have an opinion about that yet. does that help? cfh On Wednesday, February 13, 2013 9:52:10 PM UTC-8, chris_g wrote: Thanks for all the interesting responses. Here is Apple's description of the Push notificaiton process: http://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ApplePushService/ApplePushService.html There appears to be a similar framework for Android: http://developer.android.com/google/gcm/index.html To clarify, this process uses a Device Token which is generated per app/iPhone . The UDID is not shared with the notification provider (ie the web2py app). This process is not designed as an alternative to authentication. I am looking at OAuth in addition to Push notifications. Push notifications It is merely to notify the user of status changes with the application. Fortunately my potential requirement will only involve authenticated users receiving notifications. I would be guessing that the Device token would be attached to the session data and/or to the auth_event table. Presumably, users can be simultaneously logged in on iOS and Android devices and would expect to receive the correct notifications for their respective devices. At this point I have done very little research into this, but I wanted to start discussing these schemes with other developers who are encounter similar needs. -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Thanks for all the interesting responses. Here is Apple's description of the Push notificaiton process: http://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ApplePushService/ApplePushService.html There appears to be a similar framework for Android: http://developer.android.com/google/gcm/index.html To clarify, this process uses a Device Token which is generated per app/iPhone . The UDID is not shared with the notification provider (ie the web2py app). This process is not designed as an alternative to authentication. I am looking at OAuth in addition to Push notifications. Push notifications It is merely to notify the user of status changes with the application. Fortunately my potential requirement will only involve authenticated users receiving notifications. I would be guessing that the Device token would be attached to the session data and/or to the auth_event table. Presumably, users can be simultaneously logged in on iOS and Android devices and would expect to receive the correct notifications for their respective devices. At this point I have done very little research into this, but I wanted to start discussing these schemes with other developers who are encounter similar needs. -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
for our system we have anonymous users (users with no email address), and known users (users with an email address. Apple does not expose the MAC address, the IMEI or the apple UDID of iOS devices to developers. their policies strictly forbid the use of hardware identifiers in apps distributed via the app store. Apple also strongly suggests that you verify all in-app-purchases from your server to prevent theft (and it's worth it, i see lots of attempted theft) so, given that our business wants users to be able to use 95% of the apps features without creating an account (sharing your email/password and some other info we ask for), and we use apple's receipt verification to check for fraudulent purchases, both the client and the server have to know about a particular application install. that gets us to where i am at today: - app launches and gets an OAuth token from the server (creates an end_user record on the server) (this OAuth token essentially becomes an application installation identifier) - app stores data about the user - server stores data about the user - later user may login which may be logging in to an existing account they made on another device (cause lots of apple device users have multiple devices) or a new user. in the login case we merge the activity of the user from before login. now if the business would allow us to require login before the user started the app, problem is solved.but we would lose 50-70% of our new users daily. On Monday, February 11, 2013 9:01:40 PM UTC-8, Alec Taylor wrote: On Tue, Feb 12, 2013 at 4:29 AM, howesc how...@umich.edu javascript: wrote: Thanks Alec, that will be a nice contribution. re my special odd pain in the rear-end login flow.well we (the engineers) failed to sell that to the business. users can make purchases via apple without a proper logged in account, and we need to track those on the server. hence the anonymous user. it would be really nice if apple shared with us the itunes user ID on app launch, but they don't because they believe that violates the user's privacy (and i kinda agree on that point). So i'm stuck with an overly complex login flow. :( cfh How do you differentiate between different anonymous users? Are you looking at MAC address or other related IDs? It sounds to me that that's still an open problem. And that not generating any ID but storing data in LocalStorage (or a cookie; or whatever else: locally) would be the most secure way of confirming accountability. Given an e-commerce scenario; on checkout the anonymous user would submit their entire LocalStorage; which obviously includes cart. Their shipping details and whatnot would include an email address, so create them that profile; log them in; and email them their randomly generated password. #problem=solved -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Hmm; good point. On Wed, Feb 13, 2013 at 4:30 AM, howesc how...@umich.edu wrote: for our system we have anonymous users (users with no email address), and known users (users with an email address. Apple does not expose the MAC address, the IMEI or the apple UDID of iOS devices to developers. their policies strictly forbid the use of hardware identifiers in apps distributed via the app store. Apple also strongly suggests that you verify all in-app-purchases from your server to prevent theft (and it's worth it, i see lots of attempted theft) so, given that our business wants users to be able to use 95% of the apps features without creating an account (sharing your email/password and some other info we ask for), and we use apple's receipt verification to check for fraudulent purchases, both the client and the server have to know about a particular application install. that gets us to where i am at today: - app launches and gets an OAuth token from the server (creates an end_user record on the server) (this OAuth token essentially becomes an application installation identifier) - app stores data about the user - server stores data about the user - later user may login which may be logging in to an existing account they made on another device (cause lots of apple device users have multiple devices) or a new user. in the login case we merge the activity of the user from before login. now if the business would allow us to require login before the user started the app, problem is solved.but we would lose 50-70% of our new users daily. On Monday, February 11, 2013 9:01:40 PM UTC-8, Alec Taylor wrote: On Tue, Feb 12, 2013 at 4:29 AM, howesc how...@umich.edu wrote: Thanks Alec, that will be a nice contribution. re my special odd pain in the rear-end login flow.well we (the engineers) failed to sell that to the business. users can make purchases via apple without a proper logged in account, and we need to track those on the server. hence the anonymous user. it would be really nice if apple shared with us the itunes user ID on app launch, but they don't because they believe that violates the user's privacy (and i kinda agree on that point). So i'm stuck with an overly complex login flow. :( cfh How do you differentiate between different anonymous users? Are you looking at MAC address or other related IDs? It sounds to me that that's still an open problem. And that not generating any ID but storing data in LocalStorage (or a cookie; or whatever else: locally) would be the most secure way of confirming accountability. Given an e-commerce scenario; on checkout the anonymous user would submit their entire LocalStorage; which obviously includes cart. Their shipping details and whatnot would include an email address, so create them that profile; log them in; and email them their randomly generated password. #problem=solved -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Thanks Alec, that will be a nice contribution. re my special odd pain in the rear-end login flow.well we (the engineers) failed to sell that to the business. users can make purchases via apple without a proper logged in account, and we need to track those on the server. hence the anonymous user. it would be really nice if apple shared with us the itunes user ID on app launch, but they don't because they believe that violates the user's privacy (and i kinda agree on that point). So i'm stuck with an overly complex login flow. :( cfh On Sunday, February 10, 2013 9:55:35 PM UTC-8, Alec Taylor wrote: Not to worry, I'm releasing a generalised open-source OAuth2 Library for web2py. As for your current mechanism of anonymous tokens… how about just storing a cookie (or some other client-side storage) and when the user logs-in or registers all their customisations (e.g.: if e-commerce, their cart) will be sent securely to the server on receipt of successful authentication. That would be a much cleaner, more secure, streamlined and self-contained model than your current one. On Sun, Feb 10, 2013 at 9:33 AM, howesc how...@umich.edu javascript: wrote: - Apple explicitly does not allow using the hardware identifier in your app, and will reject app submission that do that. because of this each app install logs in first as an anonymous user. - website users use standard web2py auth - app connections to the server use our modified OAuth API implementation. this forgoes web2py auth, but reads and writes to the same user table that web2py auth uses. this allows the 2 different systems to connect. - the mobile apps are native code on their respective platforms, the website is html. unfortunately our modified OAuth implementation is pretty specific to our needs and so i don't think it's a candidate for us to open source. i'll take a look into what we are doing though to see if any of it can/should be open sourced. cfh On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: Howesc, Thanks for great info. So, does mobile app user have to register web2py via access token provided by their hardware in mobile application? May you explain how you built the login/registration module for mobile app users along with web2py? Do you code in html5 with native code for developing your mobile app? Sorry for asking more than one question, this topic sounds so interesting! :) Thank you! On Feb 9, 2013 11:45 AM, howesc how...@umich.edu wrote: well what we are using is a hybrid model: - the ios device uses a modified form of OAuth to get access tokens (and we have the confusing problem of users start anonymous but with an access token, and then may later create an account associating an email and other user data with the account) - the website uses web2py's auth to login those same users - the APNS token (Apple Push Notification Service) is provided optionally by the user if they opt-in to push notifications. as such it's not a primary key for the user and can't be used for authentication. if the user chooses to share it with us we store that in a field on our user table. Note that the APNS token is device specific, so if the user has multiple devices then they might have multiple tokens. does that clarify at all? cfh On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: I do not know how this works. Can you give us more details? On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: i have millions of APNS tokens! i'd share, but they are tied to an app i did not tie APNS tokesn to web2py auth, but i added fields to my end user table, and the device uses my REST JSON API to POST the APNS tokens to the server and update the user. we don't use the APNS token as any sort of user identifier. does that help? lemme know if you are interested in more details. christian On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: I'm looking into supporting Apple push notifications in an iPhone app that connects to a web2py server. In order to know which devices to push details to, web2py's auth module would presumably need to maintain Device Tokens. I'm curious if anyone has implemented a solution that takes care of this. I'd like to see how it was integrated with web2py's auth. Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Thank you, guys. :) I think I should try to implement one, when I am free. Do you know any opensource for iphone oauth login as well as android? I am actually passing login credentials to web2py from android app via given web2py lib. On Feb 11, 2013 11:29 AM, howesc how...@umich.edu wrote: Thanks Alec, that will be a nice contribution. re my special odd pain in the rear-end login flow.well we (the engineers) failed to sell that to the business. users can make purchases via apple without a proper logged in account, and we need to track those on the server. hence the anonymous user. it would be really nice if apple shared with us the itunes user ID on app launch, but they don't because they believe that violates the user's privacy (and i kinda agree on that point). So i'm stuck with an overly complex login flow. :( cfh On Sunday, February 10, 2013 9:55:35 PM UTC-8, Alec Taylor wrote: Not to worry, I'm releasing a generalised open-source OAuth2 Library for web2py. As for your current mechanism of anonymous tokens… how about just storing a cookie (or some other client-side storage) and when the user logs-in or registers all their customisations (e.g.: if e-commerce, their cart) will be sent securely to the server on receipt of successful authentication. That would be a much cleaner, more secure, streamlined and self-contained model than your current one. On Sun, Feb 10, 2013 at 9:33 AM, howesc how...@umich.edu wrote: - Apple explicitly does not allow using the hardware identifier in your app, and will reject app submission that do that. because of this each app install logs in first as an anonymous user. - website users use standard web2py auth - app connections to the server use our modified OAuth API implementation. this forgoes web2py auth, but reads and writes to the same user table that web2py auth uses. this allows the 2 different systems to connect. - the mobile apps are native code on their respective platforms, the website is html. unfortunately our modified OAuth implementation is pretty specific to our needs and so i don't think it's a candidate for us to open source. i'll take a look into what we are doing though to see if any of it can/should be open sourced. cfh On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: Howesc, Thanks for great info. So, does mobile app user have to register web2py via access token provided by their hardware in mobile application? May you explain how you built the login/registration module for mobile app users along with web2py? Do you code in html5 with native code for developing your mobile app? Sorry for asking more than one question, this topic sounds so interesting! :) Thank you! On Feb 9, 2013 11:45 AM, howesc how...@umich.edu wrote: well what we are using is a hybrid model: - the ios device uses a modified form of OAuth to get access tokens (and we have the confusing problem of users start anonymous but with an access token, and then may later create an account associating an email and other user data with the account) - the website uses web2py's auth to login those same users - the APNS token (Apple Push Notification Service) is provided optionally by the user if they opt-in to push notifications. as such it's not a primary key for the user and can't be used for authentication. if the user chooses to share it with us we store that in a field on our user table. Note that the APNS token is device specific, so if the user has multiple devices then they might have multiple tokens. does that clarify at all? cfh On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: I do not know how this works. Can you give us more details? On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: i have millions of APNS tokens! i'd share, but they are tied to an app i did not tie APNS tokesn to web2py auth, but i added fields to my end user table, and the device uses my REST JSON API to POST the APNS tokens to the server and update the user. we don't use the APNS token as any sort of user identifier. does that help? lemme know if you are interested in more details. christian On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: I'm looking into supporting Apple push notifications in an iPhone app that connects to a web2py server. In order to know which devices to push details to, web2py's auth module would presumably need to maintain Device Tokens. I'm curious if anyone has implemented a solution that takes care of this. I'd like to see how it was integrated with web2py's auth. Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
On Tue, Feb 12, 2013 at 4:29 AM, howesc how...@umich.edu wrote: Thanks Alec, that will be a nice contribution. re my special odd pain in the rear-end login flow.well we (the engineers) failed to sell that to the business. users can make purchases via apple without a proper logged in account, and we need to track those on the server. hence the anonymous user. it would be really nice if apple shared with us the itunes user ID on app launch, but they don't because they believe that violates the user's privacy (and i kinda agree on that point). So i'm stuck with an overly complex login flow. :( cfh How do you differentiate between different anonymous users? Are you looking at MAC address or other related IDs? It sounds to me that that's still an open problem. And that not generating any ID but storing data in LocalStorage (or a cookie; or whatever else: locally) would be the most secure way of confirming accountability. Given an e-commerce scenario; on checkout the anonymous user would submit their entire LocalStorage; which obviously includes cart. Their shipping details and whatnot would include an email address, so create them that profile; log them in; and email them their randomly generated password. #problem=solved -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Not to worry, I'm releasing a generalised open-source OAuth2 Library for web2py. As for your current mechanism of anonymous tokens… how about just storing a cookie (or some other client-side storage) and when the user logs-in or registers all their customisations (e.g.: if e-commerce, their cart) will be sent securely to the server on receipt of successful authentication. That would be a much cleaner, more secure, streamlined and self-contained model than your current one. On Sun, Feb 10, 2013 at 9:33 AM, howesc how...@umich.edu wrote: - Apple explicitly does not allow using the hardware identifier in your app, and will reject app submission that do that. because of this each app install logs in first as an anonymous user. - website users use standard web2py auth - app connections to the server use our modified OAuth API implementation. this forgoes web2py auth, but reads and writes to the same user table that web2py auth uses. this allows the 2 different systems to connect. - the mobile apps are native code on their respective platforms, the website is html. unfortunately our modified OAuth implementation is pretty specific to our needs and so i don't think it's a candidate for us to open source. i'll take a look into what we are doing though to see if any of it can/should be open sourced. cfh On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: Howesc, Thanks for great info. So, does mobile app user have to register web2py via access token provided by their hardware in mobile application? May you explain how you built the login/registration module for mobile app users along with web2py? Do you code in html5 with native code for developing your mobile app? Sorry for asking more than one question, this topic sounds so interesting! :) Thank you! On Feb 9, 2013 11:45 AM, howesc how...@umich.edu wrote: well what we are using is a hybrid model: - the ios device uses a modified form of OAuth to get access tokens (and we have the confusing problem of users start anonymous but with an access token, and then may later create an account associating an email and other user data with the account) - the website uses web2py's auth to login those same users - the APNS token (Apple Push Notification Service) is provided optionally by the user if they opt-in to push notifications. as such it's not a primary key for the user and can't be used for authentication. if the user chooses to share it with us we store that in a field on our user table. Note that the APNS token is device specific, so if the user has multiple devices then they might have multiple tokens. does that clarify at all? cfh On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: I do not know how this works. Can you give us more details? On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: i have millions of APNS tokens! i'd share, but they are tied to an app i did not tie APNS tokesn to web2py auth, but i added fields to my end user table, and the device uses my REST JSON API to POST the APNS tokens to the server and update the user. we don't use the APNS token as any sort of user identifier. does that help? lemme know if you are interested in more details. christian On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: I'm looking into supporting Apple push notifications in an iPhone app that connects to a web2py server. In order to know which devices to push details to, web2py's auth module would presumably need to maintain Device Tokens. I'm curious if anyone has implemented a solution that takes care of this. I'd like to see how it was integrated with web2py's auth. Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: Integrating iPhone device tokens into web2py auth
well what we are using is a hybrid model: - the ios device uses a modified form of OAuth to get access tokens (and we have the confusing problem of users start anonymous but with an access token, and then may later create an account associating an email and other user data with the account) - the website uses web2py's auth to login those same users - the APNS token (Apple Push Notification Service) is provided optionally by the user if they opt-in to push notifications. as such it's not a primary key for the user and can't be used for authentication. if the user chooses to share it with us we store that in a field on our user table. Note that the APNS token is device specific, so if the user has multiple devices then they might have multiple tokens. does that clarify at all? cfh On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: I do not know how this works. Can you give us more details? On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: i have millions of APNS tokens! i'd share, but they are tied to an app i did not tie APNS tokesn to web2py auth, but i added fields to my end user table, and the device uses my REST JSON API to POST the APNS tokens to the server and update the user. we don't use the APNS token as any sort of user identifier. does that help? lemme know if you are interested in more details. christian On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: I'm looking into supporting Apple push notifications in an iPhone app that connects to a web2py server. In order to know which devices to push details to, web2py's auth module would presumably need to maintain Device Tokens. I'm curious if anyone has implemented a solution that takes care of this. I'd like to see how it was integrated with web2py's auth. Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Howesc, Thanks for great info. So, does mobile app user have to register web2py via access token provided by their hardware in mobile application? May you explain how you built the login/registration module for mobile app users along with web2py? Do you code in html5 with native code for developing your mobile app? Sorry for asking more than one question, this topic sounds so interesting! :) Thank you! On Feb 9, 2013 11:45 AM, howesc how...@umich.edu wrote: well what we are using is a hybrid model: - the ios device uses a modified form of OAuth to get access tokens (and we have the confusing problem of users start anonymous but with an access token, and then may later create an account associating an email and other user data with the account) - the website uses web2py's auth to login those same users - the APNS token (Apple Push Notification Service) is provided optionally by the user if they opt-in to push notifications. as such it's not a primary key for the user and can't be used for authentication. if the user chooses to share it with us we store that in a field on our user table. Note that the APNS token is device specific, so if the user has multiple devices then they might have multiple tokens. does that clarify at all? cfh On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: I do not know how this works. Can you give us more details? On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: i have millions of APNS tokens! i'd share, but they are tied to an app i did not tie APNS tokesn to web2py auth, but i added fields to my end user table, and the device uses my REST JSON API to POST the APNS tokens to the server and update the user. we don't use the APNS token as any sort of user identifier. does that help? lemme know if you are interested in more details. christian On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: I'm looking into supporting Apple push notifications in an iPhone app that connects to a web2py server. In order to know which devices to push details to, web2py's auth module would presumably need to maintain Device Tokens. I'm curious if anyone has implemented a solution that takes care of this. I'd like to see how it was integrated with web2py's auth. Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
- Apple explicitly does not allow using the hardware identifier in your app, and will reject app submission that do that. because of this each app install logs in first as an anonymous user. - website users use standard web2py auth - app connections to the server use our modified OAuth API implementation. this forgoes web2py auth, but reads and writes to the same user table that web2py auth uses. this allows the 2 different systems to connect. - the mobile apps are native code on their respective platforms, the website is html. unfortunately our modified OAuth implementation is pretty specific to our needs and so i don't think it's a candidate for us to open source. i'll take a look into what we are doing though to see if any of it can/should be open sourced. cfh On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: Howesc, Thanks for great info. So, does mobile app user have to register web2py via access token provided by their hardware in mobile application? May you explain how you built the login/registration module for mobile app users along with web2py? Do you code in html5 with native code for developing your mobile app? Sorry for asking more than one question, this topic sounds so interesting! :) Thank you! On Feb 9, 2013 11:45 AM, howesc how...@umich.edu javascript: wrote: well what we are using is a hybrid model: - the ios device uses a modified form of OAuth to get access tokens (and we have the confusing problem of users start anonymous but with an access token, and then may later create an account associating an email and other user data with the account) - the website uses web2py's auth to login those same users - the APNS token (Apple Push Notification Service) is provided optionally by the user if they opt-in to push notifications. as such it's not a primary key for the user and can't be used for authentication. if the user chooses to share it with us we store that in a field on our user table. Note that the APNS token is device specific, so if the user has multiple devices then they might have multiple tokens. does that clarify at all? cfh On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: I do not know how this works. Can you give us more details? On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: i have millions of APNS tokens! i'd share, but they are tied to an app i did not tie APNS tokesn to web2py auth, but i added fields to my end user table, and the device uses my REST JSON API to POST the APNS tokens to the server and update the user. we don't use the APNS token as any sort of user identifier. does that help? lemme know if you are interested in more details. christian On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: I'm looking into supporting Apple push notifications in an iPhone app that connects to a web2py server. In order to know which devices to push details to, web2py's auth module would presumably need to maintain Device Tokens. I'm curious if anyone has implemented a solution that takes care of this. I'd like to see how it was integrated with web2py's auth. Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: Integrating iPhone device tokens into web2py auth
i have millions of APNS tokens! i'd share, but they are tied to an app i did not tie APNS tokesn to web2py auth, but i added fields to my end user table, and the device uses my REST JSON API to POST the APNS tokens to the server and update the user. we don't use the APNS token as any sort of user identifier. does that help? lemme know if you are interested in more details. christian On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: I'm looking into supporting Apple push notifications in an iPhone app that connects to a web2py server. In order to know which devices to push details to, web2py's auth module would presumably need to maintain Device Tokens. I'm curious if anyone has implemented a solution that takes care of this. I'd like to see how it was integrated with web2py's auth. Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: Integrating iPhone device tokens into web2py auth
I do not know how this works. Can you give us more details? On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: i have millions of APNS tokens! i'd share, but they are tied to an app i did not tie APNS tokesn to web2py auth, but i added fields to my end user table, and the device uses my REST JSON API to POST the APNS tokens to the server and update the user. we don't use the APNS token as any sort of user identifier. does that help? lemme know if you are interested in more details. christian On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: I'm looking into supporting Apple push notifications in an iPhone app that connects to a web2py server. In order to know which devices to push details to, web2py's auth module would presumably need to maintain Device Tokens. I'm curious if anyone has implemented a solution that takes care of this. I'd like to see how it was integrated with web2py's auth. Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.