Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[howesc]

Yes, that sounds similar to what i do.

 - i created a custom auth user table, it happens to be called end_user 
(though it can be called auth_user):
auth.settings.table_user_name = 'end_user'
auth.settings.table_user = db.end_user.table
auth.define_tables()
 - My end_user table has some fun fields, the one you are interested in is:
Field('apns_tokens', 'list:string')
 - Oauth happens with the client
 - client then does a POST to our api (/api/v7/user) with the APNS token as 
the payload
 - if i don't already have the APNS token i add it to the list and register 
it with my APNS service (you may use a 3rd party service such as 
UrbanAirship or Parse, or build your own)
 - note that i keep a list of tokens because my users have multiple devices 
and so multiple tokens.
 - we are starting our android port nowso i don't have an opinion about 
that yet.

does that help?

cfh 


On Wednesday, February 13, 2013 9:52:10 PM UTC-8, chris_g wrote:

 Thanks for all the interesting responses.

 Here is Apple's description of the Push notificaiton process:
 
 http://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ApplePushService/ApplePushService.html

 There appears to be a similar framework for Android:
 http://developer.android.com/google/gcm/index.html

 To clarify, this process uses a Device Token which is generated per 
 app/iPhone . The UDID is not shared with the notification provider (ie the 
 web2py app).
 This process is not designed as an alternative to authentication. I am 
 looking at OAuth in addition to Push notifications. Push notifications It 
 is merely to notify the user of status changes with the application.

 Fortunately my potential requirement will only involve authenticated users 
 receiving notifications. I would be guessing that the Device token would be 
 attached to the session data and/or to the auth_event table.
 Presumably, users can be simultaneously logged in on iOS and Android 
 devices and would expect to receive the correct notifications for their 
 respective devices.

 At this point I have done very little research into this, but I wanted to 
 start discussing these schemes with other developers who are encounter 
 similar needs.





-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[chris_g]

Thanks for all the interesting responses.

Here is Apple's description of the Push notificaiton process:

http://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ApplePushService/ApplePushService.html

There appears to be a similar framework for Android:
http://developer.android.com/google/gcm/index.html

To clarify, this process uses a Device Token which is generated per 
app/iPhone . The UDID is not shared with the notification provider (ie the 
web2py app).
This process is not designed as an alternative to authentication. I am 
looking at OAuth in addition to Push notifications. Push notifications It 
is merely to notify the user of status changes with the application.

Fortunately my potential requirement will only involve authenticated users 
receiving notifications. I would be guessing that the Device token would be 
attached to the session data and/or to the auth_event table.
Presumably, users can be simultaneously logged in on iOS and Android 
devices and would expect to receive the correct notifications for their 
respective devices.

At this point I have done very little research into this, but I wanted to 
start discussing these schemes with other developers who are encounter 
similar needs.



-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[howesc]

for our system we have anonymous users (users with no email address), and 
known users (users with an email address.

Apple does not expose the MAC address, the IMEI or the apple UDID of iOS 
devices to developers.  their policies strictly forbid the use of hardware 
identifiers in apps distributed via the app store.

Apple also strongly suggests that you verify all in-app-purchases from your 
server to prevent theft (and it's worth it, i see lots of attempted theft)

so, given that our business wants users to be able to use 95% of the apps 
features without creating an account (sharing your email/password and 
some other info we ask for), and we use apple's receipt verification to 
check for fraudulent purchases, both the client and the server have to know 
about a particular application install.  that gets us to where i am at 
today:
 - app launches and gets an OAuth token from the server (creates an 
end_user record on the server) (this OAuth token essentially becomes an 
application installation identifier)
 - app stores data about the user
 - server stores data about the user
 - later user may login which may be logging in to an existing account 
they made on another device (cause lots of apple device users have multiple 
devices) or a new user.  in the login case we merge the activity of the 
user from before login.

now if the business would allow us to require login before the user started 
the app, problem is solved.but we would lose 50-70% of our new users 
daily.

On Monday, February 11, 2013 9:01:40 PM UTC-8, Alec Taylor wrote:

 On Tue, Feb 12, 2013 at 4:29 AM, howesc how...@umich.edu javascript: 
 wrote: 
  Thanks Alec, that will be a nice contribution. 
  
  re my special odd pain in the rear-end login flow.well we (the 
  engineers) failed to sell that to the business.  users can make 
 purchases 
  via apple without a proper logged in account, and we need to track those 
 on 
  the server.  hence the anonymous user.  it would be really nice if apple 
  shared with us the itunes user ID on app launch, but they don't because 
 they 
  believe that violates the user's privacy (and i kinda agree on that 
 point). 
  So i'm stuck with an overly complex login flow. :( 
  
  cfh 

 How do you differentiate between different anonymous users? 

 Are you looking at MAC address or other related IDs? 

 It sounds to me that that's still an open problem. And that not 
 generating any ID but storing data in LocalStorage (or a cookie; or 
 whatever else: locally) would be the most secure way of confirming 
 accountability. 

 Given an e-commerce scenario; on checkout the anonymous user would 
 submit their entire LocalStorage; which obviously includes cart. Their 
 shipping details and whatnot would include an email address, so create 
 them that profile; log them in; and email them their randomly 
 generated password. 

 #problem=solved 


-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[Alec Taylor]

Hmm; good point.

On Wed, Feb 13, 2013 at 4:30 AM, howesc how...@umich.edu wrote:
 for our system we have anonymous users (users with no email address), and
 known users (users with an email address.

 Apple does not expose the MAC address, the IMEI or the apple UDID of iOS
 devices to developers.  their policies strictly forbid the use of hardware
 identifiers in apps distributed via the app store.

 Apple also strongly suggests that you verify all in-app-purchases from your
 server to prevent theft (and it's worth it, i see lots of attempted theft)

 so, given that our business wants users to be able to use 95% of the apps
 features without creating an account (sharing your email/password and some
 other info we ask for), and we use apple's receipt verification to check for
 fraudulent purchases, both the client and the server have to know about a
 particular application install.  that gets us to where i am at today:
  - app launches and gets an OAuth token from the server (creates an end_user
 record on the server) (this OAuth token essentially becomes an application
 installation identifier)
  - app stores data about the user
  - server stores data about the user
  - later user may login which may be logging in to an existing account
 they made on another device (cause lots of apple device users have multiple
 devices) or a new user.  in the login case we merge the activity of the user
 from before login.

 now if the business would allow us to require login before the user started
 the app, problem is solved.but we would lose 50-70% of our new users
 daily.

 On Monday, February 11, 2013 9:01:40 PM UTC-8, Alec Taylor wrote:

 On Tue, Feb 12, 2013 at 4:29 AM, howesc how...@umich.edu wrote:
  Thanks Alec, that will be a nice contribution.
 
  re my special odd pain in the rear-end login flow.well we (the
  engineers) failed to sell that to the business.  users can make
  purchases
  via apple without a proper logged in account, and we need to track those
  on
  the server.  hence the anonymous user.  it would be really nice if apple
  shared with us the itunes user ID on app launch, but they don't because
  they
  believe that violates the user's privacy (and i kinda agree on that
  point).
  So i'm stuck with an overly complex login flow. :(
 
  cfh

 How do you differentiate between different anonymous users?

 Are you looking at MAC address or other related IDs?

 It sounds to me that that's still an open problem. And that not
 generating any ID but storing data in LocalStorage (or a cookie; or
 whatever else: locally) would be the most secure way of confirming
 accountability.

 Given an e-commerce scenario; on checkout the anonymous user would
 submit their entire LocalStorage; which obviously includes cart. Their
 shipping details and whatnot would include an email address, so create
 them that profile; log them in; and email them their randomly
 generated password.

 #problem=solved

 --

 ---
 You received this message because you are subscribed to the Google Groups
 web2py-users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to web2py+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.



-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[howesc]

Thanks Alec, that will be a nice contribution.

re my special odd pain in the rear-end login flow.well we (the 
engineers) failed to sell that to the business.  users can make purchases 
via apple without a proper logged in account, and we need to track those on 
the server.  hence the anonymous user.  it would be really nice if apple 
shared with us the itunes user ID on app launch, but they don't because 
they believe that violates the user's privacy (and i kinda agree on that 
point).  So i'm stuck with an overly complex login flow. :(

cfh

On Sunday, February 10, 2013 9:55:35 PM UTC-8, Alec Taylor wrote:

 Not to worry, I'm releasing a generalised open-source OAuth2 Library for 
 web2py. 

 As for your current mechanism of anonymous tokens… how about just 
 storing a cookie (or some other client-side storage) and when the user 
 logs-in or registers all their customisations (e.g.: if e-commerce, 
 their cart) will be sent securely to the server on receipt of 
 successful authentication. 

 That would be a much cleaner, more secure, streamlined and 
 self-contained model than your current one. 

 On Sun, Feb 10, 2013 at 9:33 AM, howesc how...@umich.edu javascript: 
 wrote: 
   - Apple explicitly does not allow using the hardware identifier in your 
  app, and will reject app submission that do that.  because of this each 
 app 
  install logs in first as an anonymous user. 
   - website users use standard web2py auth 
   - app connections to the server use our modified OAuth API 
 implementation. 
  this forgoes web2py auth, but reads and writes to the same user table 
 that 
  web2py auth uses.  this allows the 2 different systems to connect. 
   - the mobile apps are native code on their respective platforms, the 
  website is html. 
  
  unfortunately our modified OAuth implementation is pretty specific to 
 our 
  needs and so i don't think it's a candidate for us to open source.  i'll 
  take a look into what we are doing though to see if any of it can/should 
 be 
  open sourced. 
  
  cfh 
  
  
  On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: 
  
  Howesc, 
  Thanks for great info. So, does mobile app user have to register web2py 
  via access token provided by their hardware in mobile application? May 
 you 
  explain how you built the login/registration module for mobile app 
 users 
  along with web2py? 
  Do you code in html5 with native code for developing your mobile app? 
  
  Sorry for asking more than one question, this topic sounds so 
 interesting! 
  :) 
  
  Thank you! 
  
  On Feb 9, 2013 11:45 AM, howesc how...@umich.edu wrote: 
  
  well what we are using is a hybrid model: 
   - the ios device uses a modified form of OAuth to get access tokens 
 (and 
  we have the confusing problem of users start anonymous but with an 
 access 
  token, and then may later create an account associating an email and 
 other 
  user data with the account) 
   - the website uses web2py's auth to login those same users 
   - the APNS token (Apple Push Notification Service) is provided 
  optionally by the user if they opt-in to push notifications.  as such 
 it's 
  not a primary key for the user and can't be used for authentication.   
 if 
  the user chooses to share it with us we store that in a field on our 
 user 
  table.  Note that the APNS token is device specific, so if the user 
 has 
  multiple devices then they might have multiple tokens. 
  
  does that clarify at all? 
  
  cfh 
  
  On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: 
  
  I do not know how this works. Can you give us more details? 
  
  On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: 
  
  i have millions of APNS tokens! i'd share, but they are tied to an 
  app 
  
  i did not tie APNS tokesn to web2py auth, but i added fields to my 
 end 
  user table, and the device uses my REST JSON API to POST the APNS 
 tokens to 
  the server and update the user.  we don't use the APNS token as any 
 sort of 
  user identifier. 
  
  does that help?  lemme know if you are interested in more details. 
  
  christian 
  
  On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: 
  
  I'm looking into supporting Apple push notifications in an iPhone 
 app 
  that connects to a web2py server. 
  In order to know which devices to push details to, web2py's auth 
  module would presumably need to maintain Device Tokens. 
  I'm curious if anyone has implemented a solution that takes care of 
  this. I'd like to see how it was integrated with web2py's auth. 
  
  Thanks, 
  Chris 
  
  -- 
  
  --- 
  You received this message because you are subscribed to the Google 
 Groups 
  web2py-users group. 
  To unsubscribe from this group and stop receiving emails from it, send 
 an 
  email to web2py+un...@googlegroups.com. 
  
  For more options, visit https://groups.google.com/groups/opt_out. 
  
  
  
  -- 
  
  --- 
  You received this message because you are subscribed to the 

Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[Kenny Chung]

Thank you, guys. :) I think I should try to implement one, when I am free.

Do you know any opensource for  iphone oauth login as well as android?

I am actually passing login credentials to web2py from android app via
given web2py lib.
On Feb 11, 2013 11:29 AM, howesc how...@umich.edu wrote:

 Thanks Alec, that will be a nice contribution.

 re my special odd pain in the rear-end login flow.well we (the
 engineers) failed to sell that to the business.  users can make purchases
 via apple without a proper logged in account, and we need to track those on
 the server.  hence the anonymous user.  it would be really nice if apple
 shared with us the itunes user ID on app launch, but they don't because
 they believe that violates the user's privacy (and i kinda agree on that
 point).  So i'm stuck with an overly complex login flow. :(

 cfh

 On Sunday, February 10, 2013 9:55:35 PM UTC-8, Alec Taylor wrote:

 Not to worry, I'm releasing a generalised open-source OAuth2 Library for
 web2py.

 As for your current mechanism of anonymous tokens… how about just
 storing a cookie (or some other client-side storage) and when the user
 logs-in or registers all their customisations (e.g.: if e-commerce,
 their cart) will be sent securely to the server on receipt of
 successful authentication.

 That would be a much cleaner, more secure, streamlined and
 self-contained model than your current one.

 On Sun, Feb 10, 2013 at 9:33 AM, howesc how...@umich.edu wrote:
   - Apple explicitly does not allow using the hardware identifier in
 your
  app, and will reject app submission that do that.  because of this each
 app
  install logs in first as an anonymous user.
   - website users use standard web2py auth
   - app connections to the server use our modified OAuth API
 implementation.
  this forgoes web2py auth, but reads and writes to the same user table
 that
  web2py auth uses.  this allows the 2 different systems to connect.
   - the mobile apps are native code on their respective platforms, the
  website is html.
 
  unfortunately our modified OAuth implementation is pretty specific to
 our
  needs and so i don't think it's a candidate for us to open source.
  i'll
  take a look into what we are doing though to see if any of it
 can/should be
  open sourced.
 
  cfh
 
 
  On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote:
 
  Howesc,
  Thanks for great info. So, does mobile app user have to register
 web2py
  via access token provided by their hardware in mobile application? May
 you
  explain how you built the login/registration module for mobile app
 users
  along with web2py?
  Do you code in html5 with native code for developing your mobile app?
 
  Sorry for asking more than one question, this topic sounds so
 interesting!
  :)
 
  Thank you!
 
  On Feb 9, 2013 11:45 AM, howesc how...@umich.edu wrote:
 
  well what we are using is a hybrid model:
   - the ios device uses a modified form of OAuth to get access tokens
 (and
  we have the confusing problem of users start anonymous but with an
 access
  token, and then may later create an account associating an email
 and other
  user data with the account)
   - the website uses web2py's auth to login those same users
   - the APNS token (Apple Push Notification Service) is provided
  optionally by the user if they opt-in to push notifications.  as such
 it's
  not a primary key for the user and can't be used for authentication.
   if
  the user chooses to share it with us we store that in a field on our
 user
  table.  Note that the APNS token is device specific, so if the user
 has
  multiple devices then they might have multiple tokens.
 
  does that clarify at all?
 
  cfh
 
  On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro
 wrote:
 
  I do not know how this works. Can you give us more details?
 
  On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote:
 
  i have millions of APNS tokens! i'd share, but they are tied to an
  app
 
  i did not tie APNS tokesn to web2py auth, but i added fields to my
 end
  user table, and the device uses my REST JSON API to POST the APNS
 tokens to
  the server and update the user.  we don't use the APNS token as any
 sort of
  user identifier.
 
  does that help?  lemme know if you are interested in more details.
 
  christian
 
  On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote:
 
  I'm looking into supporting Apple push notifications in an iPhone
 app
  that connects to a web2py server.
  In order to know which devices to push details to, web2py's auth
  module would presumably need to maintain Device Tokens.
  I'm curious if anyone has implemented a solution that takes care
 of
  this. I'd like to see how it was integrated with web2py's auth.
 
  Thanks,
  Chris
 
  --
 
  ---
  You received this message because you are subscribed to the Google
 Groups
  web2py-users group.
  To unsubscribe from this group and stop receiving emails from it,
 send an
  email to 

Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[Alec Taylor]

On Tue, Feb 12, 2013 at 4:29 AM, howesc how...@umich.edu wrote:
 Thanks Alec, that will be a nice contribution.

 re my special odd pain in the rear-end login flow.well we (the
 engineers) failed to sell that to the business.  users can make purchases
 via apple without a proper logged in account, and we need to track those on
 the server.  hence the anonymous user.  it would be really nice if apple
 shared with us the itunes user ID on app launch, but they don't because they
 believe that violates the user's privacy (and i kinda agree on that point).
 So i'm stuck with an overly complex login flow. :(

 cfh

How do you differentiate between different anonymous users?

Are you looking at MAC address or other related IDs?

It sounds to me that that's still an open problem. And that not
generating any ID but storing data in LocalStorage (or a cookie; or
whatever else: locally) would be the most secure way of confirming
accountability.

Given an e-commerce scenario; on checkout the anonymous user would
submit their entire LocalStorage; which obviously includes cart. Their
shipping details and whatnot would include an email address, so create
them that profile; log them in; and email them their randomly
generated password.

#problem=solved

-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[Alec Taylor]

Not to worry, I'm releasing a generalised open-source OAuth2 Library for web2py.

As for your current mechanism of anonymous tokens… how about just
storing a cookie (or some other client-side storage) and when the user
logs-in or registers all their customisations (e.g.: if e-commerce,
their cart) will be sent securely to the server on receipt of
successful authentication.

That would be a much cleaner, more secure, streamlined and
self-contained model than your current one.

On Sun, Feb 10, 2013 at 9:33 AM, howesc how...@umich.edu wrote:
  - Apple explicitly does not allow using the hardware identifier in your
 app, and will reject app submission that do that.  because of this each app
 install logs in first as an anonymous user.
  - website users use standard web2py auth
  - app connections to the server use our modified OAuth API implementation.
 this forgoes web2py auth, but reads and writes to the same user table that
 web2py auth uses.  this allows the 2 different systems to connect.
  - the mobile apps are native code on their respective platforms, the
 website is html.

 unfortunately our modified OAuth implementation is pretty specific to our
 needs and so i don't think it's a candidate for us to open source.  i'll
 take a look into what we are doing though to see if any of it can/should be
 open sourced.

 cfh


 On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote:

 Howesc,
 Thanks for great info. So, does mobile app user have to register web2py
 via access token provided by their hardware in mobile application? May you
 explain how you built the login/registration module for mobile app users
 along with web2py?
 Do you code in html5 with native code for developing your mobile app?

 Sorry for asking more than one question, this topic sounds so interesting!
 :)

 Thank you!

 On Feb 9, 2013 11:45 AM, howesc how...@umich.edu wrote:

 well what we are using is a hybrid model:
  - the ios device uses a modified form of OAuth to get access tokens (and
 we have the confusing problem of users start anonymous but with an access
 token, and then may later create an account associating an email and other
 user data with the account)
  - the website uses web2py's auth to login those same users
  - the APNS token (Apple Push Notification Service) is provided
 optionally by the user if they opt-in to push notifications.  as such it's
 not a primary key for the user and can't be used for authentication.   if
 the user chooses to share it with us we store that in a field on our user
 table.  Note that the APNS token is device specific, so if the user has
 multiple devices then they might have multiple tokens.

 does that clarify at all?

 cfh

 On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote:

 I do not know how this works. Can you give us more details?

 On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote:

 i have millions of APNS tokens! i'd share, but they are tied to an
 app

 i did not tie APNS tokesn to web2py auth, but i added fields to my end
 user table, and the device uses my REST JSON API to POST the APNS tokens 
 to
 the server and update the user.  we don't use the APNS token as any sort 
 of
 user identifier.

 does that help?  lemme know if you are interested in more details.

 christian

 On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote:

 I'm looking into supporting Apple push notifications in an iPhone app
 that connects to a web2py server.
 In order to know which devices to push details to, web2py's auth
 module would presumably need to maintain Device Tokens.
 I'm curious if anyone has implemented a solution that takes care of
 this. I'd like to see how it was integrated with web2py's auth.

 Thanks,
 Chris

 --

 ---
 You received this message because you are subscribed to the Google Groups
 web2py-users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to web2py+un...@googlegroups.com.

 For more options, visit https://groups.google.com/groups/opt_out.



 --

 ---
 You received this message because you are subscribed to the Google Groups
 web2py-users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to web2py+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.



-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Integrating iPhone device tokens into web2py auth

[howesc]

well what we are using is a hybrid model:
 - the ios device uses a modified form of OAuth to get access tokens (and 
we have the confusing problem of users start anonymous but with an access 
token, and then may later create an account associating an email and 
other user data with the account)
 - the website uses web2py's auth to login those same users
 - the APNS token (Apple Push Notification Service) is provided optionally 
by the user if they opt-in to push notifications.  as such it's not a 
primary key for the user and can't be used for authentication.   if the 
user chooses to share it with us we store that in a field on our user 
table.  Note that the APNS token is device specific, so if the user has 
multiple devices then they might have multiple tokens.

does that clarify at all?

cfh

On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote:

 I do not know how this works. Can you give us more details?

 On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote:

 i have millions of APNS tokens! i'd share, but they are tied to an app

 i did not tie APNS tokesn to web2py auth, but i added fields to my end 
 user table, and the device uses my REST JSON API to POST the APNS tokens to 
 the server and update the user.  we don't use the APNS token as any sort of 
 user identifier.

 does that help?  lemme know if you are interested in more details.

 christian

 On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote:

 I'm looking into supporting Apple push notifications in an iPhone app 
 that connects to a web2py server.
 In order to know which devices to push details to, web2py's auth module 
 would presumably need to maintain Device Tokens.
 I'm curious if anyone has implemented a solution that takes care of 
 this. I'd like to see how it was integrated with web2py's auth.

 Thanks,
 Chris



-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[Kenny Chung]

Howesc,
Thanks for great info. So, does mobile app user have to register web2py via
access token provided by their hardware in mobile application? May you
explain how you built the login/registration module for mobile app users
along with web2py?
Do you code in html5 with native code for developing your mobile app?

Sorry for asking more than one question, this topic sounds so interesting!
:)

Thank you!
On Feb 9, 2013 11:45 AM, howesc how...@umich.edu wrote:

 well what we are using is a hybrid model:
  - the ios device uses a modified form of OAuth to get access tokens (and
 we have the confusing problem of users start anonymous but with an access
 token, and then may later create an account associating an email and
 other user data with the account)
  - the website uses web2py's auth to login those same users
  - the APNS token (Apple Push Notification Service) is provided optionally
 by the user if they opt-in to push notifications.  as such it's not a
 primary key for the user and can't be used for authentication.   if the
 user chooses to share it with us we store that in a field on our user
 table.  Note that the APNS token is device specific, so if the user has
 multiple devices then they might have multiple tokens.

 does that clarify at all?

 cfh

 On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote:

 I do not know how this works. Can you give us more details?

 On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote:

 i have millions of APNS tokens! i'd share, but they are tied to an
 app

 i did not tie APNS tokesn to web2py auth, but i added fields to my end
 user table, and the device uses my REST JSON API to POST the APNS tokens to
 the server and update the user.  we don't use the APNS token as any sort of
 user identifier.

 does that help?  lemme know if you are interested in more details.

 christian

 On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote:

 I'm looking into supporting Apple push notifications in an iPhone app
 that connects to a web2py server.
 In order to know which devices to push details to, web2py's auth module
 would presumably need to maintain Device Tokens.
 I'm curious if anyone has implemented a solution that takes care of
 this. I'd like to see how it was integrated with web2py's auth.

 Thanks,
 Chris

  --

 ---
 You received this message because you are subscribed to the Google Groups
 web2py-users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to web2py+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.




-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Integrating iPhone device tokens into web2py auth

[howesc]

 - Apple explicitly does not allow using the hardware identifier in your 
app, and will reject app submission that do that.  because of this each app 
install logs in first as an anonymous user.
 - website users use standard web2py auth
 - app connections to the server use our modified OAuth API 
implementation.  this forgoes web2py auth, but reads and writes to the same 
user table that web2py auth uses.  this allows the 2 different systems to 
connect.
 - the mobile apps are native code on their respective platforms, the 
website is html.

unfortunately our modified OAuth implementation is pretty specific to our 
needs and so i don't think it's a candidate for us to open source.  i'll 
take a look into what we are doing though to see if any of it can/should be 
open sourced.

cfh

On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote:

 Howesc,
 Thanks for great info. So, does mobile app user have to register web2py 
 via access token provided by their hardware in mobile application? May you 
 explain how you built the login/registration module for mobile app users 
 along with web2py?
 Do you code in html5 with native code for developing your mobile app?  

 Sorry for asking more than one question, this topic sounds so interesting! 
 :)

 Thank you!
 On Feb 9, 2013 11:45 AM, howesc how...@umich.edu javascript: wrote:

 well what we are using is a hybrid model:
  - the ios device uses a modified form of OAuth to get access tokens (and 
 we have the confusing problem of users start anonymous but with an access 
 token, and then may later create an account associating an email and 
 other user data with the account)
  - the website uses web2py's auth to login those same users
  - the APNS token (Apple Push Notification Service) is provided 
 optionally by the user if they opt-in to push notifications.  as such it's 
 not a primary key for the user and can't be used for authentication.   if 
 the user chooses to share it with us we store that in a field on our user 
 table.  Note that the APNS token is device specific, so if the user has 
 multiple devices then they might have multiple tokens.

 does that clarify at all?

 cfh

 On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote:

 I do not know how this works. Can you give us more details?

 On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote:

 i have millions of APNS tokens! i'd share, but they are tied to an 
 app

 i did not tie APNS tokesn to web2py auth, but i added fields to my end 
 user table, and the device uses my REST JSON API to POST the APNS tokens 
 to 
 the server and update the user.  we don't use the APNS token as any sort 
 of 
 user identifier.

 does that help?  lemme know if you are interested in more details.

 christian

 On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote:

 I'm looking into supporting Apple push notifications in an iPhone app 
 that connects to a web2py server.
 In order to know which devices to push details to, web2py's auth 
 module would presumably need to maintain Device Tokens.
 I'm curious if anyone has implemented a solution that takes care of 
 this. I'd like to see how it was integrated with web2py's auth.

 Thanks,
 Chris

  -- 
  
 --- 
 You received this message because you are subscribed to the Google Groups 
 web2py-users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to web2py+un...@googlegroups.com javascript:.
 For more options, visit https://groups.google.com/groups/opt_out.
  
  



-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Integrating iPhone device tokens into web2py auth

[howesc]

i have millions of APNS tokens! i'd share, but they are tied to an app

i did not tie APNS tokesn to web2py auth, but i added fields to my end user 
table, and the device uses my REST JSON API to POST the APNS tokens to the 
server and update the user.  we don't use the APNS token as any sort of 
user identifier.

does that help?  lemme know if you are interested in more details.

christian

On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote:

 I'm looking into supporting Apple push notifications in an iPhone app that 
 connects to a web2py server.
 In order to know which devices to push details to, web2py's auth module 
 would presumably need to maintain Device Tokens.
 I'm curious if anyone has implemented a solution that takes care of this. 
 I'd like to see how it was integrated with web2py's auth.

 Thanks,
 Chris


-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Integrating iPhone device tokens into web2py auth

[Massimo Di Pierro]

I do not know how this works. Can you give us more details?

On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote:

 i have millions of APNS tokens! i'd share, but they are tied to an app

 i did not tie APNS tokesn to web2py auth, but i added fields to my end 
 user table, and the device uses my REST JSON API to POST the APNS tokens to 
 the server and update the user.  we don't use the APNS token as any sort of 
 user identifier.

 does that help?  lemme know if you are interested in more details.

 christian

 On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote:

 I'm looking into supporting Apple push notifications in an iPhone app 
 that connects to a web2py server.
 In order to know which devices to push details to, web2py's auth module 
 would presumably need to maintain Device Tokens.
 I'm curious if anyone has implemented a solution that takes care of this. 
 I'd like to see how it was integrated with web2py's auth.

 Thanks,
 Chris



-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.