Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Howesc, Thanks for great info. So, does mobile app user have to register web2py via access token provided by their hardware in mobile application? May you explain how you built the login/registration module for mobile app users along with web2py? Do you code in html5 with native code for developing your mobile app? Sorry for asking more than one question, this topic sounds so interesting! :) Thank you! On Feb 9, 2013 11:45 AM, "howesc" wrote: > well what we are using is a hybrid model: > - the ios device uses a modified form of OAuth to get access tokens (and > we have the confusing problem of users start anonymous but with an access > token, and then may later create an "account" associating an email and > other user data with the account) > - the website uses web2py's auth to login those same users > - the APNS token (Apple Push Notification Service) is provided optionally > by the user if they opt-in to push notifications. as such it's not a > primary key for the user and can't be used for authentication. if the > user chooses to share it with us we store that in a field on our user > table. Note that the APNS token is device specific, so if the user has > multiple devices then they might have multiple tokens. > > does that clarify at all? > > cfh > > On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: >> >> I do not know how this works. Can you give us more details? >> >> On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: >>> >>> i have millions of APNS tokens! i'd share, but they are tied to an >>> app >>> >>> i did not tie APNS tokesn to web2py auth, but i added fields to my end >>> user table, and the device uses my REST JSON API to POST the APNS tokens to >>> the server and update the user. we don't use the APNS token as any sort of >>> user identifier. >>> >>> does that help? lemme know if you are interested in more details. >>> >>> christian >>> >>> On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: I'm looking into supporting Apple push notifications in an iPhone app that connects to a web2py server. In order to know which devices to push details to, web2py's auth module would presumably need to maintain "Device Tokens". I'm curious if anyone has implemented a solution that takes care of this. I'd like to see how it was integrated with web2py's auth. Thanks, Chris >>> -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
- Apple explicitly does not allow using the hardware identifier in your app, and will reject app submission that do that. because of this each app install "logs in" first as an anonymous user. - website users use standard web2py auth - app connections to the server use our modified OAuth API implementation. this forgoes web2py auth, but reads and writes to the same user table that web2py auth uses. this allows the 2 different systems to connect. - the mobile apps are native code on their respective platforms, the website is html. unfortunately our modified OAuth implementation is pretty specific to our needs and so i don't think it's a candidate for us to open source. i'll take a look into what we are doing though to see if any of it can/should be open sourced. cfh On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: > > Howesc, > Thanks for great info. So, does mobile app user have to register web2py > via access token provided by their hardware in mobile application? May you > explain how you built the login/registration module for mobile app users > along with web2py? > Do you code in html5 with native code for developing your mobile app? > > Sorry for asking more than one question, this topic sounds so interesting! > :) > > Thank you! > On Feb 9, 2013 11:45 AM, "howesc" > wrote: > >> well what we are using is a hybrid model: >> - the ios device uses a modified form of OAuth to get access tokens (and >> we have the confusing problem of users start anonymous but with an access >> token, and then may later create an "account" associating an email and >> other user data with the account) >> - the website uses web2py's auth to login those same users >> - the APNS token (Apple Push Notification Service) is provided >> optionally by the user if they opt-in to push notifications. as such it's >> not a primary key for the user and can't be used for authentication. if >> the user chooses to share it with us we store that in a field on our user >> table. Note that the APNS token is device specific, so if the user has >> multiple devices then they might have multiple tokens. >> >> does that clarify at all? >> >> cfh >> >> On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: >>> >>> I do not know how this works. Can you give us more details? >>> >>> On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: i have millions of APNS tokens! i'd share, but they are tied to an app i did not tie APNS tokesn to web2py auth, but i added fields to my end user table, and the device uses my REST JSON API to POST the APNS tokens to the server and update the user. we don't use the APNS token as any sort of user identifier. does that help? lemme know if you are interested in more details. christian On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: > > I'm looking into supporting Apple push notifications in an iPhone app > that connects to a web2py server. > In order to know which devices to push details to, web2py's auth > module would presumably need to maintain "Device Tokens". > I'm curious if anyone has implemented a solution that takes care of > this. I'd like to see how it was integrated with web2py's auth. > > Thanks, > Chris > -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+un...@googlegroups.com . >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Not to worry, I'm releasing a generalised open-source OAuth2 Library for web2py. As for your current mechanism of anonymous tokens… how about just storing a cookie (or some other client-side storage) and when the user logs-in or registers all their customisations (e.g.: if e-commerce, their cart) will be sent securely to the server on receipt of successful authentication. That would be a much cleaner, more secure, streamlined and self-contained model than your current one. On Sun, Feb 10, 2013 at 9:33 AM, howesc wrote: > - Apple explicitly does not allow using the hardware identifier in your > app, and will reject app submission that do that. because of this each app > install "logs in" first as an anonymous user. > - website users use standard web2py auth > - app connections to the server use our modified OAuth API implementation. > this forgoes web2py auth, but reads and writes to the same user table that > web2py auth uses. this allows the 2 different systems to connect. > - the mobile apps are native code on their respective platforms, the > website is html. > > unfortunately our modified OAuth implementation is pretty specific to our > needs and so i don't think it's a candidate for us to open source. i'll > take a look into what we are doing though to see if any of it can/should be > open sourced. > > cfh > > > On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: >> >> Howesc, >> Thanks for great info. So, does mobile app user have to register web2py >> via access token provided by their hardware in mobile application? May you >> explain how you built the login/registration module for mobile app users >> along with web2py? >> Do you code in html5 with native code for developing your mobile app? >> >> Sorry for asking more than one question, this topic sounds so interesting! >> :) >> >> Thank you! >> >> On Feb 9, 2013 11:45 AM, "howesc" wrote: >>> >>> well what we are using is a hybrid model: >>> - the ios device uses a modified form of OAuth to get access tokens (and >>> we have the confusing problem of users start anonymous but with an access >>> token, and then may later create an "account" associating an email and other >>> user data with the account) >>> - the website uses web2py's auth to login those same users >>> - the APNS token (Apple Push Notification Service) is provided >>> optionally by the user if they opt-in to push notifications. as such it's >>> not a primary key for the user and can't be used for authentication. if >>> the user chooses to share it with us we store that in a field on our user >>> table. Note that the APNS token is device specific, so if the user has >>> multiple devices then they might have multiple tokens. >>> >>> does that clarify at all? >>> >>> cfh >>> >>> On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: I do not know how this works. Can you give us more details? On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: > > i have millions of APNS tokens! i'd share, but they are tied to an > app > > i did not tie APNS tokesn to web2py auth, but i added fields to my end > user table, and the device uses my REST JSON API to POST the APNS tokens > to > the server and update the user. we don't use the APNS token as any sort > of > user identifier. > > does that help? lemme know if you are interested in more details. > > christian > > On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: >> >> I'm looking into supporting Apple push notifications in an iPhone app >> that connects to a web2py server. >> In order to know which devices to push details to, web2py's auth >> module would presumably need to maintain "Device Tokens". >> I'm curious if anyone has implemented a solution that takes care of >> this. I'd like to see how it was integrated with web2py's auth. >> >> Thanks, >> Chris >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to web2py+un...@googlegroups.com. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Thanks Alec, that will be a nice contribution. re my "special odd pain in the rear-end" login flow.well we (the engineers) failed to sell that to the business. users can make purchases via apple without a proper logged in account, and we need to track those on the server. hence the anonymous user. it would be really nice if apple shared with us the itunes user ID on app launch, but they don't because they believe that violates the user's privacy (and i kinda agree on that point). So i'm stuck with an overly complex login flow. :( cfh On Sunday, February 10, 2013 9:55:35 PM UTC-8, Alec Taylor wrote: > > Not to worry, I'm releasing a generalised open-source OAuth2 Library for > web2py. > > As for your current mechanism of anonymous tokens… how about just > storing a cookie (or some other client-side storage) and when the user > logs-in or registers all their customisations (e.g.: if e-commerce, > their cart) will be sent securely to the server on receipt of > successful authentication. > > That would be a much cleaner, more secure, streamlined and > self-contained model than your current one. > > On Sun, Feb 10, 2013 at 9:33 AM, howesc > > wrote: > > - Apple explicitly does not allow using the hardware identifier in your > > app, and will reject app submission that do that. because of this each > app > > install "logs in" first as an anonymous user. > > - website users use standard web2py auth > > - app connections to the server use our modified OAuth API > implementation. > > this forgoes web2py auth, but reads and writes to the same user table > that > > web2py auth uses. this allows the 2 different systems to connect. > > - the mobile apps are native code on their respective platforms, the > > website is html. > > > > unfortunately our modified OAuth implementation is pretty specific to > our > > needs and so i don't think it's a candidate for us to open source. i'll > > take a look into what we are doing though to see if any of it can/should > be > > open sourced. > > > > cfh > > > > > > On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: > >> > >> Howesc, > >> Thanks for great info. So, does mobile app user have to register web2py > >> via access token provided by their hardware in mobile application? May > you > >> explain how you built the login/registration module for mobile app > users > >> along with web2py? > >> Do you code in html5 with native code for developing your mobile app? > >> > >> Sorry for asking more than one question, this topic sounds so > interesting! > >> :) > >> > >> Thank you! > >> > >> On Feb 9, 2013 11:45 AM, "howesc" wrote: > >>> > >>> well what we are using is a hybrid model: > >>> - the ios device uses a modified form of OAuth to get access tokens > (and > >>> we have the confusing problem of users start anonymous but with an > access > >>> token, and then may later create an "account" associating an email and > other > >>> user data with the account) > >>> - the website uses web2py's auth to login those same users > >>> - the APNS token (Apple Push Notification Service) is provided > >>> optionally by the user if they opt-in to push notifications. as such > it's > >>> not a primary key for the user and can't be used for authentication. > if > >>> the user chooses to share it with us we store that in a field on our > user > >>> table. Note that the APNS token is device specific, so if the user > has > >>> multiple devices then they might have multiple tokens. > >>> > >>> does that clarify at all? > >>> > >>> cfh > >>> > >>> On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: > > I do not know how this works. Can you give us more details? > > On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: > > > > i have millions of APNS tokens! i'd share, but they are tied to an > > app > > > > i did not tie APNS tokesn to web2py auth, but i added fields to my > end > > user table, and the device uses my REST JSON API to POST the APNS > tokens to > > the server and update the user. we don't use the APNS token as any > sort of > > user identifier. > > > > does that help? lemme know if you are interested in more details. > > > > christian > > > > On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: > >> > >> I'm looking into supporting Apple push notifications in an iPhone > app > >> that connects to a web2py server. > >> In order to know which devices to push details to, web2py's auth > >> module would presumably need to maintain "Device Tokens". > >> I'm curious if anyone has implemented a solution that takes care of > >> this. I'd like to see how it was integrated with web2py's auth. > >> > >> Thanks, > >> Chris > >>> > >>> -- > >>> > >>> --- > >>> You received this message becaus
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Thank you, guys. :) I think I should try to implement one, when I am free. Do you know any opensource for iphone oauth login as well as android? I am actually passing login credentials to web2py from android app via given web2py lib. On Feb 11, 2013 11:29 AM, "howesc" wrote: > Thanks Alec, that will be a nice contribution. > > re my "special odd pain in the rear-end" login flow.well we (the > engineers) failed to sell that to the business. users can make purchases > via apple without a proper logged in account, and we need to track those on > the server. hence the anonymous user. it would be really nice if apple > shared with us the itunes user ID on app launch, but they don't because > they believe that violates the user's privacy (and i kinda agree on that > point). So i'm stuck with an overly complex login flow. :( > > cfh > > On Sunday, February 10, 2013 9:55:35 PM UTC-8, Alec Taylor wrote: >> >> Not to worry, I'm releasing a generalised open-source OAuth2 Library for >> web2py. >> >> As for your current mechanism of anonymous tokens… how about just >> storing a cookie (or some other client-side storage) and when the user >> logs-in or registers all their customisations (e.g.: if e-commerce, >> their cart) will be sent securely to the server on receipt of >> successful authentication. >> >> That would be a much cleaner, more secure, streamlined and >> self-contained model than your current one. >> >> On Sun, Feb 10, 2013 at 9:33 AM, howesc wrote: >> > - Apple explicitly does not allow using the hardware identifier in >> your >> > app, and will reject app submission that do that. because of this each >> app >> > install "logs in" first as an anonymous user. >> > - website users use standard web2py auth >> > - app connections to the server use our modified OAuth API >> implementation. >> > this forgoes web2py auth, but reads and writes to the same user table >> that >> > web2py auth uses. this allows the 2 different systems to connect. >> > - the mobile apps are native code on their respective platforms, the >> > website is html. >> > >> > unfortunately our modified OAuth implementation is pretty specific to >> our >> > needs and so i don't think it's a candidate for us to open source. >> i'll >> > take a look into what we are doing though to see if any of it >> can/should be >> > open sourced. >> > >> > cfh >> > >> > >> > On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: >> >> >> >> Howesc, >> >> Thanks for great info. So, does mobile app user have to register >> web2py >> >> via access token provided by their hardware in mobile application? May >> you >> >> explain how you built the login/registration module for mobile app >> users >> >> along with web2py? >> >> Do you code in html5 with native code for developing your mobile app? >> >> >> >> Sorry for asking more than one question, this topic sounds so >> interesting! >> >> :) >> >> >> >> Thank you! >> >> >> >> On Feb 9, 2013 11:45 AM, "howesc" wrote: >> >>> >> >>> well what we are using is a hybrid model: >> >>> - the ios device uses a modified form of OAuth to get access tokens >> (and >> >>> we have the confusing problem of users start anonymous but with an >> access >> >>> token, and then may later create an "account" associating an email >> and other >> >>> user data with the account) >> >>> - the website uses web2py's auth to login those same users >> >>> - the APNS token (Apple Push Notification Service) is provided >> >>> optionally by the user if they opt-in to push notifications. as such >> it's >> >>> not a primary key for the user and can't be used for authentication. >> if >> >>> the user chooses to share it with us we store that in a field on our >> user >> >>> table. Note that the APNS token is device specific, so if the user >> has >> >>> multiple devices then they might have multiple tokens. >> >>> >> >>> does that clarify at all? >> >>> >> >>> cfh >> >>> >> >>> On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro >> wrote: >> >> I do not know how this works. Can you give us more details? >> >> On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: >> > >> > i have millions of APNS tokens! i'd share, but they are tied to an >> > app >> > >> > i did not tie APNS tokesn to web2py auth, but i added fields to my >> end >> > user table, and the device uses my REST JSON API to POST the APNS >> tokens to >> > the server and update the user. we don't use the APNS token as any >> sort of >> > user identifier. >> > >> > does that help? lemme know if you are interested in more details. >> > >> > christian >> > >> > On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: >> >> >> >> I'm looking into supporting Apple push notifications in an iPhone >> app >> >> that connects to a web2py server. >> >> In order to know which devices to push details to, web2py's auth >> >> module would pres
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
On Tue, Feb 12, 2013 at 4:29 AM, howesc wrote: > Thanks Alec, that will be a nice contribution. > > re my "special odd pain in the rear-end" login flow.well we (the > engineers) failed to sell that to the business. users can make purchases > via apple without a proper logged in account, and we need to track those on > the server. hence the anonymous user. it would be really nice if apple > shared with us the itunes user ID on app launch, but they don't because they > believe that violates the user's privacy (and i kinda agree on that point). > So i'm stuck with an overly complex login flow. :( > > cfh How do you differentiate between different anonymous users? Are you looking at MAC address or other related IDs? It sounds to me that that's still an open problem. And that not generating any ID but storing data in LocalStorage (or a cookie; or whatever else: locally) would be the most secure way of confirming accountability. Given an e-commerce scenario; on checkout the anonymous user would submit their entire LocalStorage; which obviously includes cart. Their shipping details and whatnot would include an email address, so create them that profile; log them in; and email them their randomly generated password. #problem=solved -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
for our system we have "anonymous" users (users with no email address), and "known" users (users with an email address. Apple does not expose the MAC address, the IMEI or the apple UDID of iOS devices to developers. their policies strictly forbid the use of hardware identifiers in apps distributed via the app store. Apple also strongly suggests that you verify all in-app-purchases from your server to prevent theft (and it's worth it, i see lots of attempted theft) so, given that our business wants users to be able to use 95% of the apps features without "creating an account" (sharing your email/password and some other info we ask for), and we use apple's receipt verification to check for fraudulent purchases, both the client and the server have to know about a particular application install. that gets us to where i am at today: - app launches and gets an OAuth token from the server (creates an end_user record on the server) (this OAuth token essentially becomes an application installation identifier) - app stores data about the user - server stores data about the user - later user may "login" which may be logging in to an existing account they made on another device (cause lots of apple device users have multiple devices) or a new user. in the login case we merge the activity of the user from before login. now if the business would allow us to require login before the user started the app, problem is solved.but we would lose 50-70% of our new users daily. On Monday, February 11, 2013 9:01:40 PM UTC-8, Alec Taylor wrote: > > On Tue, Feb 12, 2013 at 4:29 AM, howesc > > wrote: > > Thanks Alec, that will be a nice contribution. > > > > re my "special odd pain in the rear-end" login flow.well we (the > > engineers) failed to sell that to the business. users can make > purchases > > via apple without a proper logged in account, and we need to track those > on > > the server. hence the anonymous user. it would be really nice if apple > > shared with us the itunes user ID on app launch, but they don't because > they > > believe that violates the user's privacy (and i kinda agree on that > point). > > So i'm stuck with an overly complex login flow. :( > > > > cfh > > How do you differentiate between different anonymous users? > > Are you looking at MAC address or other related IDs? > > It sounds to me that that's still an open problem. And that not > generating any ID but storing data in LocalStorage (or a cookie; or > whatever else: locally) would be the most secure way of confirming > accountability. > > Given an e-commerce scenario; on checkout the anonymous user would > submit their entire LocalStorage; which obviously includes cart. Their > shipping details and whatnot would include an email address, so create > them that profile; log them in; and email them their randomly > generated password. > > #problem=solved > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Hmm; good point. On Wed, Feb 13, 2013 at 4:30 AM, howesc wrote: > for our system we have "anonymous" users (users with no email address), and > "known" users (users with an email address. > > Apple does not expose the MAC address, the IMEI or the apple UDID of iOS > devices to developers. their policies strictly forbid the use of hardware > identifiers in apps distributed via the app store. > > Apple also strongly suggests that you verify all in-app-purchases from your > server to prevent theft (and it's worth it, i see lots of attempted theft) > > so, given that our business wants users to be able to use 95% of the apps > features without "creating an account" (sharing your email/password and some > other info we ask for), and we use apple's receipt verification to check for > fraudulent purchases, both the client and the server have to know about a > particular application install. that gets us to where i am at today: > - app launches and gets an OAuth token from the server (creates an end_user > record on the server) (this OAuth token essentially becomes an application > installation identifier) > - app stores data about the user > - server stores data about the user > - later user may "login" which may be logging in to an existing account > they made on another device (cause lots of apple device users have multiple > devices) or a new user. in the login case we merge the activity of the user > from before login. > > now if the business would allow us to require login before the user started > the app, problem is solved.but we would lose 50-70% of our new users > daily. > > On Monday, February 11, 2013 9:01:40 PM UTC-8, Alec Taylor wrote: >> >> On Tue, Feb 12, 2013 at 4:29 AM, howesc wrote: >> > Thanks Alec, that will be a nice contribution. >> > >> > re my "special odd pain in the rear-end" login flow.well we (the >> > engineers) failed to sell that to the business. users can make >> > purchases >> > via apple without a proper logged in account, and we need to track those >> > on >> > the server. hence the anonymous user. it would be really nice if apple >> > shared with us the itunes user ID on app launch, but they don't because >> > they >> > believe that violates the user's privacy (and i kinda agree on that >> > point). >> > So i'm stuck with an overly complex login flow. :( >> > >> > cfh >> >> How do you differentiate between different anonymous users? >> >> Are you looking at MAC address or other related IDs? >> >> It sounds to me that that's still an open problem. And that not >> generating any ID but storing data in LocalStorage (or a cookie; or >> whatever else: locally) would be the most secure way of confirming >> accountability. >> >> Given an e-commerce scenario; on checkout the anonymous user would >> submit their entire LocalStorage; which obviously includes cart. Their >> shipping details and whatnot would include an email address, so create >> them that profile; log them in; and email them their randomly >> generated password. >> >> #problem=solved > > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Thanks for all the interesting responses. Here is Apple's description of the Push notificaiton process: http://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ApplePushService/ApplePushService.html There appears to be a similar framework for Android: http://developer.android.com/google/gcm/index.html To clarify, this process uses a "Device Token" which is generated per app/iPhone . The UDID is not shared with the notification provider (ie the web2py app). This process is not designed as an alternative to authentication. I am looking at OAuth in addition to Push notifications. Push notifications It is merely to notify the user of status changes with the application. Fortunately my potential requirement will only involve authenticated users receiving notifications. I would be guessing that the Device token would be attached to the session data and/or to the auth_event table. Presumably, users can be simultaneously logged in on iOS and Android devices and would expect to receive the correct notifications for their respective devices. At this point I have done very little research into this, but I wanted to start discussing these schemes with other developers who are encounter similar needs. -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Integrating iPhone device tokens into web2py auth
Yes, that sounds similar to what i do.
- i created a custom auth user table, it happens to be called end_user
(though it can be called auth_user):
auth.settings.table_user_name = 'end_user'
auth.settings.table_user = db.end_user.table
auth.define_tables()
- My end_user table has some fun fields, the one you are interested in is:
Field('apns_tokens', 'list:string')
- Oauth happens with the client
- client then does a POST to our api (/api/v7/user) with the APNS token as
the payload
- if i don't already have the APNS token i add it to the list and register
it with my APNS service (you may use a 3rd party service such as
UrbanAirship or Parse, or build your own)
- note that i keep a list of tokens because my users have multiple devices
and so multiple tokens.
- we are starting our android port nowso i don't have an opinion about
that yet.
does that help?
cfh
On Wednesday, February 13, 2013 9:52:10 PM UTC-8, chris_g wrote:
>
> Thanks for all the interesting responses.
>
> Here is Apple's description of the Push notificaiton process:
>
> http://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ApplePushService/ApplePushService.html
>
> There appears to be a similar framework for Android:
> http://developer.android.com/google/gcm/index.html
>
> To clarify, this process uses a "Device Token" which is generated per
> app/iPhone . The UDID is not shared with the notification provider (ie the
> web2py app).
> This process is not designed as an alternative to authentication. I am
> looking at OAuth in addition to Push notifications. Push notifications It
> is merely to notify the user of status changes with the application.
>
> Fortunately my potential requirement will only involve authenticated users
> receiving notifications. I would be guessing that the Device token would be
> attached to the session data and/or to the auth_event table.
> Presumably, users can be simultaneously logged in on iOS and Android
> devices and would expect to receive the correct notifications for their
> respective devices.
>
> At this point I have done very little research into this, but I wanted to
> start discussing these schemes with other developers who are encounter
> similar needs.
>
>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
