Thanks Alec, that will be a nice contribution. re my "special odd pain in the rear-end" login flow.....well we (the engineers) failed to sell that to the business. users can make purchases via apple without a proper logged in account, and we need to track those on the server. hence the anonymous user. it would be really nice if apple shared with us the itunes user ID on app launch, but they don't because they believe that violates the user's privacy (and i kinda agree on that point). So i'm stuck with an overly complex login flow. :(
cfh On Sunday, February 10, 2013 9:55:35 PM UTC-8, Alec Taylor wrote: > > Not to worry, I'm releasing a generalised open-source OAuth2 Library for > web2py. > > As for your current mechanism of anonymous tokens… how about just > storing a cookie (or some other client-side storage) and when the user > logs-in or registers all their customisations (e.g.: if e-commerce, > their cart) will be sent securely to the server on receipt of > successful authentication. > > That would be a much cleaner, more secure, streamlined and > self-contained model than your current one. > > On Sun, Feb 10, 2013 at 9:33 AM, howesc <how...@umich.edu <javascript:>> > wrote: > > - Apple explicitly does not allow using the hardware identifier in your > > app, and will reject app submission that do that. because of this each > app > > install "logs in" first as an anonymous user. > > - website users use standard web2py auth > > - app connections to the server use our modified OAuth API > implementation. > > this forgoes web2py auth, but reads and writes to the same user table > that > > web2py auth uses. this allows the 2 different systems to connect. > > - the mobile apps are native code on their respective platforms, the > > website is html. > > > > unfortunately our modified OAuth implementation is pretty specific to > our > > needs and so i don't think it's a candidate for us to open source. i'll > > take a look into what we are doing though to see if any of it can/should > be > > open sourced. > > > > cfh > > > > > > On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: > >> > >> Howesc, > >> Thanks for great info. So, does mobile app user have to register web2py > >> via access token provided by their hardware in mobile application? May > you > >> explain how you built the login/registration module for mobile app > users > >> along with web2py? > >> Do you code in html5 with native code for developing your mobile app? > >> > >> Sorry for asking more than one question, this topic sounds so > interesting! > >> :) > >> > >> Thank you! > >> > >> On Feb 9, 2013 11:45 AM, "howesc" <how...@umich.edu> wrote: > >>> > >>> well what we are using is a hybrid model: > >>> - the ios device uses a modified form of OAuth to get access tokens > (and > >>> we have the confusing problem of users start anonymous but with an > access > >>> token, and then may later create an "account" associating an email and > other > >>> user data with the account) > >>> - the website uses web2py's auth to login those same users > >>> - the APNS token (Apple Push Notification Service) is provided > >>> optionally by the user if they opt-in to push notifications. as such > it's > >>> not a primary key for the user and can't be used for authentication. > if > >>> the user chooses to share it with us we store that in a field on our > user > >>> table. Note that the APNS token is device specific, so if the user > has > >>> multiple devices then they might have multiple tokens. > >>> > >>> does that clarify at all? > >>> > >>> cfh > >>> > >>> On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: > >>>> > >>>> I do not know how this works. Can you give us more details? > >>>> > >>>> On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: > >>>>> > >>>>> i have millions of APNS tokens! i'd share, but they are tied to an > >>>>> app.... > >>>>> > >>>>> i did not tie APNS tokesn to web2py auth, but i added fields to my > end > >>>>> user table, and the device uses my REST JSON API to POST the APNS > tokens to > >>>>> the server and update the user. we don't use the APNS token as any > sort of > >>>>> user identifier. > >>>>> > >>>>> does that help? lemme know if you are interested in more details. > >>>>> > >>>>> christian > >>>>> > >>>>> On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: > >>>>>> > >>>>>> I'm looking into supporting Apple push notifications in an iPhone > app > >>>>>> that connects to a web2py server. > >>>>>> In order to know which devices to push details to, web2py's auth > >>>>>> module would presumably need to maintain "Device Tokens". > >>>>>> I'm curious if anyone has implemented a solution that takes care of > >>>>>> this. I'd like to see how it was integrated with web2py's auth. > >>>>>> > >>>>>> Thanks, > >>>>>> Chris > >>> > >>> -- > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > Groups > >>> "web2py-users" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > an > >>> email to web2py+un...@googlegroups.com. > >>> > >>> For more options, visit https://groups.google.com/groups/opt_out. > >>> > >>> > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "web2py-users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to web2py+un...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
