Hello, Can someone create a web2pyslice explaining how to do it and what to change in web2py gluon in order to connect an android native app to it. 4 years later people(e.g: me, my colleagues...) are still facing the same issue and i think it can be helpful to the community.
kr, Oasis On Wednesday, October 15, 2014 at 3:48:02 AM UTC+2, Mark Li wrote: > > Hey Mark, > > I did finish this, although it's been some time since I've looked into the > code for the mobile-related stuff. Most of it still makes sense to me > > On Friday, October 10, 2014 1:31:09 PM UTC-7, Mark Graves wrote: >> >> Did you ever finish this? >> >> I implemented something similar. >> >> I'd love to collaborate and get a repo up for working with mobile devices >> with web2py as an app back end. >> >> On Sunday, January 6, 2013 11:43:05 AM UTC-6, dlypka wrote: >>> >>> If you mimic the same http traffic that a browser would generate, then >>> of course you will get all the normal web2py functionality such as the >>> session. >>> >>> The web2py session is usually stored in the database which means it can >>> store a large amount of data without the size limits of cookie storage. And >>> it will persist between requests. >>> >>> On Friday, January 4, 2013 6:19:14 PM UTC-6, Mark Li wrote: >>>> >>>> Would it be necessary to connect to the same web2py session? >>>> >>>> To my understanding, connecting to the same session would be necessary >>>> if the session contained Auth information indicating whether or not a user >>>> was logged in. However, using auth.login_bare(), I only return a token on >>>> login success, and the Auth information is never stored in session. Only >>>> the token would be used to check whether or not a user was authenticated, >>>> as this info is not stored in session. >>>> >>>> The login/authentication from Android would only be used for API calls, >>>> and not for browsing the site. In the 'tokens' table, there would be >>>> information about the user that would be similar to the Auth info stored >>>> in >>>> session. When the token is passed to web2py, it would return the same >>>> information that would normally be stored in session about the user. >>>> >>>> Thanks again for your help and checking my logic, I'm still pretty new >>>> to this! >>>> >>>> On Thursday, January 3, 2013 7:57:45 PM UTC-8, dlypka wrote: >>>>> >>>>> But are you reconnecting to the same web2py session on each request? >>>>> >>>>> On Thursday, January 3, 2013 3:20:01 PM UTC-6, Mark Li wrote: >>>>>> >>>>>> I reviewed your code again and looked into the source code for web2py >>>>>> to see how web2py deals with session login cookies. >>>>>> >>>>>> For what I want to accomplish, I believe I have found a method which >>>>>> does not involved changing web2py source code. It's simpler and more >>>>>> straight forward for me to wrap my head around (also not having to worry >>>>>> about storing cookies in the app). Please let me know if there's >>>>>> anything >>>>>> important I am missing or security flaws that I should consider. >>>>>> >>>>>> >>>>>> 1. Embed webview into native Android app, using auth.login_bare to >>>>>> authenticate. >>>>>> 2. On login success, return a token of similar format to web2py's >>>>>> session cookies. >>>>>> 3. Store this token in the database (in a table named 'tokens'), and >>>>>> send back to Android app as a cookie >>>>>> 4. For every request to my web service that requires authentication, >>>>>> send the token as a cookie and have the receiving API controller >>>>>> function >>>>>> extract the cookie/token. If the token is currently in the db.tokens, >>>>>> then >>>>>> the user has been authenticated and the request returns the appropriate >>>>>> data. >>>>>> 5. On logout/password change, delete the issued tokens for this user >>>>>> from db.tokens, so the same token can't be used to authenticate for >>>>>> future >>>>>> api calls. >>>>>> >>>>>> On Tuesday, January 1, 2013 10:33:26 PM UTC-8, dlypka wrote: >>>>>>> >>>>>>> I was not precisely calling from a native Android or native IOS app. >>>>>>> I was using a PhoneGap client, which is different. It is looks like >>>>>>> a web browser but is not a browser client. >>>>>>> PhoneGap can only use HTML5 storage unless you write a native >>>>>>> Android / IOS PhoneGap extension/plugin. >>>>>>> So my technique will work from almost any client platform, even from >>>>>>> a Windows native client app for example >>>>>>> as long as it uses HTTP. >>>>>>> >>>>>>> Also, in my tracing of how web2py handles the client connection, I >>>>>>> believe I found a few wrinkles in the sequence of events >>>>>>> which needed to be handled specially in this case where the client >>>>>>> is not a web browser. >>>>>>> >>>>>>> In your particular case, if you have cookies in the native client, >>>>>>> then that is one less problem to solve, >>>>>>> You probably just have to mimic the HTTP messages that a browser >>>>>>> would send. >>>>>>> >>>>>>> On Tuesday, January 1, 2013 5:19:50 PM UTC-6, Mark Li wrote: >>>>>>>> >>>>>>>> Thanks for the responses, and Happy New Years to you guys too! >>>>>>>> >>>>>>>> dlypka, for your cookieless solution, it assumes that the client >>>>>>>> app can't store/extract tokens? In the Google Android link above, it >>>>>>>> says >>>>>>>> that both Android and iOS can read and extract the tokens/cookies. So >>>>>>>> when >>>>>>>> the Android app calls the Web2py app, wouldn't it just pass in the >>>>>>>> cookie/token and have Web2py verify it as it Web2py normally verifies >>>>>>>> session login cookies? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Tuesday, January 1, 2013 9:07:16 AM UTC-8, Massimo Di Pierro >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> :-) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tuesday, 1 January 2013 10:45:47 UTC-6, dlypka wrote: >>>>>>>>>> >>>>>>>>>> Yes it is my New Year's Resolution to make time to put it in a >>>>>>>>>> Slice. >>>>>>>>>> >>>>>>>>>> On Tuesday, January 1, 2013 10:35:49 AM UTC-6, Massimo Di Pierro >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Perhaps this should go in a web2pyslice? >>>>>>>>>>> >>>>>>>>>>> On Monday, 31 December 2012 21:28:04 UTC-6, dlypka wrote: >>>>>>>>>>>> >>>>>>>>>>>> I developed a solution for this. >>>>>>>>>>>> I posted it here: >>>>>>>>>>>> >>>>>>>>>>>> https://groups.google.com/forum/?fromgroups=#!topic/web2py/YVYQHRJmcos >>>>>>>>>>>> >>>>>>>>>>>> Happy New Year! >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Monday, December 31, 2012 4:38:40 PM UTC-6, Mark Li wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> I am currently trying to authenticate users on an Android app >>>>>>>>>>>>> to my Web2py application. I am not comfortable implementing this >>>>>>>>>>>>> on my own >>>>>>>>>>>>> without some guidance/advice, as I'm worried about the security >>>>>>>>>>>>> of the >>>>>>>>>>>>> login information becoming jeopardized. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> I am following the guideline for authentication outlined by >>>>>>>>>>>>> Google here: >>>>>>>>>>>>> https://developers.google.com/accounts/docs/MobileApps >>>>>>>>>>>>> >>>>>>>>>>>>> Another outline of what how I'm trying to accomplish >>>>>>>>>>>>> Authentication outlined here: >>>>>>>>>>>>> http://stackoverflow.com/questions/7358715/authentication-model-for-android-application >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> The first step, and my question, is how I would generate a >>>>>>>>>>>>> token to return to the Android app after the user has >>>>>>>>>>>>> successfully logged >>>>>>>>>>>>> in. It is suggested that this token be in the same format to what >>>>>>>>>>>>> Web2py >>>>>>>>>>>>> uses for session login cookies, except with a 'mobile' flag >>>>>>>>>>>>> indicating the >>>>>>>>>>>>> token can only be used for API calls, and doesn't have the short >>>>>>>>>>>>> lifespan >>>>>>>>>>>>> of a browser session. >>>>>>>>>>>>> >>>>>>>>>>>>> Any help would be greatly appreciated, as I haven't read too >>>>>>>>>>>>> much about authentication to web2py from an Android app. >>>>>>>>>>>>> >>>>>>>>>>>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.