PDA

View Full Version : login and Authorization in app




MACloop
Jul 9, 2010, 04:18 AM
Hello,

I would like to let the user login and get data from another service, within my app. In order to enable this, the other service and I have been in touch and because they are using OAuth I have become a Consumerkey and Sharedsecret.

The question is:
How do I correctly and safe, get the data from this other service, in my app?

A possible progress could be:
- the user clicks on a button "get my data" or something.
- the user gives in password and username (for the other service)
- my app connects via NSURLConnection to the other service
- the user waits as long as the authorization is done
- the data is displayed in my app

I do not know how to "translate" this in a proper way? If this would be a web site, I would do the following:

1)
My web site is the Consumer and must use OAuth to gain access to the user data in order to display them. I am known in OAuth as a Consumer Developer and have a Consumer Key and a Consumer secret.

2)
The User clicks on a button on the page, like get my account data, and my web site requests from the other service a Request Token. At this point, the Request Token is not User-specific, and can be used by my web site to gain User approval from the User to access the private data.

3)
My web site receives the Request Token and redirects the User to the other service's OAuth User Authorization URL with the Request Token and asks the other service to redirect the user back once approval has been granted to http://myWebSite/getData.

4)
The user is now (after the redirection) requested to sign in. OAuth requires that Service Providers first authenticate the User, and then ask them to grant access to the Consumer.

5)
OAuth allows the user to keep the username and password private and not share them with my Web site or any other site. At no time does the user enters the credentials into my web site.

6)
After successfully logging in to the other service the user is asked to grant access to my Web site, aka the Consumer. The user can approve or deny access.

7)
Once the user approves the request, the other service marks the Request Token as User-authorized by the user. The userís browser is redirected back to my web site, to the URL previously provided http://myWebSite/getData together with the Request Token. This allows my web site to know it can now continue to fetch the user data.

8)
While the user waits, my web site uses the authorized Request Token and exchanges it for an Access Token. My web site exchanges the Request Token for an Access Token and request the data.

When my web site is done, the Userís browser refreshes to display the user data.


Every hint and help is very welcome!
Thanks in advance!
MACloop



MACloop
Jul 9, 2010, 06:27 AM
No ideas on this issue?
Some more concrete questions are:
- there are no sessions in an iPhone app - how do you create "safe spaces" in an iPhone app? Ie how to differenciate if the user is logged in or not?

MACloop

seepel
Jul 9, 2010, 04:38 PM
If you google GData objective-C you'll come across a library in code.google.com that deals with OAuth quite nicely. I actualy spent last night working with it and it seems pretty good.