I have a scenario where I have a server that holds username/password. So upon launching my android app and the user it authenticated I would like to automatically sync his account (Gmail for example) without going through the traditional setup screen.Are there any public googe/gmail APIs that I could use for this purpose. Any help at this point would be greatly appreciated.
Related
I've just had an Android Firebase app penetration tested, and the tester found a file com.google.Firebase.auth.api.xml within Shared Preferences. It contained the access_token + refresh_token (which could be used to access the Firebase API).
Has anyone else experienced this vulnerability and know the best way to fix it?
(I can't work out or understand why this information is being stored locally, I've taken a look through the Firebase documentation and through my app and as far as I can tell everything is integrated properly. The app itself uses Firebase as the backend server which handles logins, authentication, Firestore and Storage)
Any help would be massively appreciated.
Got in touch with Firebase and this is the response for anyone interested:
"I understand your concern, as you have said the file is used to re-authenticate the user, however, those values are set after a successful login and the SDK updates that file each hour. The vulnerabilities that you may have noticed should be related to modifying information related to that specific user and the features or data the user has access to. Please remember that the Firebase security is not only on the Authentication product, they are more tools that enforce the security in a Firebase application, that is the reason why your Security Rules should avoid insecure rules and match with your business model."
The company that I work for has some small android applications running that communicate with their ERP software lately they requested to authenticate users and have sessions for safety reasons
Instead of integrating the autheticate and session code into every app (6) I want to build an Android app that acts like a dashboard. The app will authenticate the user, create a session and show the available apps on the device that the user can access with their user role.
The problem is I need the know which app requires which user role
I don't want to store this information in the dashboard app sinds that will require me to update the dashboard app each time i create or change an app
I was thinking or using an Content provider but that seems to be a lot of work and redundant since it has to be integrated into every app that I have (6)
So my question, is there a way to get data from apps that can easily be implemented. The data isn't big (only one Integer)
thanks in advance.
Hi I have developed an web application using google app engine, for google shared domain contact, Its working fine when I am running it in the localhost but when I deploy that application into google app engine it showing warning screen before user conforming for consent(as shown in the image).
I am using 2 scope http://www.google.com/m8/feeds/contacts/ and https://www.googleapis.com/auth/userinfo.email. when I try to add a user information in the google shared contact I am getting a exception message as www.google.com. How can I resolve the problem? am i need to verify my application in the oauth_app_verification. Can any one solve this?
Thank you.,
You need to go through the verification process before you launch your app. This new process came recently to protect user's data. You can start the verification by submitting this form but before it is recommended to follow steps here
I'm developing an android application and i have integrated Linkedin into my app for authentication by using this link
http://www.theappguruz.com/blog/android-linkedin-connectivity-code-sample/.
I want to know user's connections(friends/associates) in Linkedin who have installed my app i,e user's Linkedin connections who have downloaded my app.Is there any way to achieve this?
Thanks in advance for any help
I believe most of the time this task is done on the application side from scratch (It was called autodiscovery in our project).
So basically what you need is connection management for the User. Simplest possible solutions:
App based User connection management.
In this case you need to have some distributed Key-Value store available to your Android application (Some Redis host for example).
The simplest workflow in this case
Populate key-value - like linkedIn_ID -> your_application_id on LinkedIn API authorisation.
Find connected users for your Application, querying by connection LinkedIn_ID.
Server based User connection management
The same thing, but introducing separate API on your server.
In both cases, take in consideration new connections, that might appear after some time.
Hi i've integrated Facebook application with my application.
This is only working for the user-account who is registered with the application.
I am not able to find the authorizing screen just after login for users other then the registered user.
How can i achieve this ?
I am using following permission array:-
FACEBOOK_PERMISSION = {"offline_access", "publish_stream",
"user_photos", "publish_checkins", "photo_upload" };
Am i missing something please help me.
The problem you are facing is directly related to the fact that your application is in the sandbox mode. In this mode only the developers, testers and other people registered in the app settings are able to access the application. To allow the general public to use your application, you will have to disable the sandbox mode and then everyone can use it.