Not to worry, I'm releasing a generalised open-source OAuth2 Library for web2py.
As for your current mechanism of anonymous tokens… how about just storing a cookie (or some other client-side storage) and when the user logs-in or registers all their customisations (e.g.: if e-commerce, their cart) will be sent securely to the server on receipt of successful authentication. That would be a much cleaner, more secure, streamlined and self-contained model than your current one. On Sun, Feb 10, 2013 at 9:33 AM, howesc <[email protected]> wrote: > - Apple explicitly does not allow using the hardware identifier in your > app, and will reject app submission that do that. because of this each app > install "logs in" first as an anonymous user. > - website users use standard web2py auth > - app connections to the server use our modified OAuth API implementation. > this forgoes web2py auth, but reads and writes to the same user table that > web2py auth uses. this allows the 2 different systems to connect. > - the mobile apps are native code on their respective platforms, the > website is html. > > unfortunately our modified OAuth implementation is pretty specific to our > needs and so i don't think it's a candidate for us to open source. i'll > take a look into what we are doing though to see if any of it can/should be > open sourced. > > cfh > > > On Saturday, February 9, 2013 11:40:50 AM UTC-8, Kenny wrote: >> >> Howesc, >> Thanks for great info. So, does mobile app user have to register web2py >> via access token provided by their hardware in mobile application? May you >> explain how you built the login/registration module for mobile app users >> along with web2py? >> Do you code in html5 with native code for developing your mobile app? >> >> Sorry for asking more than one question, this topic sounds so interesting! >> :) >> >> Thank you! >> >> On Feb 9, 2013 11:45 AM, "howesc" <[email protected]> wrote: >>> >>> well what we are using is a hybrid model: >>> - the ios device uses a modified form of OAuth to get access tokens (and >>> we have the confusing problem of users start anonymous but with an access >>> token, and then may later create an "account" associating an email and other >>> user data with the account) >>> - the website uses web2py's auth to login those same users >>> - the APNS token (Apple Push Notification Service) is provided >>> optionally by the user if they opt-in to push notifications. as such it's >>> not a primary key for the user and can't be used for authentication. if >>> the user chooses to share it with us we store that in a field on our user >>> table. Note that the APNS token is device specific, so if the user has >>> multiple devices then they might have multiple tokens. >>> >>> does that clarify at all? >>> >>> cfh >>> >>> On Friday, February 8, 2013 9:46:42 PM UTC-8, Massimo Di Pierro wrote: >>>> >>>> I do not know how this works. Can you give us more details? >>>> >>>> On Friday, 8 February 2013 20:31:14 UTC-6, howesc wrote: >>>>> >>>>> i have millions of APNS tokens! i'd share, but they are tied to an >>>>> app.... >>>>> >>>>> i did not tie APNS tokesn to web2py auth, but i added fields to my end >>>>> user table, and the device uses my REST JSON API to POST the APNS tokens >>>>> to >>>>> the server and update the user. we don't use the APNS token as any sort >>>>> of >>>>> user identifier. >>>>> >>>>> does that help? lemme know if you are interested in more details. >>>>> >>>>> christian >>>>> >>>>> On Thursday, February 7, 2013 5:22:28 PM UTC-8, chris_g wrote: >>>>>> >>>>>> I'm looking into supporting Apple push notifications in an iPhone app >>>>>> that connects to a web2py server. >>>>>> In order to know which devices to push details to, web2py's auth >>>>>> module would presumably need to maintain "Device Tokens". >>>>>> I'm curious if anyone has implemented a solution that takes care of >>>>>> this. I'd like to see how it was integrated with web2py's auth. >>>>>> >>>>>> Thanks, >>>>>> Chris >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
