How to use OAuth with Facebook in a Safari App Extension - javascript

My question is similar to How to use OAuth with Github in a Safari extension, however, the answer there explains how to use oauth with the older safari extension API. I am trying to use OAuth with the new Safari App Extension API (https://developer.apple.com/library/content/documentation/NetworkingInternetWeb/Conceptual/SafariAppExtension_PG/).
The new API allows the writing of native code, in addition to providing the ability to inject content scripts. Where should I perform the authentication? I also developed a chrome extension, and Google provides an API for retrieving OAuth tokens (https://developer.chrome.com/apps/identity) -- however I do not see anything similar for Safari App Extensions.
Any help is greatly appreciated!

I am currently working on Safari App Extension similar to your needs and the logic, certs (if you use them) persistence, access and refresh tokens all of them goes to the native code. From the SFSafariExtensionHandler you can control the active window/tab and all the pages in the tab, also receive callbacks from the pages.
For the OAuth use any native lib. that solves most of your needs for the logic. I am using this one from AeroGear.
Some adaptation will be needed for the page controlling.

Related

<a href="fb//"> open post/video Link in native App? [duplicate]

Some dev blogs have published information about the "fb://" url scheme for opening various views in the Facebook iPhone App. No matter how much I've searched, I haven't found one word from any official Facebook source about this.
Since the information is public anyways, I'm sure I'm not the only one who'd like to know, whether using this url scheme is officially approved, am I allowed to use it, does it work correctly, and if it's not approved, will it be and what's the approximate schedule for that?
Thanks in advance for any info on this subject!
It's there to support the iOS push notification system (i.e. you get a push notification that says "Friend's Name tagged you in a photo", and you tap on it, it takes you straight to the photo).
I'd assume it's not intended for third party use and therefore subject to change. Hell, Facebook's public-facing APIs are subject to change on a whim anyhow, so I'd be especially cautious about something they hadn't documented.
It's for iOS only. The iOS API lets you define you own URL scheme, so Facebook must have developed their application to register the fb:// URL scheme on iOS devices. It's not a feature that was created by Apple, it's something you, the developer, can make up.
Here are some resources you can investigate
The Facebook iOS SDK
Here on StackOverflow
A tutorial on how it works (not Facebook-specific)
You can use it from your own applications on iOS, but only if the Facebook application is installed. There are, however, plugins and browser extensions out there that mimic the behavior by handling the fb:// schema on your desktop browser.

Allow access to weblink only via native iOS and Android apps

I have website link at which I have designed a html/javascript web app. I used iOS and Android app to create an app that encapsulates the web app.
Is there a way to block access to the website link and only allow access to the website link only thru the native apps calling the link.
In short safari, IE, Chrome must not be able to access the link, but the iPhone & Android app should be able to access it.
Is there some way to tell that the app is accessing the site and not the phone or pc browsers.
I am sure there a number of ways to implement this.
Thanks,
It depends on how is the web app implemented. Since native Web Views are pretty much the wrapper for the standard browser (Safari/Chrome), you will find it tough to filter it based on that.
What you can do, however, is to add an extra GET variable (for ex. &ref=youruniquecodehere) or a custom User-Agent, based on which you will be able to identify, whether your application authorized the request (with a proper access code) or if it's a generic request using browser.
However, both of these options can still be bypassed if researched, although it'd require slightly more time. Not sure whether a solution that would work in 100% of cases exists.
Hope that helps, please correct me if I'm wrong.

Linking users to chrome flags page

I've created a site that utilizes the new Web Midi Api, native in Chrome Canary.
Since web midi isn't enabled by default, I would like to simply direct my users to chrome://flags/#enable-web-midi where they can enable midi.
I discovered that using an anchor tag isn't allowed, nor is window.open("chrome://flags"). I'm wondering if there is a Chrome expert out there who could steer me in the right direction.
I want to make this enabling step as easy as possible for my users.
chrome.tabs.create({url: "chrome://flags#enable-web-midi"});
This does not require any permission. (This assumes you are developing a Chrome app, if you are making a normal site, then I don't think it's possible.)
Details on chrome.tabs.create.

Google Analytics not working in Webview in iOS app

Let me first start out by saying I know how to use the iOS SDK so please don't answer this with a "just use the SDK." I want to know WHY google analytics is not working.
Here's my setup. I have a web app that is also baked into an android app and ios app via webview. I'm using cordova. The android app works just fine with the GA JS code. The web works just fine. However no events or page views are showing up from iOS. I've heard that GA is tied to the domain so does an iOS Webview do something under the hood to the domain?
I was going to attach my code snippet but it's coffeescript in a few classes so I'll just paste the compiled js
Analytics.prototype.track = function(args) {
window._gaq.push(args);
};
Analytics.track(['_trackEvent', 'SubscriptionModal', "Closed", data]);
This works fine in web and android so it's not a JS. I'm setting the GA _setDomainName to 'focusatwill.com' and can see that both ios and web have a domain of 'www.focusatwill.com'
I've read online a few people talking about this issue and everyone says just use the SDK. I'm looking for the reason why it doesn't work. How do you fix it to use the JS?
edit
I should mention that the html and JS are not baked into the device, ie they don't have a local url but are served up from our webserver
Safari on iOS6+ blocks third party cookies by default, and I'm certain that webviews do too.
Check that you have something similar to the following in the init method of AppDelegate.m:
NSHTTPCookieStorage* cookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
[cookieStorage setCookieAcceptPolicy:NSHTTPCookieAcceptPolicyAlways];
That's from the standard boilerplate generated by Cordova 3.0.9, but might not be present if you're using a version that predates iOS6. It sets the app-specific cookie policy, which should override the system default.

How to access Evernote API in Firefox/Chrome extensions?

I am willing to fiddle with Evernote API and use it Chrome/FF extensions. What I learnt that so far no JS API available which makes me to think to make a middle tier service in php/python and let my extension to access Evernote via that service.
The place where I am confused is authentication. How do I make a user to authenticate with Evernote from a browser extension? If it;s showing a html static page which then redirects to EverNote Login Page and store access token etc at server side. How will my extension remember logged In details and make calls to service and create/retrieve notes in my Chrome extension.
The workflow of App is following:
User will be able to login on Evernote via Extension(by accessing page of Logging).
After successful logging notes will be retrieved via middle tier service in Chrome Extension via Ajax Request.
USer can then post note via AJAX call to service which will then eventually store in Evernote via its API
Please guide me.
There are no official javascript API. But you can find a few un-official ones.
Take a look here for example : http://discussion.evernote.com/topic/22476-api-for-javascript/
Don't know how they work however.
Here's another solution :
Not sure it's the right way to do it but you could mimic the way the evernote webclipper works.
Basically it uses a internal customerKey / customerSecret along with the username and password to retrieve an oauthToken. Then it uses this OauthToken for all api calls.
You can find the process in the Auth.js file of the webclipper source code.
On a mac, the file is located in /Users/%user%/Library/Application Support/Google/Chrome/Default/Extensions/pioclpoplcdbaefihamjohnefbikjilc/5.9.5_0/js/main/Auth.js
I don't know on other systems but it shoudn't be too difficult to find on Google.
Hope that helps.
Now you can find an official JavaScript library. (I'm not sure limitations of Chrome extension though)
https://github.com/evernote/evernote-sdk-js
I find it here.
http://discussion.evernote.com/topic/34619-how-to-access-evernote-api-in-firefoxchrome-extensions/#entry250743
The FAQ of the library says that
Can I test my code in the browser
Yes. You can test your code in Chrome. Open Chrome using open /Applications/Google\ Chrome.app/ --args --disable-web-security .

Categories

Resources