APNs token-based authentication for development - expo

is there an example of development environment VOIP notification with token-based authentication? I am trying to send VOIP notification to my app with auth token and keep getting BadDeviceToken response with status code 400. I have searched on the web and found this stackoverflow post, https://stackoverflow.com/a/48649312/2844934.
I have made sure that my app (expo app with dev-client) has development entitlement so I guess the problem is on my provider server (which I suspect it does not use development environment token??).
Thanks

Related

How OAuth authorization works via API

It is clear how to get a token from Google(or any other OAuth provider). But I do not understand where shoud I do it - server part or client part.
For example: I have a backend on Flask with unified API for Android, iOS and web(js/react) apps.
Where do I need to get a token? On the client (Android for example) part and send it to server or in my Flask app after request from client? Where should I get data from provider? How at all works interaction between client and server while using OAuth?
Would be pleased for some explanations or links on some guides
Your UIs will manage redirecting the user to authenticate - after which the UI is given an access token to call the API with.
The OAuth provider is the entry point for authentication and issues an access token afterwards.
The API uses the access token to identify the user and authorize access to resources.
A good way to understand OAuth is the HTTP messages - my blog post highlights these, and they are largely the same for SPAs and mobile.
There are also some code samples on my blog which you can run, in case useful.

Jersey client for accessing web services having Single Sign-On authentication [ webSSO / SSO ]?

I have a web service for which the user authentication is provided by web browser Single Sign-On authentication method , through which a human user is automatically logged in with his/her company email ID from a web browser.
I have written a java Jersey 2.x client (a non human consumer of web service). In client code I am using HttpAuth as
HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("ENTER_USERNAME_HERE", "PASSWORD_HERE");
But the client fails stating the HTTP status code as 302 (redirection error)
Then I used curl for the same and received the response as an HTML page stating
The document is moved here(<-- a link containing websso url to my resource).
After searching on SO I enabled the FollowsRedirection feature for my jersey client and now the error is changed to
Exception in thread "main" javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
Any pointer on how to handle this authentication problem ?
The issue was finally resolved , so I am going to answer my own question,
After all the RnD , it was clear that there isn't any sophisticated way for passing (Authenticating) the WEb SSO (Single Sign-On) from jeresy 2.x client code.
Although I found some interesting articles regarding kerberos here and here.
So , finally
I created an other URL path as
/AuthWithCert CONTEXT in server proxy configuration and added the requests coming from this path as an exclusion in webSSO login conf.
So automatically the authentication was pointed to default (HttpBasic Client Auth) without any redirection error and the client worked fine.

POST request working on localhost but not on azure

I am new to microsoft azure, but good with web api.
I have created web api services, and able to test it from postman tool when it is on localhost.
Now I have uploaded my services on azure and now I am not able to call it from postman tool.
Azure url: not working
http://******.azurewebsites.net/api/account/signIn
body
userName and password... both are string
localhost url: working
http://localhost:62676/api/account/signIn
body
userName and password... both are string
What do I need to change in services ? Please suggest.
I suggest you to enable debugging mode for your web api service in Azure to see the detailed error message and stacktrace for troubleshooting.
Alternatively, you can also enable Remote Debugging for your web api and set the necessary breakpoint to debug through your web api in Azure.

Communication between mobile phone application and server

I have a backend server in which is developed using Symfony 2 framework and FOSUserBundle as authentication provider.
I have made a custom (simple controller that return JSON) API to handle communication between server and the mobile app.
So basically all methods in this API need an authenticated user.
Blow is a little discussion between the server and the mobile app of what I’m planning to do :
mobile app: send https request with parameters(email and password)
server: verify email & password, generate a token, store it in the user table and send it to the mobile app
mobile app : include the token in future requests
server: getUserByToken() and continue the rest of logic
My Questions:
How to achieve credential(email & pass) verification on the server using FOSUserBundle (or anything else)?
I’m wondering what if a hacker use the Man In The Middle technic, get the token and use it to send requests to the server?
Disclaimer : I’m very novice in security and intermediate Symfony 2.
I’m sorry for not including image which will explain more(I haven’t enough reputation).
1.How to achieve credential(email & pass) verification on the server using FOSUserBundle (or anything else)?
Symfony2 handle it for you. You have an example of login here with FOSRestBundle using FosUserBundle. You just need to modify the code for only login with mail.

Error Occurred when verifying security for the message in MonoTouch using BasicHTTPbinding with SSL

We are currently looking to use MonoTouch to develop a iPad app. We have an existing web service and client that connects fine, using basic httpbinding with a mProxy.Security.Mode of TransportWithMessageCredential (HTTPS).
We then add the client credentials using:
mProxy.ClientCredentials.UserName.UserName = "Username";
mProxy.ClientCredentials.UserName.Password = "P#ssword";
However when we migrate this code to MonoTouch its errors verifying the security. We looked at the raw message recieved in both the windows and monotouch version and the monotouch version does not have any security credentials. I've read we will have to build these in manually. Is that the proper approach? Is there an easier way, or am I missing an easier way to do this. Please advise.
As of today, MonoTouch does not support WCF's Message Security mode. They do mention that it is a work in progress.
I had the same requirement as you did and ended up following a recipe that uses basicHttpBinding, Transport security, basic credentials, and a custom HTTP module that uses the basic credentials in the HTTP "Authorization" header to authenticate a user (against the ASP.NET Membership Provider).
You can find implementation details here:
How To – Use Username Authentication with Transport Security in WCF from Windows Forms