I'm getting ready to add Ensenbles to my iPad app, and trying to figure out how much of a problem it's going to be if the device is not iCloud enabled, and then figure out how to get the device enabled, without user intervention (if that's at all possible).
Is this possible? (to enable iCloud without user intervention)
No, not at all. If the user doesn't enable iCloud, you don't get to override their decision. You can ask them to enable iCloud, but you can't do anything about it in your app.
Related
The site of the company I work at is using a Consent Management Platform which was functioning ok. Lately, we had to make some modifications in it and had to reimplement it. The implementation went ok, even the engineers who offer support for the CMP I'm using confirmed that everything I did was fine.
And now the problem: some users are still having the old cookie on their devices. So now when they are entering the site they receive a 400 error and can not access the site anymore. The fix would be so that every user manually deletes the cookie on their device but this is impossible to do as our visitors are not very technical and we can't reach all of them.
So, is there anyway to somehow make any kind of change/implementation, from our side, from the server-side, in order to refresh the users session and make their 400 error disappear without them having to do it manually?
I'm really in a pinch right now and am in need of real advice.
I have a web application using Hotjar to track user's information and behavior while they navigate through it, but I would like to give the user the possibility to turn on/off Hotjar tracking.
The idea is to have a check button that would turn on when selected and off when deselected. I was thinking also that this action could use some specific cookies, that would tell Hotjar the tracking is on or off dynamically.
Is it possible? If so, is it possible without page reloading?
According to this position from HotJar support, it is not yet possible to turn off using events.
I'm struggling with a the new OAuth verification process that Google has introduced. Earlier, my OAuth app was using sensitive scopes, and I made changes to ensure that the sensitive scopes are no longer required, and removed them from the OAuth consent screen configuration.
However, my OAuth consent screen is still being forced to go through the verification process (which is a black box and never seems to complete!)
I noticed the following user-cap being breached. Could the forced verification be because of this? How do I check which users are connected to my app, and also manually disconnect them? I have never bothered about this user-cap in the past, so it is quite possible that a number of these are internal/test users when the app was under active development and was being tested in production. Btw, if app simply deletes a user's refreshToken from the DB, and the user is forced to re-connect, will that count as +2 or +1 while calculating users against this cap?
Possibly related to How can I confirm the user limit of my google cloud/API? -- but that doesn't answer this question in detail.
I noticed the following user-cap being breached. Could the forced verification be because of this?
probably but only google can really anwser that
How do I check which users are connected to my app, and also manually disconnect them?
You cant there is no way for you to know what users where connected to your app and disconnect them unless you have saved a refresh token for these users if you have then you could remove them using the revoke command.
However this is no guarantee that the number google is displaying is going to change as it could be just a running total of users who have consented to your application in the past and not the ones who have currently consented. There is no way of know ing this as google hasnt told use.
if app simply deletes a user's refreshToken from the DB, and the user is forced to re-connect, will that count as +2 or +1 while calculating users against this cap
This may be true but that doesn't mean that the user has revoked your access to their application though their account. The only way to remove access is for the user to remove it in their account or for you to use the revoke endpoint to revoke them by force. Your application not having a refresh token doesn't mean that the user hasn't granted your application access.
Long story short your going to have to go though the verification process and wait for google to remove it when they see that you are no longer using the scopes that would require it.
Update: I have pinged someone on the team to see if this is working as intended or if it could be a bug. I will update this when i know more.
I'm writing C++ desktop application that allows users to sign in on some web service. By technical requirements, user can check 'remember me' checkbox and after he close app and run it again, app should re-sign in with email and password user input first time.
I know that it is not safe and strongly not recommended to store passwords on disk but i have no idea how to remember user's password in safe way. Is there any best practices or advices for such case?
Note: my application is for Windows/Ubuntu/MacOS so it will be cool to know about OS-independent ways. My app is C++11/Qt5.4 based.
The way that you're supposed to implement this kind of design is to issue the user a SessionID that is stored locally, and which is used to authenticate and access their specific interface. Then, if they wish to log in again at a later time, simply use the stored SessionID, and if they wish to log in as someone else, clear the SessionID and then log them in like normal, issuing a new SessionID. That way you aren't storing sensitive information on their computer.
I need to make a simple knowledge-base type application to use in company internal network. To make it simple and fast to use for end-users I would like to skip all the login in part (as it will be only visible to internal network users who we trust anyway) and automaticly pull the domain user name from the user and put it into the database (don't want people to waste time manually entering their name; the littler time they waste using the app, the higher chance they will actually use it).
So, is it possible to get that kind of information on a server? Do windows browsers send it in some headers that I could trust to be there?
If you are using IIS and Internet Explorer, you could turn on 'Integrated Windows Authentication' (NTLM authentication). This causes IE to automatically authenticate the user using your domain infrastructure. After automatic login, you can access the user name using the environment variable LOGON_USER. There is also a module for Apache (mod_ntlm) for this purpose, although I don't know its status.
Maybe you could event try to implement NTLM authentication yourself, but this will certainly be a lot of work.
Other than that, there seems to be no way since no reasonable browser will send the user name...
EDIT: It seems that python-win32 extensions or python-ntlm could do the trick, check out this thread. You still have to integrate it into Django, though.