stackoom
  简体   繁体   中英

Digits Authentication with Parse Server

 原文  2015-02-22 18:25:40       android/ authentication/ oauth/ parse-platform/ twitter-fabric

Question

In building an a small Android app, I decided to try out Digits to login with a phone number and Parse for the back end.

How might I validate a Digits session with the Parse server?

I've started with the below example, though I'm not sure if this is 'correct' (adapted from this post ).

Android Client:

  1. Request auth (oauth?) token and user id from digits

    a. Send in a digits key and secret, retrieve an object

  2. Validate this session with Parse

    a. Send in phone number, auth token, and user id

    b. Receive acknowledge with user info if authorization is valid

Parse:

  1. Auth endpoint takes phone number, auth token, and user id

    a. Validate with twitter endpoint

    b. Insert auth token hash and user id into a Sessions table (future requests will ping this table, not twitter)

    c. Return acknowledge to client

The above makes sense, but a Parse Example with Github login seems to do something slightly different. With Parse, the initial request to the third-party is made from the Parse server, not the client.

Github requires a 'state' parameter to be sent in, which seems to be why the Parse example has its initial request sent from the server, whereas Digits does not require such parameter. Does this make the Digits authentication any less secure? Is there a way to make this process more secure/correct?

1 answers

solution1
 5 ACCPTED  2015-03-08 23:50:05

Here's a gist of my current solution.

On the Parse side of things I send in an http request that looks something like the following: 

// Within a /verify_credentials webhook
Parse.Cloud.httpRequest({
    method: 'GET',
    url: req.get(headers[0]),
    headers: {'Authorization': req.get(headers[1])},

    success: function(httpResponse) {
        var obj = JSON.parse(httpResponse.text);
        res.status(httpResponse.status).send("success");
    },
    error: function(httpResponse) {
        res.status(400).json({
            error: 'Unable to make a twitter request'
        });
    }
});

On the Android side of things, I send an http request to the Parse server with the Parse session information within the headers: 

    TwitterAuthConfig authConfig = TwitterCore.getInstance().getAuthConfig();

    // Cast from AuthToken to TwitterAuthToken
    TwitterAuthToken authToken = (TwitterAuthToken)session.getAuthToken();

    OAuthSigning oAuthSigning = new OAuthSigning(authConfig, authToken);
    // First value should be the location we're querying to twitter. 
        // The second is the actual validation information
    Map<String, String> authHeaders = oAuthSigning.getOAuthEchoHeadersForVerifyCredentials();
    try {
        cloud.verifyCredentials(
                authHeaders.get("X-Auth-Service-Provider"),
                authHeaders.get("X-Verify-Credentials-Authorization"),
                session.getId(),
                callback);
    }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Twitter Digits check if the authentication was already made Firebase, Digits Authentication Error, Activity Destroyed issue Export Compliance: Does Parse Server use HTTPS to send all Data or only for Authentication? Parse URI number from contact name instead of digits GCM XMPP server authentication Cordova fingerprint authentication on server Authentication and Authorization on web server ? Parse Server and MongoDB basics save screenshot in parse server deleting a row in parse server?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM