Authentication with Xamarin iOS/Android app


#1

I have a couple authentications questions I’m hoping someone can help:

I’d like to be able to authenticate using Facebook, Google+, and Twitter as well as basic username/password.

  1. Is there any support for Google+ or Twitter? Or would I accomplish Google+ and Twitter authentication using Persona?

  2. I can use the AuthenticationFactory to create a Basic Authenticator and pass in a username and password on the mobile client side. Can someone tell me what or where the authenticator is authenticating against? Is there are separate user repository or user bucket/database I need to setup on Couchbase server? In other words, when and where is the username/password created and stored?

var url = new Uri("https://example.com/mydatabase/");
var push = database.CreatePushReplication(url);
var pull = database.CreatePullReplication(url);
var auth = AuthenticatorFactory.CreateBasicAuthenticator(username, password);
push.Authenticator = auth;
pull.Authenticator = auth;
  1. Does anyone have experience using Persona authentication for both iOS and Android? The current documentation says it only supports iOS: http://developer.couchbase.com/mobile/develop/guides/couchbase-lite/native-api/replication/index.html

  2. Are there any links, samples, or examples in Xamarin?


#2

There’s no Google+ or Twitter support currently. We’re talking about adding generic OAuth2 support, which I think would make those possible, but OAuth is very complicated and I’m definitely not an expert on it.

Basic auth simply authenticates against Sync Gateway itself (or whatever other server the client might be talking to, like CouchDB.) Sync Gateway has its own user account management; check the docs.


#3

Based on the Sync Gateway documentation, user account management is provided through the Admin REST API. Is there no mechanism for guest users to create/signup a user account with a specified username/password without Admin privileges?


#4

You can implement that yourself in your app server code. We didn’t implement it because it’s likely to be something you’ll need to customize based on your own requirements — i.e. what extra data you need to capture about users, whether to rate-limit or use CAPTCHAs, etc.


#5

Can you clarify what you mean by application server code? I currently don’t plan on having any server side code other than the sync gateway. My current plan is to have Couchbase function solely as online/remote data storage for my mobile apps. There is no web application or web services that would function as server code to manage user accounts.

Would it be possible to have the user accounts creation in the sync function?


#6

Would it also work if I grant Guest users access to the admin channels ( if all my user data are non-sensitive and non-identifiable data)?


#7

What Jens is saying is that Sync Gateway doesn’t have a function for users to request an account from an admin. If you need something like that, then you need to implement it yourself as a separate process. There is no function to create users in the sync function because the sync function cannot do things that admins do.


#8

I currently don’t plan on having any server side code other than the sync gateway.

You’ll need to, to do this, but it won’t take much. A simple HTTP handler to register a user account shouldn’t be more than a screenful of code in Ruby/Python/node.JS/whatever.

If you use Persona auth, you can enable user registration in the config, btw.

Would it also work if I grant Guest users access to the admin channels

It’s not a question of channel access, but to the admin API (port 4985 by default.) And no, it’s a bad idea to open the admin API to the outside world.


#9

Thanks for all the help, I will add in a back-end service for user registration.

I’m trying to test out the auto user registration with Facebook and Persona, but I keep getting an error message of “Cannot register new user: email is missing”.

  1. I tried auto registration by creating a Facebook authenticator and then doing a push/pull. In this case, the sync gateway log output message was “400 Cannot register new user email is missing”. Is there a way I set the user email on either the Authenticator object or the push/pull Replicator object?
  	var url = new Uri ("http://localhost:4984/sync_gateway/");
  	var push = database.CreatePushReplication (url);
  	var pull = database.CreatePullReplication (url);
  	var authenticator = AuthenticatorFactory.CreateFacebookAuthenticator (accessToken);
  	push.Authenticator = authenticator;
  	pull.Authenticator = authenticator;
  	push.Continuous = true;
  	pull.Continuous = true;
  	push.Changed += (sender, e) =>  {
  		Console.WriteLine ("Push changed");
  	};
  	pull.Changed += (sender, e) =>  {
  		Console.WriteLine ("Pull Changed");
  	};
  	push.Start ();
  	pull.Start ();
  	this.push = push;
  	this.pull = pull;
  1. I then tried using a simple REST client (RestSharp) to send a Post request to /dbName/_facebook to register the user. But I also get the same missing email error message there as well. Below is my code sample:

var client = new RestClient (“http://localhost:4984/”);
var request = new RestRequest (Method.POST);
request.Resource = “sync_gateway/_facebook”;
request.RequestFormat = DataFormat.Json;
request.AddJsonBody (new { access_token = accessToken, email = "myemail@gmail.com", remote_url = “http://localhost:4984/sync_gateway/” });


#10

I’m not that familiar with the Facebook login code, but it looks as though the Facebook identity API that the Gateway calls isn’t returning an email address. Maybe the FB account you’re using is configured to not share its email address with 3rd party apps?

You can’t pass the email address to the Gateway. It needs to get an address that’s been authenticated by Facebook as the real one for the account.


#11

(BTW, we’re working on an update to the FB login code that doesn’t require the email address; instead it uses the FB account’s UUID as the identifier for the SG account. I think this will be in 1.1.)


#12

You were right, I needed to grant email permission to the Facebook login code.

I see in the database that my local documents got pushed correctly and there’s a session created for my user.

I was able to see the user was created in the sync gateway user database. Is there any future plan to provide some sort of administration console to manage user accounts and sync gateway configurations?

Thanks for all the help!!