Authentication with Box on iPad

StackOverflow https://stackoverflow.com/questions/10838221

  •  12-06-2021
  •  | 
  •  

Pregunta

I'm adding Box support to an iPad app. I tried the official SDK and I don't want to use it for the following reasons:

  1. Login page is too wide for a modal controller with UIModalPresentationFormSheet style on iPad. The SDK hosts UIWebView which loads content of https://m.box.net/api/1.0/auth/, which perhaps returns HTML with min width set to 768px (although I didn't check the HTML, speculating here).

  2. HTML in login page doesn't show Google Apps authentication option. The full desktop version of the page does.

  3. Because the login page is hosted in UIWebView the user cannot be sure that he's supplying the credentials to Box, and not to an app author.

  4. I don't need the whole SDK functionality, just authentication, folder/file listing and content download. Since my app also uses other cloud storage providers I'd prefer to provide uniform file browsing experience.

Here's what I'm going to do:

  1. Add a custom URL scheme for my app, let's say "myapp".

  2. In Box's Application settings for my app set Redirect URL to myapp://RedirFromBoxAuth.

When the user chooses to browse Box from inside my app, I'm going to:

  1. Get a ticket by calling GET https://www.box.com/api/1.0/rest?action=get_ticket&api_key={API_KEY}

  2. Extract the ticket, then call openUrl with https://www.box.com/api/1.0/auth/{TICKET} This will open Safari and let the user enter his credentials. This is the full, desktop version of the login page.

  3. On successful login Box's server will tell Safari to redirect to myapp://RedirFromBoxAuth?ticket={TICKET}&auth_token={TOKEN}, which in turn will tell iOS to yield control to my app.

  4. My app receives handleOpenURL notification and I can extract the authentication token and use REST API from now on.

Please comment, is it a good plan? I created a quick prototype and it seems to work, but maybe I'm missing something?

Box team, could you please tell us will an app using this authentication model be eligible for inclusion in OneCloud?

¿Fue útil?

Solución

This seems like a good strategy and will probably make for a better UX/easier implementation than the normal redirect. Please let us know if you run into any weird edge cases by implementing it this way.

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top