I would like to discuss my situation and understanding.
We need callers to video call customers. For this, I've been using Tokbox video chat.
I have setup a server for authentication purpose. It creates singleton session and generate tokens as given in the example code.
This is what I have in my mind till now
If callers A and B want to call customers C1 and C2, I guess I need to create two different sessions and their separate tokens.
I need to store session id and tokens for A and B separately in database or session
I need to send the session id and token to client mobile app so that client can subscribe
I don't need code, but just want to know if I'm going in right direction.
If a similar type of example links are available, that would be great
Thanks
Yes, I believe you're correct.
You can think of sessions like rooms, anyone whom joins the session (or room) can see and talk to each other.
Tokens can be thought of as keys to the room. If you have a token to the session, or a key to the room, then you're able to gain access.
You'll need to generate these sessionIds and tokens on a server, and store them in some sort of database. When caller A calls customer C1 a new sessionId will be generated. Then you'll need to generate a token for A and C1. They can now talk to each other. It's up to you to ensure that only A and C1 have access to the sessionId and tokens (using some sort of authentication and authorisation system).
I know the answer is too late but may help someone. I think you need not to store anything in database, so in your case, you are calling from web to mobile. I have implemented the same for my project. So the approach I am following is that I am creating an opentok Session and sending it to Mobile app using FCM, and connect on both web and Mobile. Once connection is established, We can start the actual Video chat. Since we are using FCM, we have mobile device Id, so we are sure that we are sending it to User it is intended for ( thus doing authentication as well)
Related
While developing an iOS and Android app for a backend API, I'm using separate client IDs for each. However, I noticed something that I find odd, and I'm hoping someone can explain why this works and if it's ok to work this way.
What I noticed is that if my backend API code supplies the Google Sign In client object with a client ID during instantiation, then it must match the client ID used by iOS or Android. (The client ID is called "audience" in the Google API code.) However, if my backend API code do NOT supply the Google Sign In client object with a client ID, then iOS/Android will always validate.
This is how it works whether you use php, java, nodejs, etc.
I expected not using a client ID to fail, same as using a mismatched client ID.
So, my questions: Is it valid to have the backend server validate ID tokens without specifying a client ID? Is there anything wrong or unsafe with doing it this way? What's the point of having the second part of the if statement that checks to make sure that client.audience (if set) match idtoken.audience, if you can just leave client.audience blank and it works anyway?
I wonder about this because related documentation, such as the Android docs, state this as part of the verification process when authenticating with a backend:
The value of aud in the ID token is equal to one of your app's client IDs. This check is necessary to prevent ID tokens issued to a malicious app being used to access data about the same user on your app's backend server.
If the point is to prevent malicious apps from doing bad things, why is valid to simply not use a client ID during verification?
Thanks in advance! I'm hoping someone can help me understand this. I haven't found a solid answer in Google's documentation.
We are developing a social networking iOS application. The application loads lots of data from back end server. I have following doubts which is still unclear .Please help
What is the best approach for handling these much data from back end server?.
How does social networking mobile applications like facebook loads and update friends data?
Does these kind of application uses a local database to store these data?? If so when is the values in the local database updated?
Is making an synchronous call on a separate thread same as making an asynchronous server call?
Please provide your suggestions.Thanks in advance
Ideally, load data "on demand". Request from the server the data the user is seeing at the moment, or that you think she will see soon. Also, request data in batches (for example, last 50 posts, or post between certain dates).
Considering the answer above, Facebook does something similar. The key is to be smart on the server side. Let the client ask for a feed, for example. The server returns the last 50 posts and a "next page" attribute. The client can store that attribute and when the user scrolls down to the last post, send a request to the server asking for more news and passing the "next page" attribute that the server previously returned. The server of course will return a new "next page" with the new request. In this way, what is returned to the client is decided by the server.
Yes, you should use a local database which acts like a client cache. This is used to present the data that was shown to the user the last time she opened the app, so that you can show something while the request is loading from the server. You should update your database when the server sends a response to your request. This is also valid for friend lists, messages, etc. Don't forget, though, that the server has he most up-to-date information and the client database is mostly a cache to display temporary information.
Not exactly the same but for your use case it will be very similar. Ideally some operating systems provide low level asynchronous network operations, which is much better than handling it on your code with a background thread.
I am developing an API for a social network website. This API will basically get all the requests from the users (get friend list, post a status update etc) and reply back if necessary.
We will implement OAuth 2.0 protocol for authentication. Consumer (our php project) has API id and secret.
Basic scenario:
Client wants to log in
API Consumer (php web project) takes this request, directs user to API
User send his/her user credentials to the api, gets the token.
User comes back to our website, pass token to the consumer.
Consumer goes to the api server, gets the access token.
Now consumer (php project) has access to user's private information.
Since this is a social network website, we want app developers to be able to use our API in the future.
I am not experienced in API-design. Does that flow make sense? I guess the simplest authentication would be accessing user information through php project. But we don't want to access database in php code. We will use ajax in client side and send a request to the API. And I believe there should be a better solution, what would you suggest?
Sure, API design is basically point where you need to choose technology.
Either it can be PHP or .net or Java.
I would prefer either PHP or .Net as we get lot of flexibility in it.
API will return XML or Json depending upon the request.
There are lot of CMS in php which can be helped.
.net we have Service Stack to help you.
API's had to be fully independent from other world as well as within API method as well.
If you are able to achieve this, then you will surely create a good architecture.
I am using the soundcloud API in my custom player, which I also sell. So far I told each client to register a new app and add his own client ID. Is this necessary or can I also include my client ID in the code? I am asking that because of security problems, when other users have my client ID.
Regards,
Rafael
The client_id is usually public and could potentially by reused by somebody else, there is no way to prevent this.
Your case sounds like it's ok to include a general client_id in the custom players instead of one per site.
When creating a service like Google Analytics or StatCounter, I want to do it a little bit different in the data storage part:
A user visits my client's website.
JS code or 1 pixel image is downloaded from my server.
Request sent to my server, where the data is processed.
Things like country, returning customer, bounce rate, etc are calculated.
Instead of storing this data in my server, I want to store it in the client's server.
The client is an individual or business who is using my "service" for web analytics of their website.
Assuming that they are prepared to create a db schema that I choose, what is the recommended way to send the data to them to store?
The only thing I can think of is, asking them to give me a URL in their server, to which I will POST a JSON string, which they can store or do whatever they want.
Apart from HTTP POST, are their any other choices I have to send the data to them?
You could store the data on your own server then provide a mechanism for the client to download it. This would save you the burden of entering and testing a different URL for each customer.
It would also mean that you would only need one SSL URL and authentication method for security. Otherwise you would need to make sure each customer has a working SSL and get your script to log onto each of them when it deposits the data.