Is there any certificate authority that allows for programmatic signing of windows mobile applications? At the moment my team uses Geotrust. Our build procedure looks like this:
Build app
"pre-sign" app with multi-step tool (
fill out form and upload "pre-signed" app on geotrust web site
download signed app
repeat
There must be a better way to do this.
Verisign provide a SOAP API that you can automate for M2M signing when using the "new" signing procedures.
The company I work for use Verisign using the old method and we build a application to automate the web forum filling out and uploading which worked ok. We are in the middle of re-writing to use the SOAP API instead under the new M2M signing rules.
Related
I am the owner of multiple apps on google play. I have a keystore for each app. Now I am outsourcing to a developer and this person is also helping me with stuff on google play developer console such as in-app purchases. He is now saying he needs the keystore and the related passwords to sign a release. I do not want to share those for security reasons. What should I do in this case? is there any workaround to allow him to continue working without sharing keystore and credentials?
You can perform the release yourself. After all you just have to compile the code and sign it. (I asume you use GIT).
You could use the Google App Sign, the signing data it's hosted in your google developer account and not in an external keystore, each time you upload an update google play will sign it. Take a look at this please: https://support.google.com/googleplay/android-developer/answer/7384423
What I have build:
A web application hosted on Heroku which reads coworkers' calendar and generates travel time events in their calendars. This way they can easily see what time they HAVE to leave to be on time for their next appointment.
I expect that 50 coworkers (at most) will use the web app. The app is not intended or made for external use.
I am using sensitive scopes (namely event writing permissions), so the web app has to be verified.
My problem:
Verification requires verified ownership of the web app domain, but I have it hosted on Heroku. I received a mail from Google's verification team which mentioned:
Please Note: Third party domain not owned by you, or domains that are hosted by a third party site, or redirects to third party sites are not permitted.
My question:
Can I use Heroku to pass the verification, or is it simply not allowed to use Heroku for web apps that use Google OAuth?
I found an answer to this problem: I Can't deploy google oauth app in heroku
I followed the steps and it worked! Google accepts the verification.
Note: in the Search Console, pick the URL prefix option and select the Meta Data verification option. I found that was the easiest to implement.
Lets say A is the owner. I want B, C and D users from our team to be able to upload the new versions of our application. Is this possible?
From this it is not very clear to me what kind of permission has a user.
If somebody has any experience to this part is welcome.
You need the google account details to sign in to the Developer Console.
Any application uploaded to the play store must be signed.
From Google documentation
Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. Android apps often use self-signed certificates. The app developer holds the certificate's private key.
Signed apk file have a binary file it build and signed with.
Only the developer have this file on his own computer . Once an application first signed and was uploaded to the store all the other versions of the app must build and be signed against the same binary file.
If a developer looses this file he will no longer be able to publish updates to his own app .
Warning: Keep your keystore and private key in a safe and secure place, and ensure that you have secure backups of them. If you publish an app to Google Play and then lose the key with which you signed your app, you will not be able to publish any updates to your app, since you must always sign all versions of your app with the same key.
(from the same link)
It is possible to add another user permission to your Developer console.
Here list of permissions you can choose to share:
Create & edit draft apps
Edit store listing, pricing & distribution
Manage Production APKs
Manage Alpha & Beta APKs
Manage Alpha & Beta users
View financial reports
Reply to reviews
Edit games
Publish games
View AdWords campaigns
Create AdWords campaigns
These permissions can be Global to all apps on account or only for particular apps.
Anyway if you share Manage Production APKs permission you'll have to share the signature file as well.
I have the task to build a new API. The API will mainly be used by tablet applications.
I'm thinking of using the new ASP WebApi.
My biggest concern however is the security part. Because the apps will be build by third-party companies, we do not want that usercredentials will be entered in their application, but redirected to our site (authenticationserver).
I have done some researching and I came accross OAuth 2.0. For working with mobile devices and tablets it's probably the best to work with the 'autohorization code flow' principle -correct me if I'm wrong-.
Am I thinking in the right direction or are their simpler authentication systems to achieve my goal?
Are their any frameworks (.NET) available (or documentation) how to create an Authentication Server and how to use it in the Asp webapi?
Is it easy these days to implement oauth2.0 in an IOS app?
Thanks for any help!
OAuth 2.0 authz code based grant is suitable when client app is a Web application. Will the apps that are going to be built by third party all be Web applications? There are HTTP redirects involved in that flow.
In OAuth 2.0, there is a client, there is a resource server (Web API in your case) and there is an authorization server. There is no such thing as Authentication server. Are you referring to some thing else?
I'm working on a Windows Phone 7 application with C#.
I want to implement my login page using Facebook account. To do that I'm using codeplex Facebook C# SDK.
How can I do that?
Thanks.
You can use ACS for that. See here. (answered your other question too)
In short (assuming you are writing a native app):
Your app (e.g. REST services) trusts ACS. For this you expect a SWT (Simple Web Token) that is issued by ACS
In your app, you embed a web browser that navigates to the app, to ACS and Facebook
Once the token negotiation happens in the browser, you extract the SWT and you pass it to the native app
All subsequent calls to your API include the SWT
If you are writing a "web" app for the phone, then it all just works.
In both scenarios, you would use WIF in your backend. It it is a REST API, you need the OAuth extensions mentioned in the link. If it is a web site, it all works OOB.