function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
mobillemobille 

Custom log in page of salesforce in iphone app

HI all,

Iam integrating salesforce api in my iphone app.I need custom log in page instead of salesforce webview to log in.When I call authenticate method SFOauthCoordinator delegate method :- (void)oauthCoordinator:(SFOAuthCoordinator *)coordinator didBeginAuthenticationWithView:(UIWebView *)view is calling.this method adding salesforce login webview on viewcontroller.This is a required delegate method.we should implement this method.if we wont implement this method we will get crashed...can anybody help how to design custom log in page???

Thanks.......
Sandeep kumar

WEN JIEWEN JIE

Hi,

 

As my practice the MobileSDK use the OAuth2.0 User-Agent Flow as their default authorization flow. So based on this flow, we need to direct user to salesforce login page and to get authorization.

 

So if you want to use your customized login page you can use the OAuth2.0 Username-Password Flow. This flow need user input their salesforce username, password and security_token, then use them to do the next step.(https://ap1.salesforce.com/help/doc/en/remoteaccess_oauth_username_password_flow.htm)

 

I have create a Android project based on this flow, and can fetch data from salesforce, but my method is no relation with MobileSDK.

 

Hope this can help you!

 

Thanks.

Kevin HawkinsKevin Hawkins

With the User Agent OAuth flow, you cannot use a custom login page, as the responsibilty for authorizing the user lies with the Salesforce service.  The Mobile SDK does not support the username/password flow, as this flow has security issues when applied to a mobile device, and is not recommended for use with mobile devices.

 

Thanks,

Kevin

 

mobillemobille

HI JIE,

Thanks for your reply,

as you said i sent fallowing url

 

https://login.salesforce.com/services/oauth2/token?grant_type=password&client_id=<consumer_key>&client_secret=<client secret>&username=<username>&password=<password>security_key.htm

 

but ima getting 

<OAuth>
<error>invalid_request</error>
<error_description>must use HTTP POST</error_description>
</OAuth>

https://login.salesforce.com/services/oauth2/token?grant_type=password&client_id=<consumer_key>&client_secret=<client secret>&username=<username>&password=<password>security_key

can you give me solution for this.

And i want to display user profile photo and likes and post on my iphone screen.how to access them?

which url we should use instance url or id url?and what are the parameters to url.?can you give me example url structure please...

 

Thanks,

Sandeep kumar.R

mobillemobille

HI Kevin,

Thanks for your reply,

as you said i sent fallowing url

 

https://login.salesforce.com/services/oauth2/token?grant_type=password&client_id=<consumer_key>&client_secret=<client secret>&username=<username>&password=<password>security_key.htm

 

but ima getting 

<OAuth>
<error>invalid_request</error>
<error_description>must use HTTP POST</error_description>
</OAuth>

 

can you give me solution for this.

 

And i want to display user profile photo and likes and post on my iphone screen.how to access them?

which url we should use instance url or id url?and what are the parameters to url.?can you give me example url structure please...

 

Thanks,

Sandeep kumar.R

WEN JIEWEN JIE

Hi,

 

Have a look with my project, use this way to sent request to salesforce and get access_token.

String instanceUrl = null;

			PostMethod post = new PostMethod("https://login.salesforce.com" + "/services/oauth2/token");
			post.addParameter("grant_type", "password");
			post.addParameter("client_id", clientId);
			post.addParameter("client_secret", clientSecret);
			post.addParameter("username", username);
			post.addParameter("password", password+SECURITY_TOKEN);
			post.addParameter("format", "json");

			try {
				HttpClient httpclient = new HttpClient();

				try {
					httpclient.executeMethod(post);
					JSONObject authResponse = new JSONObject(post.getResponseBodyAsString());
					System.out.println("Auth response: "+ authResponse.toString(2));
					
					accessToken = authResponse.getString("access_token");
					instanceUrl = authResponse.getString("instance_url");
				} catch (JSONException e) {
					e.printStackTrace();
					throw new ServletException(e);
				}
			} finally {
				post.releaseConnection();
			}

 

mobillemobille

hi jie,

Thanks for gr8 reply  very helpfull to me..

I want to display user profile picture and likes,posts.which url i have to use and which parameters should i pass .???

give one example url please???

 

Thanks,

Sandeep kumar.R

WEN JIEWEN JIE

Hi,

 

The above request is just to get the access_token, instance_url and other info from Salesforce. If you want to display user info you need to use the access_token and instance_url to make another request and sent it to Salesforce again.

 

You can write SOQL and use it as a parameter in request url:

 

curl -X GET https://<your instance_url>/services/data/v23.0/query/?q=SELECT+name+from+Coacher__c -H "Authorization: OAuth <access_token>" -H "X-PrettyPrint:1"

 

As this request, I will see the name about the "Coacher__c" sObject in the response from Salesforce.

 

Or write a Apex class and expose it as a  REST Web Service, then invoke it in your iphone project just like:

 

GetMethod get = new GetMethod(instanceUrl+"/services/apexrest/mobile/Merchandise__c");

You can see how to exposed your Apex class as REST Web Service in this url:

http://www.salesforce.com/us/developer/docs/apexcode/index.htm

 

Other reference:

http://www.salesforce.com/us/developer/docs/api_rest/index.htm

 

Thank you!

benburbbenburb
Hey Jie,

I am trying to do exactly what you have apparently succeeding in doing - creating an android app that uses Username-Password flow to authenticate behind the scenes, and don't particularly need the Salesforce Mobile SDK. I'd really appreciate it if you'd post a link to your Android project where you accomplished this - it would be a huge help!

Thanks, Ben

ps - I understand and agree with all of the comments about this approach being the anti-pattern OAuth is solving, yet this is an internal corporate app accessing zero exposure data.