we have already developed a web app using codeigniter and now planning a mobile client(for android phones).The scenario is like this
1)mobile client will have a local db same as server db
2)After installing the app an authentication process is there
3)After authentication we need to download the data from server db to mobile client DB.
I have created one web service using REST api for authentication process and its working but for step 3 i need help.
Can i use REST api for that also or is there exist any other secure mechanism to sync server and mobile client DB ?
Can anyone suggest please!
Best regards,
First, you need create a very strong structure compatible with Oauth2, I recommended this library: Codeigniter RESTserver
After, you must know how works the Oauth2 protocol and implements it.
Read this tutorial, is old but good for your work: http://code.tutsplus.com/tutorials/working-with-restful-services-in-codeigniter--net-8814
Related
I've developed a website with the usual crud functionalities in Codeigniter and MySQL. I'm now tasked with creating a mobile app (with the same functionalities ) in Ionic 2.
To access my database with Ionic, I created a REST api -- which I was able to manipulate smoothly.
My questions are:
How, or can I, use my MySQL users' credentials to log in on my Ionic 2 app?
How can my web and mobile can share the same database?
I've been reading a lot about Fire base,etc. However, my tiny brain is unable to comprehend whatever I read. If anyone can point me to right direction, I would highly appreciate it. Thanks!
When developing an Ionic App you have to think of it as if you were developing a regular website. The only difference is that you have access to native device features with cordova plugins, but the whole flow is almost exactly like in a regular website (it is an angular application after all).
This means you can use your API just like you use it in your website. There is no need to use firebase. (Firebase is kind of like a database itself that you could use INSTEAD of your MySQL backend)
Totally agree with #Andreas. When you build a modern application that supports on the different platforms such as web or mobile, you need to design a standard API and then next step is to build a web application/mobile app to consume this API. And because of all the web/devices are all consuming from the same API, they are interacted with the same database. Unless they are using different API.
Can refer to the image below for easy understanding.
So talk about how authentication and authorization can be done from the mobile app or from the web app. You should take a look at OAuth2. It is a protocol for securing API services from untrusted devices, and it provides a nice way to authenticate mobile users via what is called token authentication.
The workflow will look like below, on both web and mobile app.
A user opens up your mobile app and is prompted for their username or email and password.
You send a POST request from your mobile app to your API service with the user’s username or email and password data included (OVER SSL for sure. If you don't know about it, google it).
You validate the user credentials, and create an access token for the user that expires after a certain amount of time.
You store this access token on the mobile device, treating it like an API key which lets you access your API service.
Once the access token expires and no longer works, you re-prompt the user for their username or email and password.
Reference
REST API from PHP
The ultimate guide for Mobile Security
I am having a PHP based application, that uses MySQL as the DB. I am currently trying to build a real-time messaging system for the users in the application. I have found Firebase to be a very good solution for building this. However, I am not sure if the architecture I am planning is compatible with the architecture am planning. Digging through the documentation didn't really get me the answers.
My Doubts are:
I don't want users to again login to use chat, so I want to
authenticated via the server (i.e from php).
I want, the further chat/messaging to happen from client to Firebase directly as I don't want to have unwanted overhead on my server, especially when a direct connection is not only supported but also efficient.
Can I authenticate via php and get some secret key or something and then use that to connect securely via Js?
I found this link which talks about custom authentication system. But am not sure, if this is what I have to use. And if the solution am planning is scalable and ok.
Firebase Auth persists the session on the client via localStorage/indexedDB and is a headless API that doesn't require a hosted server. So you are not required to authenticate the user via your server.
You can definitely build the messaging app entirely on the client with real-time database without routing traffic to your server. Here is an example of a chat app built with Firebase: https://github.com/firebase/friendlychat
If you already have an existing authentication system, you can use custom auth which requires that you mint a custom token after you authenticate a user with your system, you then send that custom token to the client and then signInWithCustomToken. Here is some code to create a custom token with PHP: https://firebase.google.com/docs/auth/admin/create-custom-tokens#create_custom_tokens_using_the_firebase_admin_sdk
If you don't have an existing auth system, you can entirely run the authentication on the client side. Another good library for authentication that is built on top of Firebase is FirebaseUI: https://github.com/firebase/firebaseui-web
I've made an app for Android that uses the Retrofit HTTP API to call PHP scripts which query a database.
App -> Retrofit Call -> PHP -> Database
The PHP and the database are both hosted on the same Amazon EC2 instance.
I would like my app to be deployable to many users, but I don't know how to keep my backend private.
In order for the app to interact with the database, it must use the PHP and since users' IP addresses will vary, I have to keep that PHP code's host's IP address public so that all users can submit/download data.
The problem is that this leaves my backend open to anyone who wants to sniff out the IP address. How can I get around this issue? Is PHP/MySQL a bad choice for Android, or have I simply chosen the wrong platforms?
The best solution will be if you create an API backend for your app that in turn talks to your app-server and database. This is the standard practice of creating mobile applications that have cloud backends
AWS API Gateway would be a perfect fit for it. This is very cheap, responsive and a secure service.
Is encryption out of the question? You can encrypt/decrypt strings or data between android and PHP.
Some codes that I used can be found here: https://stackoverflow.com/a/20929131/7199177
You might have created APIs using PHP
You can develop the following mechanism using the PHP to secure your APIs:
list out the API which should be public like login, signup so anyone can access it.
All other APP should be accessible after a some authentication only.
Your APIs should be talking to your Database server which is in a private subnet.
Other options:
Use API-Gateway with Lambda and your Database server:
To reduce the use of API-gateway you can directly write a code in lambda and use aws-sdk in your application to call lambda. In backend use your database server.
I'm building a mobile project that needs to be in constant communication with a server and i need some information . I know how to build local apps but this is the first time that i'm building an app that requires external call to a server / authentication service .
I'm asking for guidance how to proceed and which services/servers to use.
What type of server/database do i need ?
I'm guessing i will be requiring an API service but no idea how to choose/make one.
I want to use azure services/database but i also don't want to be dependent on it. I want to have my own url that i send request to and interact with a server/db that i can later move to another host fairly easily.
I develop websites mostly and i'm familiar with php/laravel + Mysql but i think in this case it will be overkill to create a laravel app simply for the server backend .
The app will be mobile only so i don't expect to have a webpage for it . simply an external server/database where the data will be saved.
First i need an authentication service - where each user will register on the phone which will then be saved in my external server/database . Then when they need to login - they will input the login details on the phone , which will query the esternal server/database and if validated - get their details from the server.
First, you need to decide which kind of server communication you'll need. it's in real time and constant? then you'll need a websocket. It's in bursts when you need to send or get data? then you'll need some kind of webservice (REST, RPC, SOAP). Then you have to evaluate the user load you'll have. And finally, the human resources you'll have.
Based on your question, I think a REST webservice will be more than enough. You may:
-Create a REST service for every group of related resources. Example: the /user URL should handle the signup, login, logout and user update operations.
-Create a method for each one of those operations and handle them. Then, call the method from the REST service class.
-Depending on the amount of users and the technology you're using, create a server to handle the requests, or upload your REST project to a server (tomcat, for example).
-Create an app and consume the REST services from there.
There are tons of tech you can choose for these things. PHP allows creating REST services, I think. Java is a very good choice too, since you can use the same code in both server and android apps. Node.Js is pretty popular, too, since you don't need servers and uses NIO (althought java can do both things using jetty and also has multithreading); golang and scala both have superb performance (golang is a lot more easier to learn, though, and it has no need to use external webservers).
Hope this helps.
For mobile applications the best will be REST (representational state transfer),becouse is lightweight and flex to use in other technology. I had project which include REST and mobile app and web app and it working very well.
In this scenario, we usually will build a REST API service for client end. As you are familiar with Laravel, you can refer to http://www.programmableweb.com/news/how-to-build-restful-apis-using-php-and-laravel/how-to/2014/08/13#apiu for how to build a REST API service with Laravel. Also you can leverage other light 3rd part PHP frameworks to build REST API service.
You can create and develop the application on local and then deploy to Azure Web Apps. Please refer to https://azure.microsoft.com/en-us/documentation/articles/app-service-web-php-get-started/ for more info.
And there several vendors provide MySQL services on Azure. ClearDB is a BaaS on Azure for MySQL. You also can use the VM to host your MySQL Service. E.G. MySQL by Bitnami and MySQL by Docker.
Currently building a hybrid app. using Ionic Framework with PHP for backend services
I am having a case where a user has got his profile in Web app and Mobile App as well.
If the user adds two stories as favourites (Its kind of a reading app) from his mobile app or Web app,how do I sync that?
Here are the scenarios:
1) User marks the stories favourites from web app and when I come online through mobile app, display it.
2) User marks the stories favourites from mobile app when he is offline(Now this will be stored in LocalDB). So again when he comes online sync with the server?
I know there are services like Firebase which provides syncing service.
But What If I would want to develop a Custom Syncing service on my own for my application? Is that an extremely complicated process?
If yes and it can be developed ,then how should I proceed ? A basic idea? What are the best practices that I should consider?
Any links would be appreciated?
I know some of the comments recommended CouchDB in combination with PouchDB. That is a much better solution than trying to implement your own synchronization service with MySQL.
However, since you're using Ionic Framework you can also use Couchbase. Take the following example application:
https://github.com/couchbaselabs/TodoLite-Ionic
If you chose this solution you would have three moving parts. You would be replacing MySQL with Couchbase Server and running the Couchbase Sync Gateway to orchestrate any data between the device and the server. You can still keep your PHP backend if you have a web version of your application as there is a PHP SDK for Couchbase.
Two write-ups on this can be found here:
http://blog.couchbase.com/using-couchbase-in-your-ionic-framework-application-part-1
http://blog.couchbase.com/using-couchbase-in-your-ionic-framework-application-part-2
In the long term, you're going to find NoSQL much more pleasant to work with when it comes to APIs and mobile than MySQL.
Can be useful to write a POST method on the backend that receives the data from your local from the app and some user data (session, access tokens and other thing you considered neceasary). On the body for the request you include the data needed to be synced. The backend takes the body. Parse it and rreturn a result (http code) Based on that you can decide if the app should delete the local data or only mark it as synced on the local database