Problem while trying to login with webview authenticate: webView: callback:

[soufianeEssabbane]

Hi, can anyone please explain to me what is the problem ?I Do clean the cache but nothing ...

Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be completed. (NSURLErrorDomain error -1012.)" UserInfo=0x18807a90 {NSErrorFailingURLKey=http://www.tumblr.com/oauth/request_token?oauth_callback=tumblrauthbeapping%3A%2F%2Ftumblr-authorize, NSErrorFailingURLStringKey=http://www.tumblr.com/oauth/request_token?oauth_callback=tumblrauthbeapping%3A%2F%2Ftumblr-authorize, NSUnderlyingError=0x18807ae0 "The operation couldn’t be completed. (kCFErrorDomainCFNetwork error -1012.)"}

[soufianeEssabbane]

CGRect frame = delegateApp.window.bounds;
UIWebView * tumblrWebView = [[UIWebView alloc] initWithFrame:frame];
tumblrWebView.tag = 198805;
[tumblrWebView addSubview:[self closeViewBtn]];

[TMAPIClient sharedInstance].OAuthConsumerKey = TUMBLR_CONSUMER_KEY;
[TMAPIClient sharedInstance].OAuthConsumerSecret = TUMBLR_CONSUMER_SECRET;
[[TMAPIClient sharedInstance] authenticate:@"tumblrauthbeapping" webView:tumblrWebView callback:^(NSError *error)
 {
     [[delegateApp.tabController.view viewWithTag:198805] removeFromSuperview];

     if (error)
     {

     }
     else
     {

         [[TMAPIClient sharedInstance] userInfo:^(id result, NSError *error) {
             if (!error)
             {

             }
         }];
     }
}];

[soufianeEssabbane]

Can anyone tell me what i'm doing wrong please ?

[soufianeEssabbane]

i think it's a cache problem, when i delete my app and run it again in my device the problem is solved. after a connexion attempt with annulation, back to the same problem ... "The operation couldn’t be completed....."

[segiddins]

Please usages questions such as this one in the appropriate forum, i.e. StackOverflow.

[soufianeEssabbane]

thanks for replying =)

"Bryan Irace ‏@irace 5h @esSoufiane Please make an issue that includes the code you're using, thanks!"

[irace]

@soufianeEssabbane Authenticating via an in app web view is currently unsupported. I know I linked you to a fork that adds support for this, but since it's not a problem in our SDK explicitly, I don't have time to debug someone else's code at the moment (iOS 8 = crunch time).

That said, I would love to add proper support for in-app web view authentication, so this is something I'm interested in figuring out.

Have you tried using the existing three-legged OAuth mechanism? If you don't have any problems with that, you should probably just go with it for now.

Not sure what kind of caching your UIWebView is being subjected to, but once the user has authenticated, you should just store the tokens and use them directly, rather than making more network requests.

[soufianeEssabbane]

Thank you again for replying I understand the fact that your time is precious specially right now with the coming of the iOS8. I'm just interested in figuring out why it doesn't work (I did everything right, since the implementation is easy, nice work), i want just to mention that if the authenticaton fail (for any reason) it never work again tell you uninstall the app and launch it again or you got the error message mentioned in this post. I'm already using the OAuth mechanism with redirection to Safari in another app and it works just fine (and thank you for that), but in this new app we are trying to keep the user in the app (doing the same with other social netwroks) and since TumblrSDK is not supporting the authenticating via an in app view i'll just keep using the three-legged OAuth for the moment.

Thank you & have a good day

[irace]

I'll certainly dig into this deeper once things quiet down a bit.

[pranavss11]

Any chance you can point me to this fork as well?

[irace]

@pranavss11 https://github.com/felixmo/TMTumblrSDK/

[pranavss11]

thanks.

[pranavss11]

I dug into it a little bit: Seems like once you call the authenticate method (request_token and then open the authorize url in the webview), and then if you close the webview (delete cache, cookies) and then call the authenticate method again (which means it should be a fresh start in theory), the request_token returns a "oauth_signature does not match expected value".

@irace - Our app supports multiple tumblr logins so if you have any insights, let me know. In the meantime, I'll keep digging.

[LarryRen]

Still have the same error even add: request.timeoutInterval = 10; request.cachePolicy = NSURLRequestReloadIgnoringLocalCacheData; request.HTTPShouldHandleCookies = YES; request.HTTPShouldUsePipelining = YES;

before sendAsynchronousRequest for the request token

[pranavss11]

@irace Is there a "logout" API call to reset the signature for the client? It seems like once you get the request token setup, you need to save that token and keep reusing it for Tumblr to work (Which means I can't do multiple accounts without logging out of the first one). In twitter, there's a force_login which is the reason why twitter works fine with the same code.

[irace]

@pranavss11 You can "logout" by just nil'ing out the OAuthToken and OAuthTokenSecret properties of your TMAPIClient instance

[LarryRen]

@irace Have you tried the webview method? If you set nil to OAuthToken and OAuthTokenSecret then you would never get that again because the error 1012 will block you at the beginning of the OAuth.

I remember some time ago, no matter how many times I tried to start the login process, I was always directed to the authorisation page. Things become different now. Is there any changes on the OAuth processing if I use in-app webview?

[irace]

@irace Have you tried the webview method?

No, I haven't. The web view method is not officially supported and I haven't had a chance to play with it.

[pranavss11]

It definitely feels like there's been some changes on how oauth processing. @irace, is there anyway you can dedicate a little bit of time and look at this? I might need to remove tumblr completely from my app if I can't do multiple logins through web view.

Thanks, Pranav

On Sep 23, 2014, at 6:42 AM, Bryan Irace notifications@github.com wrote:

@irace Have you tried the webview method?

No, I haven't. The web view method is not officially supported and I haven't had a chance to play with it.

\ Reply to this email directly or view it on GitHub.

[irace]

It definitely feels like there's been some changes on how oauth processing.

Can you elaborate on what you mean here? With examples from the production version of the SDK, not the forked version that adds web view support.

I might need to remove tumblr completely from my app if I can't do multiple logins through web view.

I'm sorry to hear that but again, this is not behavior that we currently support. I'd love to help out but it's pretty low on the priority list compared to many many many other things at the moment.

[soufianeEssabbane]

@pranavss11 Hi, I had the same problem, can u please explain why do u exactly need the authentication using a uiwebview instead of safari ? maybe we can figure it out

[pranavss11]

There's a couple of reasons:

1. It's a design requirement
2. If you login through safari, the user has to log out and then log back into a different account. I want the user to be able to connect/link to multiple tumblr accounts without having to log out through safari.
3. We also have other logins in the app - Twitter, Instagram etc and they are all done through web view - so consistency.

@irace - here's what's weird (and this differs from Twitter oauth):

1. Do the request_token call
2. Go to the authorize url with the token that you now have in a web view.
3. Clear cache for the web view, delete cookies
4. Do the request_token call again.
5. you get an error -1012. If you print out the error description from tumblr, then it returns oauth_signature does not match.

In case of Twitter, step 4 works.

On Sep 23, 2014, at 8:50 AM, soufianeEssabbane notifications@github.com wrote:

@pranavss11 Hi, I had the same problem, can u please explain why do u exactly need the authentication using a uiwebview instead of safari ? maybe we can figure it out

\ Reply to this email directly or view it on GitHub.

[Ushio]

Hello, I have same issue. I think this problem caused by "https". Secondary "request_token" is changed to "https" from "http" ( note: I can't understand this behavior) So oauth_signature is wrong.

This behavior is vary vary strange..., so I will use safari.

here is screenshot, I debug by Charles.

[pranavss11]

Ushio - you just solved the problem!

everyone - preliminary testing shows that changing the url for request_token from http to https for all requests solves the web view problem. Looks like tumblr rejects the signature the subsequent times coz it wasn't https.

Pranav

On Sep 25, 2014, at 4:03 AM, Ushio notifications@github.com wrote:

Hello, I have same issue. I think this problem caused by "https". Secondary "request_token" is changed to "https" from "http" ( note: I can't understand this behavior) So oauth_signature is wrong.

This behavior is vary vary strange..., so I will use safari.

here is screenshot, I debug by Charles.

\ Reply to this email directly or view it on GitHub.

[pranavss11]

For anyone who wants to try to see what I'm doing:

https://github.com/pranavss11/TMTumblrSDK

I've gone ahead and followed the STTwitter (https://github.com/nst/STTwitter) route:

Usage:

1. I do init on TMTumblrAuthenticator (I'm not using sharedInstance()).
2. Set the OAuthConsumerKey and the ConsumerSecret.
3. postTokenRequest.
4. I get a url on success, which I call with the webview (I set the oauthcallback to some string/internal server url that we have)
5. in my "shouldStartLoadWithRequest" for webview, I check the URL and see if it contains my oauthcall back, and then parse the oauth_token and oauth_verifier.
6. I call the postAccessTokenRequest which returns oauthToken and oAuthTokenSecret (Please note: I am not handling userID, screenName at the moment, but you guys can add it if you want).

[irace]

After thinking about this more, authentication via in-app web views is generally not a practice I want to encourage, for security reasons: http://furbo.org/2014/09/24/in-app-browsers-considered-harmful/

Obviously you can still build this, but I'm not sure it'll ever be part of the SDK proper, and I think your users would be right to be skeptical despite the slightly more convenient user experience.

[stoncle]

@pranavss11 @Ushio really thanks that you solved my problem -1012. I also working on authenticating tumblr with webview for quite a long time without success, you really help me! but @irace reminds me if doing authenticating with web view will be harmful for our user data, so I'm considering if we should continue using web view to authenticate. But I must admit that using safari is really bad experience..

[ghost]

@irace my app just got rejected from apple for using authentication in safari instead of a web view.

[irace]

@irace my app just got rejected from apple for using authentication in safari instead of a web view.

That's horribly disappointing :cry:

[ghost]

@irace to be precise:

We found the following issues with the user interface of your app: The app opens a web page in mobile Safari for creating an account or logging in, then returns the user to the app. The user should be able to create an account or log in without opening Safari first.

which violates item 10.6 of the app review guidelines.

to solve the problem i requested xauth access for my app from tumblr, but have not heard anything yet.

[chockenberry]

@irace @justuskandzi:

We got the exact same rejection/message during App Review. And fought it. And lost.

http://furbo.org/2014/09/24/in-app-browsers-considered-harmful/

[soufianeEssabbane]

Hi, Don't use tumblr as a first authentication system, you can let user login with email & password or another inApp login using x social network. then in the app u can ask the user to login with tumblr and link it to that account ...

2014-10-16 16:23 GMT+00:00 Craig Hockenberry notifications@github.com:

@irace https://github.com/irace @justuskandzi https://github.com/justuskandzi:

We got the exact same rejection/message during App Review. And fought it. And lost.

http://furbo.org/2014/09/24/in-app-browsers-considered-harmful/

— Reply to this email directly or view it on GitHub https://github.com/tumblr/TMTumblrSDK/issues/67#issuecomment-59389152.

[brennanMKE]

It would be great if Tumblr on iOS did allow for logging in with multiple accounts and let third-party apps select which account to connect via OAuth. I like how Pocket allows for linking Tumblr. I'm working on an app and we'd like to make it very easy for people to be able to post to Tumblr via the API, though maybe the iOS 8 sharing extension will be sufficient.

[irace]

It would be great if Tumblr on iOS did allow for logging in with multiple accounts and let third-party apps select which account to connect via OAuth.

I totally agree, though there isn't currently a plan to add this.

[judikdavid]

I've got the same App reject as @justuskandzi : "The app opens a web page in mobile Safari for logging in with a Tumblr account, then returns the user to the app. The user should be able to create an account or log in without opening Safari first." and we've also requested xauth access about two month ago, still heard nothing back.

I think this way TMTumblrSDK pretty useless for authentication right now :(

[irace]

This is super depressing.

[irace]

I've just pushed TMTumblrSDK 2.0, which sadly removes support for the (actually secure) three-legged, Safari-based OAuth flow.

For now, please use an in-app web view that you either implement yourself, or the one found in this fork.

We do have plans to provide better mechanisms to authenticate with Tumblr but unfortunately I can't give a timeframe for that at the moment.

[calsmith]

Has there been any progress with this? I have requested xAuth twice (after being recommended by support to use oauth) and even linked to this thread but have heard nothing back since...

[irace]

Has there been any progress with this? I have requested xAuth twice (after being recommended by support to use oauth) and even linked to this thread but have heard nothing back since...

No, there hasn’t been. I’m going to add support for in-app web view authentication (similar to this pull request), begrudgingly. Not happy about this at all but xAuth has its own security concerns and we can’t rely on Apple changing their policies anytime soon.

We still have hopes of providing a better native solution, but for now this will have to do. I don’t have a timeframe for releasing a TMTumblrSDK update yet, but web view support will be in the next one that we do. In the meantime, please refer to the aforementioned pull request or roll something similar yourself if you have specific needs.