HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Creating Android/iPhone apps through the use of JSON

2»

Comments

  • rbrahmsonrbrahmson ✭✭✭

    Yes I did - apparently you remember what I did better than I do;-)

  • phreakphreak MVP
    edited May 2016

    @rbrahmson: Even with an improved API it won't be possible to grow a whole Vanilla Forums App on Ionic. Ionic does a great job from what can be seen until now (just recently beta CSS theming was integrated) but to make a community app to ramp up to other social network/forum apps it needs more. I have looked into many options, neither any if them fit properly. So i do the community apps development based on Vanilla all native.

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • LincLinc Admin
    edited May 2016

    There's actually a really big elephant in the room no one's mentioned: Vanilla doesn't use proper sessions yet and is wholly cookie-based. Therefore, you can't use our authentication outside of a web view anyway. Doing a native API mobile app would require distributing your admin access token, which isn't safe at all.

    We're going to move to session-based authentication, probably this year, but I don't see a way around this currently.

  • R_JR_J Admin

    But wouldn't it be possible to authenticate via curl?

  • LincLinc Admin
    edited May 2016

    @R_J said:
    But wouldn't it be possible to authenticate via curl?

    How do you intend the authentication to work for each subsequent request? Vanilla natively wants to read a cookie sent with each request to see if you're authorized. You can sign in - and your cookie is never set because it's cURL.

    Spoilers: You can technically do this by including the embed SSO token with every single request, but it's not a good dev experience (least of all because it requires an SSO provider) and a bit of a hack.

  • rbrahmsonrbrahmson ✭✭✭

    I'm not sure I understand, because this is not my area of expertise. Is it not the case that by using APIs one is gaining access to Vanilla but without the benefits of the plugins (which I believe is one of the major strength of the platform)?

    If so, then I can only see a native app solution that interprets the rendered Vanilla info (html,json, etc.) and redisplays it on the phone as it wishes (I emphasize "as it wishes" to clarify that it is not merely a web view). Also, if this supposition of mine is correct, would it not also solve the issue of authentication (as Vanilla would render the info exactly as it does to a web browser and won't even know it is not rendering to a browser)?

  • LincLinc Admin

    API calls would still trigger relevant plugin hooks. When you're requesting JSON, then obviously HTML-based hooks in views will not fire.

    would it not also solve the issue of authentication (as Vanilla would render the info exactly as it does to a web browser and won't even know it is not rendering to a browser)?

    No, because you would be requesting that info either as 1) a guest (no cookie) or 2) a super-admin via token (no restrictions).

  • rbrahmsonrbrahmson ✭✭✭

    I looked a bit at App Inventor for Android and saw some examples of how it parses json to extract data and do its own rendering and logic. It works through an internal Web browser component. I have no idea whether that component saves cookies but I did see that there are logic blocks that handle cookies. I also saw sample code that handles logins. Even if this would work it clearly is android only solution.

    I do like that app inventor is an open source solution (MIT labs) and that there are plenty of sample code contributions on the Web. Obviously this needs more research.

    @Linc - can you elaborate a bit which hooks would no be called on json requests?

  • R_JR_J Admin

    @Linc said:

    @R_J said:
    But wouldn't it be possible to authenticate via curl?

    How do you intend the authentication to work for each subsequent request? Vanilla natively wants to read a cookie sent with each request to see if you're authorized. You can sign in - and your cookie is never set because it's cURL.

    Bow to King CURL!

    curl \
      -b cookis.txt \
      -c cookis.txt \
      https://vanillaforums.org/entry/signin \
    
    
      signin.html
    
    
    TransientKey=$(grep -oP '(?<=id="Form_TransientKey" name="TransientKey" value=").*?(?=")'  signin.html)
    ClientHour=$(grep -oP '(?<=id="Form_ClientHour" name="ClientHour" value=").*?(?=")' signin.html)
    
     echo $TransientKey
     echo $ClientHour
    
    curl \
      --verbose \
      -X POST \
      --data \'Checkboxes[]\'=RememberMe \
      --data ClientHour=\"$ClientHour\" \
      --data Email=linc \
      --data Password=..................... \
      --data RememberMe=1 \
      --data \'Sign In\'=\'Sign In\' \
      --data Target=\"/\" \
      --data TransientKey=$TransientKey \
      -b cookis.txt \
      -c cookis.txt \
      https://vanillaforums.org/entry/signin
    
    curl \
      https://vanillaforums.org/profile.json?DeliveryType=view \
      -b cookis.txt \
      -c cookis.txt \
    
    
      profile.json
    
    
    grep -io linc profile.json
    
  • phreakphreak MVP
    edited May 2016

    The process to wrap Vanilla sessions around external services is not trivial but we managed to create a back and forth communication with cookies on every request for the Vanilla apps we are working on. We basically use a mix of techniques to approach all the necessary data and actions. Starting from the regular .json implementation, to Kaspars API up to parsing stuff. It's a colorful carpet hacked nicely and as clean as possible together. ;)

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • LincLinc Admin
    edited May 2016

    I want to create a :dizzy: reaction for @phreak's post. =)

  • Yep! I am known as confusing and warm-hearted. o:)

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • This post was from back in 2017. Is this still the route one is supposed to use even with the New API V2 ?

Sign In or Register to comment.