I'm building a Chrome kiosk app that will be in a public space. Users can interact with the app, but there are a variety of settings (server addresses, timeouts, etc.) that need to be set. I'm looking for a strategy on how to allow access to that administration config.
On first run - This is straightforward, but I want administrators to be able to pull it up again.
Detect if the app ran as a kiosk app or manually - This would kind of work, not sure if it's the greatest
Detect some key combination - Ctrl + Alt + Something switches over to the settings page, this feels like people could stumble on it accidentally.
Is there another approach I'm missing?
If your Chrome device(s) is managed you have a further option which is to use the Chrome App Management area within the Google Apps admin interface.
To do this you code your app to use the storage.managed API and this should allow a Configure section for your app within Chrome App Management.
I haven't tried this myself yet but this appears to be the way the Chrome Sign Builder app is configured with its schedule.
Another approach would be to have an administrator login button in a corner of the app. You can set a default password for administrators, which could then be changed in the settings dialog.
You can also think of combining suggestions you have made, first run and then a key combination, and this could bring up a password prompt as also suggested. For an example of this see the Zebradog Kiosk app which is in GitHub so you can see code of how this could be done.
I use ctrl-alt-S at boot. This allows me to login and make changes. I know you have to do a couple of reboots, but it is out of service during admin time anyway.
Related
My question is not about Docs only, but about Drive. I developed a web app, published for executing by users accessing the app, with access for everyone. and when I follow the given link by myself, I see pop-up for granting the access to my app. And after it my script starts for me.
But if I try to choose another account (for testing purposes) when the app asks me for granting access, I do the same, there appears "Authorization successful" for a moment, pop-up closes, but immediately appears again, and asks for permissions, and so on again and again like in a loop. When I check account settings I see that the app has access, but it doesn't start.
Remarkably, that while developing, I tried to launch it many times by different accounts and it worked fine then.
When I use incognito tab, it asks me to login, and having it done, I succeed to start the app. But when I try to start with usual browser tab a pop-up is appears and asks to review permissions. Clicking "review permission" it asks me to login offering my default account (which I use to develop and which launching process is ok), and choose another.
It is a bug, see here
The behavior is well known and is already been worked on.
I recommend you to give it a "star" to increase visibility and hopefully speed up the process.
In the meantime, the only workaround is either not to be signed in with multiple accounts simultaneously or to use incognito mode.
Please I developed my mobile app and is primarily using localStorage for storing account info and some other info. The app has mobile and browser version.
For the browser version, I expect a user that is logged in to not be redirected to an auth page on browser restart. This works fine as my info are stored in localStorage. On the other hand, my mobile doesn't. User have to log in whenever he restart the app.
Please what option do I have? What option do developers use for the mobile storage? Do I have to use database? If so which one should use and where can I find a better documentation on this topic?
Note: I am using Cordova for my mobile app development framework.
For some reason, localStorage is tied to browser history. Some mobile browsers have an option to erase browser history on exit. If that box has a checkmark in it, then localStorage gets purged along with browser history everytime the browser is closed! So, you can ask the user to go into Settings and uncheck that box. Note: localStorage is not supported by older IE browsers, Opera Mini, and some Blackberry devices.
If cookies are enabled, you could use a one-time cookie code to log the user in automatically, but that cookie must expire after first use. Once the user is logged in, the server must issue a new cookie code to the client. And the client can use that new cookie to log in once again or keep alive the session. Using the same cookie twice should not work for security reasons. And the server must make sure never to issue the same code to two different users!
I remember, about 10 yrs ago, I went online to check my emails, and immediately the site had me logged into another user's account! I could have read that person's private emails and stuff, but I decided not to. I reported the incident to the admin. The problem was probably their server issued a random quick-login access code to me, and another user somehow got the same access code that I got. And when I opened the website, it thought that I was that other person. If your site deals with money and credit cards, you should avoid this technique! Any kind of auto login is a bad idea for a bank!
There is a plug-in to store data in an SQLite database using Cordova in this link
. You can find more details about storage with Cordova in the doc.
Save your data by using the following:
localStorage.setItem("variable", value);
Retrieve it from localstorage by using the following:
localStorage.getItem("variable");
It is as simple as it is.
Reference here.
Chrome is auto-filling the credentials, but not log me in until I click login. How to automate? (windows, non-google websites).
Using the Chrome Identity API you can have Chrome (on desktop and Android) automatically attempt to log in the user when they hit your page, even if their session has expired.
Following is a workflow diagram of how it works, but the details can be found in the Google Authentication API: Let the user automatically sign back in section:
It is not the browser's responsibility to auto-login to websites. This is the responsibility of the website you are accessing. The browser can remember form data and auto-fill for you, as can various extensions like LastPass.
However, in order to actually auto-login, you must first login to the website you are trying to access and enable the option they provide, often called 'Remember me?'. The website would typically use a cookie to store the credentials (securely with a hash + salt), and if the cookie still exists (not cleared from the browser or expired), and the hash of real password in database matches the one in the cookie, the website will auto-login.
You could force the browser to try and auto-login with extensions, which are essentially macros. You could try Auto Login or iMacros extensions for this. I would generally avoid this though.
Anyone else stumbling into this thread from a google search.... you can do this with autohotkey. If you browse to yourbankhere.com and chrome fills in the user/pass, you can have autohotkey perform a mousemove then a mouseclick to click the login button.
I built some widgets and uploaded on my local marketplace, is there a way to share that?
And better is it possible to share a Mashup (the widget composition) without giving the
possibility to wiring to the user?
I mean the user should use an application layout without change anything.
You can make public your workspaces/dashboards following the steps documented in the user guide. Only the owner of a workspace will be able to modify it. I think this is what are you searching for.
Another option is to create a packaged mashup using the "Upload to my resources" option in the editor view:
Take a look to the "Advanced" tab, where you can block widgets (make them unremovable), block connections (make wiring connections unremovable) and embed used widgets/operator (by default packaged mashups depends on the user having installed all the required widgets/operators. This way you can distribute the widgets and operators used by the mashup in the same package).
However, take into account that this method is meant for sharing mashup templates, the user will always be able to add additional widgets and create new connections in the wiring view.
Once packaged, mashups/dashboards (and widgets and operators) can be uploaded to a WStore server (e.g. to the Store portal provided on FIWARE Lab) for sharing them with other users. The steps for making this is also described in the WireCloud's user guide.
I have the problem, revisited.
I have set up a working Marketplace instance (v2.3) but am unable to integrate it with Wirecloud. The marketplace is correctly registered but all the requests i am making to this Marketplace are throwing 502 error, even though i am actually able to see some results when querying the Marketplace server through a browser.
Indicatively, i can issue a GET command at http://:8080/FiwareMarketplace/v1/registration/stores/ and get an answer, but Wirecloud's internal APIs return a 502 (Bad Gateway).
Any idea on what might have gone wrong?
PS: This happens for WC v0.6.5. When upgrading to a newer (Beta) version of WC, everything seems to be performing as expected, i.e. the marketplace is correctly inserted and the stores are correctly retrieved and processed.
I am building a packaged chrome app (It is needed as I want to access chrome.socket). I have a website from which I would like to call my app (if installed or ask the user to install it) by clicking a link. Is this possible ? Not able to find any easy way for this workflow.
The url_handlers might be the best way to achieve this.
You can also use the externally_connectable manifest property to declare that your website can connect to your app, then call chrome.runtime.sendMessage or chrome.runtime.connect from your webpage and handle it in an chrome.runtime.onMessage handler in the app.
Which one is better suited depends on your needs. The url_handlers is an easier way, but it will permanently assign the URL on your link to your app, so you won't be able to use it for anything else if the app is installed. The externally_connectable is a harder way, but it enables a much more elaborate bidirectional communication between your website and the app.
You can even use a combination of the two approaches, if you need: launch the app using the url_handlers feature, then establish a communication channel back to the website once the app is up and running.
Apps can now (as of Chrome 31 I believe) register to handle urls by adding url_handlers in their manifest and detecting the url causing the app to launch in the chrome.app.runtime.onLaunched event. If the app doesn't launch, your hosted web site will be loaded an can present an inline installation with chrome.webstore.install.