Valid user login

Gerrit_Marttila · September 11, 2023, 12:13pm

I have a clarification question. I’m developing an iOS app with Backendless in the background and I want to regularly check whether the login is still valid. I then use the Backendless.shared.userService.isValidUserToken function in a view and get a valid here. Later in the function an API is used and I get the error 14008 Access denied. Why do I first get a valid and then access is denied?

stanislaw.grin · September 11, 2023, 12:21pm

Hello @Gerrit_Marttila,

what API is used where you getting this error?

Gerrit_Marttila · September 11, 2023, 12:57pm

It is a custom API where I send the order to Backendless.

stanislaw.grin · September 11, 2023, 12:59pm

Do you mean Cloud Code API Service?
Could you please be more specific, it will help me to understand where exactly the error came from.

Gerrit_Marttila · September 11, 2023, 1:16pm

Yes, I wrote my own API that accepts an order containing several objects and processes it in the backend.
If the user is now logged in on the iPad and for some reason uses the password reset function on another device, then if you want to use this API on the first iPad you will get the message Access Denied.
But first I check whether the UserToken is still valid and here I get a valid one.
However, if the user logs in again and uses this custom API, then it works.

stanislaw.grin · September 11, 2023, 1:28pm

Thanks, now it’s more clear. Could you please also specify which SDK do you use?

Gerrit_Marttila · September 11, 2023, 1:30pm

I use the Backendless iOS SDK

stanislaw.grin · September 11, 2023, 1:36pm

Thanks. Our engineer will take a look into your issue and will contact you here once we have any questions or results.

olhadanylova · September 11, 2023, 3:48pm

Hello @Gerrit_Marttila,
iOS-SDK is deprecated for years now and not supported anymore.
If you’re using Swift-SDK, could you please provide the version of you use?

Gerrit_Marttila · September 11, 2023, 8:14pm

Yes, I use the SwiftSDK. I didn’t know there was another SDK. I’m developing an app using Swift and SwiftUI. The version number of the SDK is 6.5.3

olhadanylova · September 12, 2023, 10:18am

The 6.5.3 version is kinda old. There was a user token fix in v 6.7.2.
Please update to the latest version (7.0.0) to achieve all new features and bug fixes.

For now (v 7.0.0) token validation works as expected.

The correct behaviour for two devices is:

login user on the device1 and device2
call the isValidUserToken method - it should return true on both devices
restore password on the device2
call the isValidUserToken method - it should return false on both devices

After step 4 both devices will ask you to relogin because token is expired after the password restoration.

Gerrit_Marttila · September 12, 2023, 12:01pm

So I updated the framework to version 7.0.0 but the behavior is still the same.

I am logged into the app and then start the password request so that I receive an email with which I can reset the password. If I activated the function using a button, then I still get a valid one with the isValidUserToken function (I only received the email, but I haven’t reset the password yet). But when I then want to send the order to Backendless via custom API, I get 14008 access denied.

olhadanylova · September 12, 2023, 1:00pm

The user token will expire even if you call the restorePassword function without clicking the button in the email.

Unfortunately, I cannot reproduce this behaviour

logged into the app and then start the password request
If I activated the function using a button, then I still get a valid one

I described the behaviour from my app here.

Please provide a simple code sample (you can hide your AP Key and provide only your APP ID for safety).
Also please describe the steps we can follow to reproduce this problem (e.g. what credentials we can use to login).

Gerrit_Marttila · September 12, 2023, 1:11pm

Okay first I check if the Key is Valid:
Backendless.shared.userService.isValidUserToken(responseHandler: {
isValid in
print(“checkValidLogin success”)
}, errorHandler: {
fault in
print(“Error checkValidLogin: (fault.message ?? “”)”)
showInvalidLoginAlert = true
})

I then get the valid message in the console:

Then I call the custom function:

Backendless.shared.customService.invoke(serviceName: “Orders”, method: “postOrder”, parameters: parameters, responseHandler: responseHandler, errorHandler: errorHandler)
}

And here the errorHandler is fired with the fault code 14008 access denied.

olhadanylova · September 12, 2023, 1:15pm

Here

Backendless.shared.userService.isValidUserToken(responseHandler: {
isValid in
print(“checkValidLogin success”)

The isValid value not always means success. Server returns boolean true/false.
If server returned isValid = false - token is not valid.

Gerrit_Marttila · September 12, 2023, 1:37pm

ah okay I see, I thought then the errorHandler would be triggered. That was my mistake in thinking.
Great, thank you very much for the quick help!