I have an app in the App Store that uses geofences to post updates to our local API. To date, this has been a smashing success. A couple months ago I installed Flurry to get some insight into customer usage and any unhandled exceptions out there. What I started getting back were some errors pertaining to the saved token we use to authenticate the user id.
This token is an MD5 salted hash of the username and password. No issues here, we use it for everything in the app. I store it in the NSUserDefaults and retrieve it before every API call. As we started narrowing down our search for the culprit, it is showing that we are sending a token that doesn’t exist anywhere on our servers. When the user trips a geofence, it updates their status automatically, but a very small percent has been failing in the background causing some customer concerns.
Sorry for the long precursor, on to the question. What would cause my value in NSUserDefaults to get loaded to an NSString differently from one time to the next? I have tested the logic, it will update me 3 times in a row when I show up for work, but the 4th, I’ll get a token failure error back from the server. There is no rhyme or reason to why it fails. Our server is logging these failed tokens and we can’t match them up to anything.
So if anyone has any insight on this matter, I would very much appreciate it. Could it be messing up when I store it to NSString? Could it be some inconsistencies with my POST method? It might even be on our server, I dunno. I’m hoping everyone on SO can lend a hand and help me get some new insight. Thanks in advance.
//Loading the token... done this way for EVERY API call
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
NSString *token = [defaults objectForKey:@"token"];
Code taken from my API class
//My POST method for updating our API
NSString *requestData = [NSString stringWithFormat:@"?auth_token=%@", token];
NSData *myRequestData = [NSData dataWithBytes: [requestData UTF8String] length: [requestData length]];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString:[NSString stringWithFormat:@"%@/api/user.json%@", webAddress, requestData]]];
[request setHTTPMethod: @"POST"];
[request setHTTPBody: myRequestData];
NSData *jsonData = [NSURLConnection sendSynchronousRequest: request returningResponse: nil error: nil];
NSString *json = [[NSString alloc] initWithData:jsonData encoding:NSUTF8StringEncoding];
NSDictionary *payloadData = [json JSONValue];
if([[payloadData objectForKey:@"success"] boolValue]) {
// if i get here, successful update
} else {
// update unsuccessful, error message returned... bad token
}
I don’t want this question to linger out there and waste anyone’s time or energy. After some recent testing, I don’t believe my issue is with the user defaults or the saved token. There are already answers out there, so I can’t delete the question. So I’ll just leave a small answer here and close it out.
I ended up moving all the login credentials to the iOS keychain. I salt and hash the email and password each time I need an API token. It creates a little more overhead for each API, but knowing my users’ credentials are safe and secure is probably worth it. I still have my issue, but I think I’m getting closer to nailing it down. Thank you to anyone that has looked at my question.