Archive for August, 2009

OAuth authentication from a mobile device

Monday, August 31st, 2009

I wrote a post a couple of weeks ago in which I whined about the difficulties in creating a good user experience for a mobile client that authenticates with an OAuth provider.

I was pleasantly surprised (and a little honoured!) to get a comment on the post from Chris Messina reminding me that the way to address the usability issue isn’t to revert back to using usernames and passwords, but for us to all work to improve the usability of OAuth.

Sufficiently inspired, I went back and had another go.

It’s still not quite there, but I think it’s better.

As Andy pointed out last time, not everyone has a Windows Mobile device to try my code on, so this time I tried recording a screen capture of it.


(Another!) Mobile app to share where you are

Saturday, August 29th, 2009

Mobile location sharing is something that I keep coming back to: from finding where my phone is using GPS, Bluetooth, WiFi Access Points, GSM Cell Ids, using my own hand-rolled systems or newer services like Google Latitude, dopplr, OpenCellID and Brightkite.

There is something about the promise of location-based apps which I find very exciting.

This is my excuse, at any rate, for sharing my latest bit of tinkering. 🙂

The stuff that I’ve tried so far has been focused on long-term sharing – apps intended to run in the background on your phone all the time, sharing your location with a pre-arranged list of friends and family who have signed up to the same service.

I’m playing with an app which comes at this from the other angle: an app for specific occasions to share your location. Not something to run in the background all the time, but an app to use when you want to let someone know where you are – a specific person. This could be a friend or family member, or a colleague or client (perhaps someone who hasn’t signed up to any service that you have).


Accessing authenticated Google App Engine services from a .NET CF client

Monday, August 24th, 2009

Google App Engine (GAE) gives you an easy way to build and host web applications for free.

For any address you specify in your GAE app, you can require users to be authenticated. For example, if you have this in your app.yaml:

- url: /authme
  login: required

When a user goes to in their browser, they get taken first to a logon page and promtped for their google username and password.

Only if they authenticate correctly will Google pass them back to your page, and let them access your /authme page.

(This is kinda nice, because as a GAE app developer, you shouldn’t need to see the user’s password. Although, I guess most users won’t make a distinction between typing in their username and password into the login page and into a login form on an page.)

If you are writing browser-delivered apps, this is all fine and works as described. This is slightly trickier if you are writing a web service that you want to be accessed by a client app. I wanted to access a GAE web service from a mobile client – this is how I’m doing it.


Stripping out MIME headers

Tuesday, August 18th, 2009

A couple of years ago, I wrote a small plugin for Outlook Mobile (the version of Outlook that you get on Windows Mobile phones) to help me triage my emails.

The idea was to make it quicker to process my email from my phone, by adding a couple of context menu items to emails that let you create a new To Do item in Outlook Tasks, or a new diary entry in Outlook Calendar.

So if someone sends you an email asking you to do something, with one tap you can create a new To Do list item, pre-filling it with information from the email.

And if someone sends you an email about an event or meeting you need to go to, with one tap you can create a new Calendar item, prefilling it with information from the email.


Where did your electricity come from?

Monday, August 17th, 2009

Where did my electricity come from?It’s been a while since I posted about CurrentCost stuff, so time to share another little idea.

Last night I made a start on adding a new graph type to my CurrentCost application.

Instead of only displaying how much electricity you’ve used, the new graph displays the split of how that electricity was generated.

Realtime figures for the “energy mix” of ratios of different generation methods used in the UK National Grid are available in an XML feed that updates every five minutes.


Pub/Sub for Child Protection

Saturday, August 15th, 2009

I went on a training course yesterday to learn more about the Independent Safeguarding Authority (ISA). ISA is the public body that will be responsible for registering and vetting people who work with children. It was created by the Government in response to the Bichard Inquiry that followed the Soham Murders.

There was way too much covered in the course to fit in a single post, but there was one particular bit worth mentioning.

The biggest limitation with the existing CRB (Criminal Records Bureau) checks is that it’s a snapshot – a one-off check.

It’s a piece of paper that tells you that the owner had no convictions at the time the paper was printed. But it doesn’t tell you if the owner went out and committed a crime the day after the paper was printed. If a CRB check isn’t repeated for a few years, it can be years before this is discovered.

ISA registration is different. Once registered, someone is continually monitored.


Authenticating with an OAuth 1.0a provider from .NET CF

Friday, August 14th, 2009

Last night, I shared my first stab at a mobile Fire Eagle client: a Windows Mobile application which posts location updates to the Yahoo! Fire Eagle service.

A couple of the bits of code were fiddly, and are worth sharing.

In this post, I’ll outline how I perform the code behind the OAuth authentication I described in my last post. Hopefully, this might help anyone else wanting to do something similar.


A Fire Eagle updater for Windows Mobile

Thursday, August 13th, 2009

I wrote a Fire Eagle web service at Open Hack London a few months ago – that gave a nice, mobile-friendly way to share your current location, as stored in Fire Eagle.

Last week, I finally got round to updating my Fire Eagle Guest Pass web service to use the newer OAuth 1.0a.

This got me thinking that I haven’t used it very much since writing it in May… because while it let me share where Fire Eagle thinks I am, I didn’t have an easy mobile-friendly way to tell Fire Eagle where I am in the first place! 🙂

So while I had “how to do OAuth” fresh in my mind, I thought I’d start writing a quick mobile Fire Eagle client.

I wrote it in C# for Windows Mobile. There are a few interesting points in the code that deserve their own blog posts, but first I wanted to quickly show what I’ve got working so far.