An unofficial Android and iOS App to search TU Wien employees and students.
Download the latest release for Android.
Warning While the data this app displays, comes from an official TU Wien API, the app itself is not official!
- Search TU Wien employees and students wihout opening TISS
- Search by matriculation number, or name
- Filter search results
- Optional login (needed to get student information)
- Dark and Light Mode
So, I currently implemented all features I can think of. However, I will still maintain the app and update it to be compatible with future OS versions.
If you have ideas for new features or bug reports, feel free to open an issue.
- Install Flutter
- Clone this repository or download it.
- Connect your phone to your computer.
- Open the repository in your terminal.
- For Android run:
flutter build apk --release && flutter install
For iOS you need to sign the App yourself to use it. Here is a Guide on how to do this.
While there is undocumented flag locale which you can set to english to get
english results from the API, it can still happen that TISS returns german
results.
I know 😔
There is just nothing I can do about it, because the App gets them from the TISS
API.
Again, there is nothing I can do about it as the API response just take a long time. However, I figured out, the more specific you are, the faster the responses are.
Actually, there is an official TISS REST API. While the API is public (or semi-public, but I will come back to this later), the documentation is not, so you need to be able to login to TISS.
However, if you don't have access to TISS, don't worry as many aspects of the API are not documented anyway. For example, there is no documentation about what the response json looks like or that you can set the language via a query parameter or that you will only receive student information if you are logged in.
To search people on the API, I use the /api/person/v22/psuche endpoint.
Here is a full example:
https://tiss.tuwien.ac.at/api/person/v22/psuche?q=Panholz&max_treffer=50
Here is a list of all query parameters:
| Name | Type | Datatype | Description |
|---|---|---|---|
| q | path | string | Searchterm |
| intern | query | bool | If internal persons(like students) should be included. This only works if you are logged in. Default is false. |
| max_treffer | query | int | Upper limit of results. Limit is 100, Default is 15. |
| locale | query | string | The language of (some?) fields of the result. It uses 2 letter codes like "de" or "en". Default is ???? |
So most sane developers, would design the authentication process of an API with an API-token or maybe just let you send the username and password with every request. (API-token is the way better solution)
Unfortunately, I couldn't find anything like that, so we will do it like the Webinterface with cookies, parsing HTML, parsing URLs, following redirects and many more cookies.
Sounds fun? I guarantee you IT IS NOT!
Many requests will set you a cookie, so just save them and if you do a request in the future to the same domain just send them with the request.
First start with a GET request to
https://tiss.tuwien.ac.at/admin/authentifizierung. The server will answer with
the status 302 (Redirect). Now you follow multiple redirects (like 5 or 6)
until the server finally answers with 200 (OK).
Now parse the URL on which you finally landed on, because in the URL should be
a query parameter called AuthState which we need to save for the next request.
Next, we need to make a POST request to
https://idp.zid.tuwien.ac.at/simplesaml/module.php/core/loginuserpass.php.
The data we send with that request is form-encoded and there are the following fields:
| Name | Content |
|---|---|
| username | your TU Wien username |
| password | your TU Wien password |
| totp | empty (This field is for Two Factor Authentication |
| AuthState | the AuthState we collected in Step 1 |
The server should now respond with HTML. In this HTML is a Form with two hidden
fields: SAMLResponse and RelayState. You now need to parse the HTML and get
the content of both fields and save them.
Make a POST request to https://login.tuwien.ac.at/auth/postResponse with
the following form-encoded data:
| Name | Content |
|---|---|
| SAMLResponse | the SAMLResponse from Step 2 |
| RelayState | the RelayState from Step 2 |
The server will respond with status 303 (Redirect), save that url.
With GET requests follow the redirects until the server responds with
200 (OK), starting with the location we got at the end of Step 3.
While following these redirects the server will eventually set you cookie called
TISS_AUTH. This is the one you wanted needed all along. Now, all you have
to do is make requests to the TISS API and send this cookie with them.
🥳 🎉