I have two apps on my emulator device that go against the same SecurityCheck adapter for authentication. I can successfully login from both my apps. But my SSO is not working. If I login from my first app and after that I open the second app, the second app still requires login...vice versa
I have the steps explained in this tutorial:
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/authentication-and-security/device-sso/
Related
Hello Stack Community.
I'm looking for formal name of technology/technique that's being used in Microsoft Azure CLI and in Epic Games Desktop application, that is responsible for delegation of authentication from target application to browser, where you perform OpenID Connect authentication and brings you back to target application: CLI App or Desktop App, where you can proceed as logged in user by using authentication you gained via browser.
The steps would be:
you launch target app (CLI, desktop app)
login attempt lets you choose oAuth OIDC via Google or so
selecting it opens default browser, where you proceed with login
You gain auth inside app you started from (CLI, dektop app)
In classic OIDC process you gaining your token in same app/browser environment, while here authorization is expected in app A, token is gained in web browser and afterwards there is possibility to re-use it in completely different application.
I'm wondering is this some particular OIDC extension, usage of some particular grant flow or just some particular hacky way of sharing token across entities?
I found one online resource here but my investigation don't confirm starting of any redirection URL localhost server for toke possession.
I'd appreciate any help in my investigation.
I have integrated the social login feature in my web app. When someone logs in using Google(OAuth2), it creates the user profile in my DB(basically register the user automatically) and provides the login token for my app to the end-user. I want to trigger the same flow using my mobile application built for Android and iOS using Flutter. Do I have to trigger the flow using the web browser, if that's the case then how can I get the login token back in my app??
We're building an application which accesses files in Google Drive. Our application has a web UI, an Android App and an iOS app. We use oAuth2 to let the user authorize our app to access their Google Drive account. We use the Google Drive Java SDK in the web application and the Android/iOS SDK of Google Drive for mobile. We're unable to use the oAuth tokens returned by the Android SDK in iOS and vice versa. We also can't use the token received by the Java SDK(by our web server) in the Android app. Because of this, we have had to create separate oAuth clients for each platform(web, Android, iOS) and the user needs to authorize once on each platform, which is not very user-friendly. Is there a better way to use the same oAuth token across clients? Am I missing something very basic here?
You'll need to get a token on iOS and Android for the server.
See this doc for iOS
See this doc for Android
On each of the app, you'll ask a user to sign in first. Then check on the server if there is already a token or not. If not then ask for that access and store the token on the server.
We have notice a security breach when implementing/testing the authentication module with MFP 8.0.
We are building a MobileFirst 8 web-based app using MFP Web SDK and we implemented the security check as per the credentials validation security check:
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/authentication-and-security/credentials-validation/
In the client side, after a user is authenticated, we found out that MFP Web SDK is using LocalStorage to save the following entries :
com.mfp.browser.uniqueid, com.sample.pincodeweb.com.mfp.oauth.application.data and com.sample.pincodeweb.com.mfp.oauth.clientid
The problem is when we took the clientid key/value pair from an authenticated user's browser and inserted them in a whole new different browser, unfortunately we found out that the user is being fully authorized and authenticated in the new browser even though we didn't provide any user credentials nor redirected to login.
We have tried it on the PinCode sample:
https://github.com/MobileFirst-Platform-Developer-Center/PinCodeWeb/tree/release80
Even the user authentication share the same problem.
I am trying to make an app using Ionic in Mobile First.
The web application is has got both sso and WebIdentity(LDAP) for the login functionality....
How to approach for the Hybrid Mobile App?
I do not believe there is direct relation between using LDAP in IBM MobileFirst Platform and using SSO in IBM MobileFirst Platform.
SSO in MFP allows you to automatically login to app2 if you have already logged-in in app1.
So assuming your are able to login to app1 via LDAP (which is server-side anyway, to check your credentials against a list of users), and assuming you have correctly set-up both apps for SSO, it should work.
Read about setting up SSO: http://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/devref/c_device_single_sign_on.html