I have a react native ios app in which authentication is done using OKTA. As of now authentication of user is done by redirecting the user to OKTA login page and after authenticated in OKTA the user will come back into ios app. But my app should work in offline mode also how to authenticate a user using OKTA in OFFLINE mode. Can any one tell me how to validate the user when he is not connected to internet.
should i make use of any OKTA Primary authentication by making a custom login page.
Related
I have configured my Azure B2C to enable SSO feature, after enable when I login into my web application and redirect to power apps application it does not show as logged in instead it is showing for SIGN IN and when click on that button it directly logged my account and create cookie of .AspNet.ApplicationCookie and show account details. Both web application and power app have different domains. Please help me what I am missing
That’s expected, since you have to send the user to AAD B2C to check if they are logged in. The user must perform an action in App2 to be sent to B2C to perform the login or SSO.
You could perform a check on page load using a hidden iframe and if the login works, do something to update the page to reflect that, otherwise silently fail.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/embedded-login?pivots=b2c-user-flow
This would require coding in the authentication with MSAL into the app.
I have an app where earlier there was only AD login which we directly authenticated the app via our own server API as a middleware. Now after implementing the ADFS on the server, we are getting the ADFS login page, which we would like to bypass in order to maintain the workflow.
Basically we want to connect to Office 365 data via our own server and feed it to our app.
Does anyone know if even it is feasible to bypass that login page? ADFS v3.0
ADFS has two flows; passive (browser) and active (WCF).
You can bypass the login screen on passive by setting up the browser to do IWA.
Active will give you the flow you want i.e. authentication via a service.
I am trying to implement enterprise mobile SSO with our Identity Provider (OKTA). My goal is to have a smooth user experience; the user shouldn't leave our custom built app in order to login to the identity provider.
OKTA has a native iOS app that facilitates the process. During the login, it is possible to forward the user to the OKTA Native App, do the authentication and bring the user back to the custom app. The process looks like (image is taken from http://tech.blog.box.com/2013/03/rethinking-mobile-sso/):
What I am trying to is to avoid the opening of the Native SSO App (the first 2 steps). OKTA provides a REST API that allows the user to authenticate and create sessions programmatically (and more http://developer.okta.com/docs/getting_started/design_principles.html).
The question is: After creating a session with the native SSO App (OKTA) via its REST API and getting the auth token, can I authenticate directly with the Service Provider from my custom native iOS app?
Okta provides a method for native app sso on iOS that allows the user start in your app, and have an SSO experience. In this case the Okta Mobile App serves as the identity provider. So long as the user has a session within Okta Mobile, they can access your custom native app without entering their credentials. If the user's session in Okta Mobile has ended, they can re-authenticate with their PIN.
More details on the standards-based framework (SAML + iOS) are available here:
http://developer.okta.com/docs/getting_started/saml_guidance.html#saml-for-mobile-native-apps
https://github.com/okta/okta-mobile-sdk
I'm trying to implement server facebook authentication using passport-facebook on an iOS Facebook SDK app, and I'm unclear how to setup the passport authentication on the backend.
Basically the iOS client authenticates with Facebook and gets the sessionToken and I want to pass that to the passport-facebook /auth/facebook/callback to verify the session token with FB, and lookup the user from our database through node.js.
Is that the correct way to use passport-facebook, or do I need call /auth/facebook (and what parameters do I need to pass it).
This issue mentions building an app using Facebook iOS SDK and then authenticating on the server, but doesn't mention exactly how to do that.
https://github.com/jaredhanson/passport-facebook/issues/7
I could also write my own custom passport strategy that simply passes the FB session token and I can verify with FB graph API on the server to get the FB user ID and authenticate it's a valid session, as mentioned here:
Design for Facebook authentication in an iOS app that also accesses a secured web service
Check out passport-facebook-token, which is designed to authenticate based on a previously issued token (ie, the one issued to your iOS app).
passport-facebook is designed to do the web-based, redirect flow, which is not typically done from a mobile application.
I'm building an app with both a web client and a iPhone client.
On the web client I authenticate users through Facebook with Omniauth, the user can then post actions on the app to Facebook. That works good.
I'm having some problem implementing the Auth flow from the iPhone application.
I've set up Doorkeeper in the rails app as an OAuth provider. Although I'm not sure how the authentication flow should be implemented.
I've come up with this:
The user can log in to Facebook in the iPhone and get a token. The idea is then to send the token, along with the Facebook uid to the rails app, store it, and authenticate the user with Omniauth. Once the user is authenticated generate a token with Doorkeeper and send it back to the iPhone app.
If it's the first time the user authenticates against the rails app, a new user will be created.
The user can then do actions against a JSON-api and the rails app will take care of the Facebook integration since the Facebook token is stored on the user record.
The application will also span over several domains so I'll need to have multiple Doorkeeper applications registered to provide different callback uri's.
Does this seem like a viable solution?
Is it secure?
Is there alternative flows / approaches?
Thanks.
The solution I went with is summarized as followed:
Client starts oath flow w/ Facebook (using login button etc)
Client gets auth token and posts back to server
Server looks up user via FB API call w/ token
Server does lookup/create of user based on FB id
User is logged in if a user with FB id association lookup is successful
I have a diagram and more detail here: http://www.eggie5.com/57-ios-rails-oauth-flow