Adobe AIR Mobile / OAuth2.0 - ios

We are currently trying to add OAuth2.0 for authentication into an existing Adobe AIR mobile app for a client. We are trying to carry this out by using this library https://github.com/charlesbihis/actionscript-oauth2 from this article.
We have tried using instances of the 'StageWebView' class and the Feathers UI 'WebView' class to display the authorization prompt page within the mobile app itself.
When we publish the app locally on our development PCs, the whole process works ok. However, as soon as it is published to our iPad(s) for testing, it is almost as if some security setting stops the "embedded" website from communicating with to the server.
As the website we are trying to communicate with is a https:// address, I'm assuming that this might be causing issues, but I can't confirm this.
Has anyone out there found themselves in a similar situation?
Thanks,
Dave

Related

OIDC/OAuth SSO from wpf desktop app using web browser

We have our custom IDP which implements the OIDC/OAuth2 standards and many of our browser based SPA apps use it for authn/authz (With SSO). We also have some of our apps which are WPF desktop based. Now, our requirement is to implement similar OIDC/OAuth SSO from desktop app by launching a browser from the desktop application and then once the sign in is complete come back to the desktop app (SSO).
This is something very similar to how Docker desktop works which launches a browser for sign-in and then redirects back to the desktop application. Anybody can suggest what is the right way to implement this and any reference to sample implementation would be greatly appreciated.
Thanks
The system browser is used to login, according to RFC8252. I believe Docker desktop uses a private URI schene to receive the OAuth response.
See these resources. My app is coded in Javascript but you should be able to translate the concepts:
C# private URI scheme example
My desktop code sample + blog posts

How to deep-link directly to an app in Okta Mobile on iOS

We can send a link to someone formatted as okta:// and it will launch the Okta mobile app, but I would like to know if there is a way to deep link to a specific app in Okta mobile?
Something like okta://appname
or better yet would be okta://appname/specificpageinapp
I have tried all sorts of options, but none seem to work.
The Okta Mobile app doesn't support deep linking as you described.
You may be able to deep-link directly into native iOS applications using a similar URL Scheme (exampleapp://page/example). If the native iOS app is integrated with Okta, this might work as you expect.
However, it sounds like what you might actually want to do is link directly into the embedded web view of a web application in Okta. If that is the case, I suggest reaching out to Okta support with a feature request and the use case that you're trying to solve, so that it can get the attention of the product manager for the Okta Mobile app.

How to reflect web app hosted on EC2 (AWS) on mobile app (iOS)

So my current task at the company I'm interning with is to create a mobile version (iOS) of a web app written using Flask, HTML & CSS that currently exists and is being hosted on AWS's EC2. Assume I'm a complete noob at AWS and only just learned that EC2 is a cloud computing service.
Essentially, I just want to be able to reflect what's currently on EC2 over to a mobile app in a secure fashion. I guess I'm just trying to avoid rebuilding something in Swift that's already been done. For those familiar with WebView in Xcode, I tried to use that to reflect the web page, but it didn't work (I assume because our web app on EC2 requires login credentials when you open it in a browser?).
I thought that maybe using AWS's SDK for iOS would net me some luck, so I installed cocoapods and setup a pod, but don't know how or which of these AWS services will help me achieve what I'm trying to do (from reading the documentation, it seems like their purpose is for building an app, not necessarily just projecting a webpage with data already in it).
For some more information, some key features that I think would be useful for our clients that would be using the app are:
The ability to persist data on the app when their device is offline
Some sort of temporary logins for the users. This app wouldn't be distributed through the app store; it would probably just have to be locally downloaded onto certain clients' devices
Lastly, I saw this post come up before creating this one: Does REST API for mobile apps hosted on https protocol web app will be slow? and I noticed that the asker of this question said "Lets say I have built a mobile app running on Android and iOS platform and REST API's for these apps lie under https based web application." This possibly sounds like something that could be helpful, and if anyone could explain what s/he meant by REST API's and what they are, I would be very grateful.
Any advice on how to proceed from here, using anything, would be much appreciated. Thanks!

Using LinkedIn's iOS 9 SDK for authentication with a webview instead of LinkedIn's mobile app

My iOS app currently offers users the option to log in and sign up with their LinkedIn accounts. I am using this project for the LinkedIn log and OAuth: LinkedInOAuth
With the update to iOS 9, my app now occasionally crashes, when a user attempts to log in through LinkedIn using that project, with a runtime exception of WebThread(18): EXC_BAD_ACCESS(code=1, address=0x8)
To resolve this occasional crash, I turned to an updated version of the project I was using that conforms to ios 9 and linkedin's ios 9 SDK.
The issue is that while this new project has solved the WebThread crashing, it now requires users to download LinkedIn's app (if they don't have it) in order to log in to my app with LinkedIn.
The previous project never had such requirements and would present a webview that allowed anyone with a linkedin account to log in.
My question is am I wondering if it is possible to authenticate with LinkedIn in ios 9 without requiring the user to download the mobile app? My hopes are that it is possible to update the old project to conform to ios 9 while simply presenting a webvew. Thank you!
We only discussed this last week (at the time your question didn't have an answer, but happy to update you now—that is, if you haven't solved this in the meantime).
After scouring several sources I came across this:
Mobile vs server-side access tokens
Presently, there is no mechanism available to exchange them. If you
require tokens that can be used in both the mobile and server-side
environment, you will need to implement a traditional OAuth 2.0
solution within your iOS environment to acquire tokens that can be
leveraged in both situations.
from: https://developer.linkedin.com/docs/ios-sdk-auth
The premise being that via mobile solutions, they offer single sign-on thru their app. This works, but requires their app. Apple's approval process has swung both ways on this, and it appears that it is a flip of the coin as to whether they will allow this or not (the requirement of a third party app). #AroundThen didn't have any luck and his app was rejected due to the requirement, however, other users* have indicated Apple weren't adverse to it in their application processes.
Alternatively, their is the web logon process using OAuth2. This is pretty stock for their non-mobile solutions. Currently sharing the tokens between mobile and web solutions is not a default and if you want to share the same token their solution is that that is listed above.
In essence (and copied from my other answer here):
You can test for the presence of the linked-in app:
if it is not there: implement OAuth2 directly through your app
if it is there: use it or your OAuth2 implementation (which you'd probably err on the side of using their app for the link-ability between any features of the app you may need in yours).
Thereby avoiding the REQUIREMENT to have the app installed, but utilising it if it is.
This suggests that authentication away from the app is supported.
Reportedly, #AroundThen has had success with this process.
Good luck!
*1 I'm currently having trouble finding his post, but basically he provided login credentials that Apple attempted to use, but had locality issues and hence couldn't get in, but it was inferred they may have approved it if they had of.

How to oauth-login a server app via the mobile client (especially iOS, Twitter, but in general too)

We have a web application that supports Facebook and Twitter login/signup via oAuth (and can also post to FB/TW). Now we are building a mobile client and naturally we want people to be able to login-signup via FB-Twitter on mobile as well, on iOS even using system-integrated accounts.
Now mobile app and our server app are two different apps, however, and if I get oAuth correctly, we'll need to have two authentications: one for a mobile client (system account can be used), another one for a server (we'll have to show WebView for it).
Yet some existing apps seem to be fine with single authentication only (e.g. Flickr and Foursquare! At least 4sq seems to be fine with iOS system FB account only. How is it possible?
Do they share consumer key/secret between mobile and web app making it essentially the same app?
Do they use some FB-specific extension to oAuth
Do they only use auth token wherever it comes from making it a user ID?
Something completely different?
Old question, but this may help someone who finds their way here.
Twitter Reverse Auth

Resources