I am developing Sencha Touch application and I have been using Oauth 2.0 for authorization. The first time it is run, the application asks for user_code, is authorized, and works fine. However, when I close and then reopen the application, it again asks for authorization (the request is sent again) and asks for user_code.
I read "Using OAuth 2.0 for Devices" but it did not help.
Related
I have a first-party authorization server and I'm developing a first-party native mobile app and a SPA as a client. I noticed that the latest version of OAuth 2.0 no longer supports the "password grand type" and recommends using the "authorization_code grand type" instead, for mobile apps and SPAs.
My app has a native login screen and my SPA has its own unique login screen, and I want to avoid redirecting the user to the authorization server's login page or prompting a popup for login credentials since the authorization server is a trusted first-party server.
I'm wondering if OAuth 2.0 is still a good choice for first-party mobile app clients or SPA in this situation, and if there is a way to directly request a token through an HTTP request flow using user credentials obtained from the native mobile app login screen?
Any advice or insights on how to proceed would be much appreciated. Thanks in advance!
I found these two articles on this topic.
https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/
https://www.ory.sh/docs/hydra/concepts/before-oauth2
I came across this page from Google about Migrating to OAuth 2.0 login (OpenID Connect)
My current project has already used the Microsoft.Web.WebPages.OAuth library to implement the external login feature using Google account. But I am not sure whether this library still supports OAuth 2.0 login when the OpenID 2.0 is eventually shut down in the near future. Does someone have an confirmed answer about it? Thanks.
I am trying to implement enterprise mobile SSO with our Identity Provider (OKTA). My goal is to have a smooth user experience; the user shouldn't leave our custom built app in order to login to the identity provider.
OKTA has a native iOS app that facilitates the process. During the login, it is possible to forward the user to the OKTA Native App, do the authentication and bring the user back to the custom app. The process looks like (image is taken from http://tech.blog.box.com/2013/03/rethinking-mobile-sso/):
What I am trying to is to avoid the opening of the Native SSO App (the first 2 steps). OKTA provides a REST API that allows the user to authenticate and create sessions programmatically (and more http://developer.okta.com/docs/getting_started/design_principles.html).
The question is: After creating a session with the native SSO App (OKTA) via its REST API and getting the auth token, can I authenticate directly with the Service Provider from my custom native iOS app?
Okta provides a method for native app sso on iOS that allows the user start in your app, and have an SSO experience. In this case the Okta Mobile App serves as the identity provider. So long as the user has a session within Okta Mobile, they can access your custom native app without entering their credentials. If the user's session in Okta Mobile has ended, they can re-authenticate with their PIN.
More details on the standards-based framework (SAML + iOS) are available here:
http://developer.okta.com/docs/getting_started/saml_guidance.html#saml-for-mobile-native-apps
https://github.com/okta/okta-mobile-sdk
We have 1 google app with 2 separate sets of credentials.
One for a web app, the other for an iOS app.
We're trying to have users authenticate on mobile and send the "code" parameter to our api where we turn that into an access_token and refresh_token(for use with background processing). The issue that we're getting is "unauthorized_client".
We've been following the portion for "enable server-side api access for your app" https://developers.google.com/+/mobile/ios/sign-in
The api is using the same credentials as the iOS app for these type of exchanges.
Is there a way to authenticate to Facebook / Twitter using basic authentication? the application I am working on requires posting to those two sites without the need to open the oAuth Dialog.
Both twitter & facebook don't support basic auth.
No, thank goodness.
Basic authentication requires that you take the user's password, which is a secret between them and Twitter/Facebook. You shouldn't be asking for it.
If your app is physically unable to display the dialog, OAuth 2.0 (not available on Twitter) offers a way (last I checked) for an independent web browser on another computer to perform the OAuth authorization process to your app running on some limited device.