search

gary-archer / oauth.mobilesample.ios

Final OpenID Connect secured iOS Mobile Code Sample
MIT License
29 stars 1 forks source link

readme

iOS OAuth Mobile Sample

Codacy Badge

Overview

A demo mobile app using OpenID Connect, which aims for the best usability and reliability.

Views

The app is a simple UI with some basic navigation between views, to render fictional investment resources.\ Its data is returned from an OAuth-secured API that uses claims-based authorization.\ The app uses user attributes from both the OpenID Connect userinfo endpoint and its API.

App Views

Local Development Quick Start

Open the app in Xcode and run the app on a simulator, to trigger an OpenID Connect login flow.\ This triggers an OpenID Connect code flow to authenticate the user with the AppAuth pattern.\ Logins run in the system browser using a AsWebAuthenticationSession and the app cannot access the user's credentials:

App Login

You can login to the app using my AWS Cognito test account:

- User: guestuser@example.com
- Password: GuestPassword1

The app receives the login response using a claimed HTTPS scheme redirect URI, in the most secure way.\ iOS Universal Links enables the claimed HTTPS scheme redirect URI and requires a cloud hosted deep linking assets file.\ Interstitial web pages ensure a user gesture after login and logout, so that responses return to the app reliably.\ After login you can test all lifecycle operations, including token refresh, expiry events and logout.

Deep Linking Registration Failures

Some developers may run into the following error after login, where the deep link fails to invoke the mobile app.\ Instead, the URL invoked by this JavaScript runs in the browser, resulting in a Not Found error:

post login error

If you run into this type of problem, see the iOS Code Sample – Infrastructure blog post on ways to resolve it.

Further Information

Programming Languages

Infrastructure