The project I'm working on is an open-source project. The GitHub OAuth App's Client ID and Secret has been hardcoded into a config.json file in every projects Assets folder and have a platform specific implementation to retrieve them. I'm using Prism & Unity for Navigation and a DI container for better manageability, test-ability, loosely-coupling/high-cohesion and more specifically to implement IoC principles . Since I want to keep the secret keys secret from the open source community for the Beta, Preview and Production versions, I've created 4 different OAuth apps in GitHub for:
the dev branch
beta (only for testing inside organization and developers or contributors
Preview (only for beta testers in the store apps)
Production
The OAuth app for the dev branch is exposed to the community. and the keys are changed dynamically during CI builds (using Pipelines) behind the scenes and deploying them to Mobile Center. I need the keys to be exposed in the dev branch to make it visible for learners and for my documentation purpose.
I've chosen this strategy because there is no feature like User Secrets in secrets.json (available in ASP.NET Core) available in Xamarin.Forms. There are other libraries but I don't like them.
If I want to continue with my strategy and integrate auth0, it seems that I need to create 4 different accounts in auth0 because the connection to third party API does not allow creating connections to multiple apps from a single Identity Provider. Which might be cumbersome and I don't want it.
Since GitHub has a security issue with OAuth login flow (it can not be determined in OAuth flow that which application is using it) as per their API documentation, I don't want to expose it to the community because I don't want to loose control over it. If GitHub would had supported OIDC for its API login flow, that would be great.
Because of the limitation I explained in the last paragraph, I decided to try creating 4 accounts in auth0. but the implementation needs a platform-specific way (like Xamarin.Auth) to achieve my goal because auth0's Nuget Library has limitation with platforms.
Can anyone help me with that:
Platform specific implementation of auth0 using Xamarin.Auth !!!
OR
**Cross-Platform implementation for GitHub OAuth using Xamarin.Auth !!!***
The project I'm working on is an open-source project. The GitHub OAuth App's Client ID and Secret has been hardcoded into a config.json file in every projects Assets folder and have a platform specific implementation to retrieve them. I'm using Prism & Unity for Navigation and a DI container for better manageability, test-ability, loosely-coupling/high-cohesion and more specifically to implement IoC principles . Since I want to keep the secret keys secret from the open source community for the Beta, Preview and Production versions, I've created 4 different OAuth apps in GitHub for:
The OAuth app for the dev branch is exposed to the community. and the keys are changed dynamically during CI builds (using Pipelines) behind the scenes and deploying them to Mobile Center. I need the keys to be exposed in the dev branch to make it visible for learners and for my documentation purpose.
I've chosen this strategy because there is no feature like User Secrets in secrets.json (available in ASP.NET Core) available in Xamarin.Forms. There are other libraries but I don't like them.
If I want to continue with my strategy and integrate auth0, it seems that I need to create 4 different accounts in auth0 because the connection to third party API does not allow creating connections to multiple apps from a single Identity Provider. Which might be cumbersome and I don't want it.
Since GitHub has a security issue with OAuth login flow (it can not be determined in OAuth flow that which application is using it) as per their API documentation, I don't want to expose it to the community because I don't want to loose control over it. If GitHub would had supported OIDC for its API login flow, that would be great.
Because of the limitation I explained in the last paragraph, I decided to try creating 4 accounts in auth0. but the implementation needs a platform-specific way (like Xamarin.Auth) to achieve my goal because auth0's Nuget Library has limitation with platforms.
Can anyone help me with that: