I basically want to want to authenticate with ADFS as an external identity provider in a native ios/android app. Preferably with a seamless login experience, but that may be asking to much.
The setup that I want is pretty much the one described here except that I moved the identity stuff to an STS project. The ios and android apps are accessing the web api.
I also used this pluralsight course.
Now I "just" need a way to use the credentials received from the mobile app to issue an access token.
I need to know if I am on the right path. I am using:
IdentityServer3.
Oauth2 and OpenID Connect. (using password grant)
The solution has to work on adfs 3.0.
NET 4.6 web api and mvc solutions running in azure.
I have been looking at the ADAL.NET project, but that seems to be primarily for Xamarin and I already have the ios and android developed natively.
Questions:
What is the best approach going forward?
Are there any (perhaps new) technologies that i am completely
missing?
Your basic problem is that with ADFS 3.0, there is no OpenID Connect support and very limited OAuth support - basically just auth. code grant for web API.
Much along these lines.
If you want the full stack (ala what you have with idsrv3), you need ADFS 4.0.
You could federate idsrv3 with ADFS using WS-Fed for the final hop.
Related
I'm using the firebase-ui-android authentication flow for my mobile app.
I would like to do the same for my desktop app, but it doesn't seem like there is an equivalent framework; the closest seems to be firebase-ui-web.
Now I'm playing with the idea of (ab?)using firebase-ui-web to run locally on the client machine for authentication.
However, since firebase-ui-web seems to be aimed at the server I'm a bit wary running it on the client side.
The desktop app is fairly simple, it pretty much only needs to read some firestore data.
What are my options here?
The only ways to connect with Firebase are by an Android, an iOS and a web app.
There is no support for desktop apps.
But, you can create a native sync service to link your desktop app with Firebase users throught a web service.
It is feasible to have a desktop app to connect to Firebase. However you should create a hybrid desktop app using electron or other platforms that is by nature use web and javascript. Here is an example of using electron to manage firebase: https://www.electronjs.org/apps/firebase-admin
You can use Google Sign-In for TVs and Devices for that case.
This is not perfect, because you need to use additional access code, but it can work with desktop applications as well
I don't have much experience with authentication for mobile apps.
I am using Play framework as backend. Play supports cookie-session authentication, which is great because it keeps the server stateless. Can this mechanism apply to mobile apps (native, no web views) as well?
I can only speak for android as I have never developed for ios.
In Android all you have to do is enable Cookies for your URLConnections.
See here or search yourself. Questions to this can be easily found as there are a lot.
I am embarking on the creation of an Android application (and subsequently iOS, if it makes a difference to the answer) as a mobile version of an existing website. I would like users on the website to be able to log into the mobile version and vice versa.
The website is written in ASP.NET MVC and I was planning to use ASP.NET Web API (accepting and returning xml/json) to submit/retrieve necessary data for the application. The website uses a .NET membershipprovider for authentication.
Can I reuse my existing authentication mechanisms to authenticate android users and enable them to log into the Android App? If so, what is the suggested method of doing so?
Thanks,
JP
Considering that you want to create an android version and later an iOS version too, you should consider using a web based framework for mobiles. Take a look at jQuery mobile
These are not for everyone. They work great for webapps. But are not as fast as native apps.
Your native application would only be a wrapper then that presents the mobile version of you site in a web view. Both android and iOS have support for this.
Would save you a lot of code rewrite and maintenance if it works for you.
If you do want to create a native app, you can definitely create a WebAPI based login and use that from an android client.
How does one approach building the mobile app version of one's Rails app, with little to no mobile development experience? iOS, Android, one or the other, or both.
First, you might want to create (private) APIs for services your web app provides. The de facto standard for Android apps is REST-like endpoints that accept/return JSON. You can use whatever Ruby REST framework works best. Then you need to consider how you would authenticate Android apps, if needed. Do you use the same authentication database? Can you allow anonymous access, what parts of the app do you expose, etc.
Finally, you need to build the frontend. A few options here:
learn Android
hire someone to do it
use a framework that lets you develop using Web(-like) technologies: Thitanium, Rhodes, etc. The upside is that you get to use what you know and might also get an iOS app for free.
The downside is that you can never get the native performance, and look-and-feel might not be completely Android-like (never used Rhodes, so maybe it does this well enough, but still)
Consider using http://www.rhomobile.com/.
I am looking into building an android app, which holds some simple data (probably stored in sqlite). I also have a app engine app which I intend to be an online data store for the information (the app engine app is wrote in python).
The question here is, what is the best way to authenticate a user with the app and how to get the data from the android app to the Google data store?
Thanks
Mike
You could use Google Account authentication and follow this useful post about Authenticating against App Engine from an Android app
You can also give a look at the SampleSyncAdapter sample from the SDK
If you want to authenticate using OAuth, you can do that. The only trick is that you need to launch the flow in an internal WebView, because App Engine's OAuth implementation doesn't allow custom protocols in the redirect. I recommend the Signpost library. If you'd like an example, the 2cloud Android client is licensed under the MIT license (full disclosure, I'm the lead dev for 2cloud). The benefit of this is it allows you to support Android 1.5 and higher. The Accounts API is only supported starting in 2.1.
Another option is the Accounts API. #systempuntoout has good links for that, so I won't reinvent the wheel here.
Finally, it might be worth taking a look at the App Engine-powered Android Eclipse project that was demo'd at I/O this year. It makes keeping code in sync and shared between the two simple. Only downsides are it requires Android 2.2 or higher, and it requires you to write in Java on the App Engine side and GWT for the client side.