IOS SDK v1.0 with NAM 4.2.

Slides:

Advertisements

Similar presentations

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013

Advertisements

Authentication Simon Cross Partner Engineer facebook.com/sicross An Overview.

FI-WARE Testbed Access Control temporary solution.

1Proprietary and Confidential AirVantage API – Getting started David SCIAMMA – June 13th 2014.

Smartphone Apps Development Team Weiqing Li Lijun Zhu Man Li.

The Alfresco API Steven Glover Gethin James Peter Monks.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

Introducing Windows Server 2012 R2 Work Folders:

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

Security and Digital Recording System Students: Gadi Marcu, Tomer Alon Number:D1123 Supervisor: Erez Zilber Semester:Spring 2004 Mid Semester Presentation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Multiple Tiers in Action

Proxy Cache Leonid Romanovsky Olga Fomenko Winter 2003 Instructor: Konstantin Sinyuk.

Team Members Jason Bender Derek Crane Cliff Crane Renan Pereira Isidro Arribas.

Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

User signs in to WindowsUser is signed in to your app 12.

Fraser Technical Solutions, LLC

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

UNIT-V The MVC architecture and Struts Framework.

OAuth 2.0 in Depth By Rohit Ghatol SynerzipSynerzip Passionate about TechNextTechNext.

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

Remotely authenticating against the Service Framework.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

Creating a User ID (1) User makes any HTTP request

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support.

 Facebook Integration on iOS Phan Thanh Phat Huynh Thanh Van.

Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.

Webview and Web services. Web Apps You can make your web content available to users in two ways in a traditional web browser in an Android application,

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

1 Java Servlets l Servlets : programs that run within the context of a server, analogous to applets that run within the context of a browser. l Used to.

Satisfy Your Technical Curiosity 27, 28 & 29 March 2007 International Convention Center (ICC) Ghent, Belgium.

Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.

API Auth By Kyle Bradley. Role Definitions  User (Resource Owner)  The resource owner is the person who is giving access to some portion of their account.

Secure Mobile Development with NetIQ Access Manager

Today’s Applications Web API Browser Native app Web API Web API

© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.

Wes Hackett Principal Solutions Architect Chris O’Brien Head of Development.

#SummitNow Consuming OAuth Services in Alfresco Share Alfresco Summit 2013 Will Abson

The Alfresco iOS SDK Gi Lee (Zia Consulting) Peter Schmidt (Alfresco)

Building Azure Mobile Apps

562: Power of Single Sign-On in OpenEdge

4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

MQTT-255 Support alternate authenticaion mechanisms

Consuming OAuth Services in Alfresco Share

Migrating SharePoint Add-ins from Azure ACS to Azure AD

Mobility for Real Estate – Extending JDE Core Data to User Fingertips

Pre assessment Questions

Web Software Model CS 4640 Programming Languages for Web Applications

Considering issues regarding handling token

MOCKUP, FLOW, AND API SERVICE

Social Networks Integration in Android

Exam : Implementing Microsoft Azure Infrastructure Solutions

Device Flow <draft-ietf-oauth-device-flow-03>

Dominik Pinter, CMS.IO, Authentication Dominik Pinter,

Azure AD Line Of Business Application Integration

intro to notifications in iOS 10

Model-View-Controller Patterns and Frameworks

SharePoint Online Authentication Patterns

Office 365 Development.

Introduction into the Power BI REST API Jan Pieter Posthuma

Microsoft Office 4/3/2019 Deep Dive into native Universal App development with the Office 365 APIs Speaker name Title Microsoft Corporation © 2012 Microsoft.

Western Mass Microsoft Technology Users Group

Security for Science Gateways Initial Design Discussions

D Guidance 26-Jun: Would like to see a refresh of this title slide

Presentation transcript:

iOS SDK v1.0 with NAM 4.2

iOS SDK OAuth2 library in Objective-C Simple APIs with drop-in solution (no source code needed to be included in developer project) For the first release (iOS 8+) it does basic OAuth2 flow Achieve 1-prompt SSO to OAuth resources Tested OAuth Authorization Code flow TestApp to test SDK Going forward (iOS 9+) can potentially perform 0-prompt native-app sso

User Consent

iOS SDK SDK available as iOS Framework to be dropped in Xcode project - Add NMAAuthLib.framework file in appropriate build Target to the Embedded Binaries section Two separate deliverables, one for simulator & other for the device Implements the [native application profile] of OAuth spec http://tools.ietf.org/html/rfc6749 All comms HTTPS Handles Multiple Accounts Special Redirect URI for Embedded browser urn:ietf:wg:oauth:2.0:oob Sensitive data such as Access, Refresh Tokens are securely stored in device Keychain

OAuth Configuration OAuth scopes can be configured in NAM Oauth settings -> Resource Servers -> scopes Sample OAuth application configuration shown below

Using NMAAuthLib Configure your Client - NMAAuthLibManager Singleton [[NMAAuthLibManager sharedInstance] setClientID:@"myClientID" secret:@"mySecret" authorizationURL:[NSURL URLWithString:@"https://your authz URL..."] tokenURL:[NSURL URLWithString:@"https://your token URL..."] redirectURL:[NSURL URLWithString:@"https://your redirect URL..."] forAccountName:@"myOAuth2Service"]; Requesting Access - Embedded Browser - Provide Authorization URL Handler [[NMAAuthLibManager sharedInstance] signInToAccountWithName:@"myOAuth2Service" withPreparedAuthorizationURLHandler:^(NSURL *preparedURL){ // Open a web view or similar }]; - Load request in WebView [_webView loadRequest:[NSURLRequest requestWithURL:preparedURL]]; - In webViewDidFinishLoad delegate method parse the callback URL One of the possible places server can send the Authorization Code is Page Title [NMAAuthLibManager handleRedirectURL:] - On Success After successful authentication, a new NMAAuthAccount is created and stored in device keychain and your app will receive `NMAAuthAccountManagerAccountsDidChangeNotification’ notification - On Failure If Authentication failed, `NMAAuthAccountManagerDidFailToRequestAccessNotification` notification containing an `NSError` will be sent.

Using NMAAuthLib Getting Accounts - List of all account or specific account can be queried by [[NMAAuthLibManager sharedInstance] accountsWithAccountName:@"myOAuth2Service"] Invoking a Protected Resource Request There are a couple of ways to invoke a request. The preferred way is to pre- authorize the request. This will pre-emptively refresh token if the access token has expired (within 60 secs) [theRequest authorizeRequestWithError:&error]; Note: This is a synchronous call and is made on the calling method thread. User Data - Each NMAAuthAccount has a property ‘userData’ which can be used to store account user information Removing Accounts - [[NMAAuthLibManager sharedInstance] removeAccount:account];

(Q)?A:#