Android Application Question
Andrew Watson
andrew.watson at makeandbuild.com
Wed Jan 4 11:50:00 EST 2017
I was thinking this morning that a decent approach might be to bounce the
user to the system web app, have them log in and then have the web app
"redirect" them to URL with an intent in it so that the phone would open
the app again and pass a token/cookie value in that it could use to make
API calls.
That Ping article says that's the old/broken way to do it, though!
It seems like the most logical approach would be to use something like the
OAuth2 Password grant (
http://oauthlib.readthedocs.io/en/latest/oauth2/grants/password.html) where
I'd take credentials from the user in the native app and exchange them for
an access token which expires after X seconds.
On Wed, Jan 4, 2017 at 11:41 AM Marc Boorshtein <mboorshtein at gmail.com>
wrote:
>
>
> https://developer.pingidentity.com/en/resources/napps-native-app-sso.html
>
> Does not apply to QT5 applications, but might be useful in other settings.
>
>
>
> Issue I see with this is while it works, seems to break the way openid
> connect is supposed to work. you're not supposed to move the tokens
> between agents (in this case the browser and the app). Should be
> generating a new token once authenticated that is then transfered via
> OAuth2 (we had this same discussion over on kubernetes a few weeks back).
>
> But I think the moral of the story is, if you design your app+backend
> services correctly saml vs openid connect shouldn't matter.
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
--
--
Andy Watson
Make and Build
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170104/9d00876c/attachment.html>
More information about the users
mailing list