security - How to setup Identity Server 3 for IOS client using Authorization Code flow -


lately i've bee playing around thinktecture's identity server 3 , more clients , flows. want see how communication happens between native ios application , identity server 3 using authorization code flow.

what i've done far consuming sts(identity server 3) asp.net mvc client(hybrid flow) , angularjs client(implicit flow). sts side looks this:

implicit flow client setup on sts:

new client              {                 clientid = "implicitangularclient",                 clientname = "angular client (implicit)",                 flow = flows.implicit,                  allowaccesstoallscopes = true,                  identitytokenlifetime = 10,                 accesstokenlifetime = 120,                 // if want have sso between angular app , mvc app need have option set                 // false both flows implement(hybrid , implicit).                 requireconsent = false,                  // redirect = uri of angular application                 redirecturis = new list<string>                 {                     "https://localhost:44555/callback.html",                     // silent refresh                     "https://localhost:44555/silentrefreshframe.html"                 },                 postlogoutredirecturis = new list<string>()                 {                     "https://localhost:44555/index.html"                 }             }

hybrid flow client setup on sts:

new client              {                 clientid = "hybridclient",                 clientname = "mvc client (hybrid)",                 flow = flows.hybrid,                  allowaccesstoallscopes = true,                 // if want have sso between angular app , mvc app need have option set                 // false both flows implement(hybrid , implicit).                 requireconsent = false,                  identitytokenlifetime = 10,                 accesstokenlifetime = 120,                  // redirect = uri of mvc application                 redirecturis = new list<string>                 {                     "https://localhost:44556"                 },                  // needed when requesting refresh tokens                 clientsecrets = new list<secret>()                 {                     new secret("hybridflowsecret".sha256())                 },                 postlogoutredirecturis = new list<string>()                 {                     "https://localhost:44556"                 }             }

well, goal setup client native ios application using authorization code flow. have no ios application wish make setup such client if 1 day have ios app, can give client id, client name , client secret have defined , let run. tried find examples on internet didn't have success started digging it. wondering return url should , how processed client-side. following specification: oauth2-native-apps-03, starting section 5. says

there 3 main approaches redirection uris native apps: custom uri schemes, app-claimed https uri schemes, , loopback redirects.

so far, good, far understand, on client side app need register custom uri scheme i've never done before(i've never done ios development in general). more, need open app after specific url(most likely, returnuris url) passed phone browser launched authorization process. spent time on inter app communication ios didn't answer of question is: if want abstract myself ios application , setup , want configure sts, how in terms of setting client object case on sts level? should redirect uri(as far understand kind of reverse dns notation. com.mycompany.apples)? imagine sts administrator , physical client comes me , says: hey, have ios application id, secret , return uri, please set me on sts.

here xamarin project ios client example using following libraries.

if going use xamarin viewcontroller.cs has login code connect identityserver.

        var options = new oidcclientoptions         {             authority = "https://demo.identityserver.io",             clientid = "native.hybrid",             scope = "openid profile email api",             redirecturi = "io.identitymodel.native://callback",              responsemode = oidcclientoptions.authorizeresponsemode.redirect         };          _client = new oidcclient (options);         _state = await _client.prepareloginasync ();          appdelegate.callbackhandler = handlecallback;         safari = new safariservices.sfsafariviewcontroller (new nsurl (_state.starturl));          this.presentviewcontroller (safari, true, null);

if going using single page application spa have sample project uses oidc-client.js library documentation here.

note: have not had luck using url scheme oidc-client.js library. i'm still looking if library supports ability.

if planning on using cordova project here source i've tested with. note: there testing issues may run if don't have ios device test with. ran issue , able test using intel xdx tool, allows push cordova project test server , launch on mobile device via intel app preview application.


-

Comments

Post a Comment

Popular posts from this blog

amazon web services - S3 Pre-signed POST validate file type? -

i know it's possible put limit on file size content-length-range header. possible validate file type? https://docs.aws.amazon.com/amazons3/latest/dev/httppostforms.html#policyconditions i see there content-type header, if set say, audio/mp3 allow mp3 files , return error if file not mp3? i found previous question answers mention validating file size: s3 direct upload restricting file size , type you can specify content-type @ post request. you can specify @ signature, post must done content-type: { "expiration": "2007-12-01t12:00:00.000z", "conditions": [ {"acl": "public-read" }, {"bucket": "johnsmith" }, {"content-type: "audio/mp3"} ] } creating html form (using aws signature version 4) edit: @ previous question found, checking content-type.
Read more

c# - Check Keyboard Input Winforms -

i wondering if instead of doing this protected override void onkeydown(keyeventargs e) { if (e.keycode == keys.a) console.writeline("the key down."); } i set bool method , this: if(keydown(keys.a)) // whatever here i've been sitting here ages trying figure out how it. can't wrap head around it. in case wondering, plan call bool inside different method, check input. since want perform action after pressing key, using keydown event enough. but in cases suppose want check if specific key down in middle of process, can use getkeystate method way: [dllimport("user32.dll", charset = charset.auto, exactspelling = true)] public static extern short getkeystate(int keycode); public const int key_pressed = 0x8000; public static bool iskeydown(keys key) { return convert.toboolean(getkeystate((int)key) & key_pressed); } you should know, each time check key state using example iskeydown(keys.a) method returns true if ke...
Read more