Hi All,
Problem: Implement SSO for enterprise mobile apps
The idea is to provide SDK for mobile apps developers within the
organization, then they can integrate SDK inside the application and
implement SSO across required applications.
Provide (SDK + Mobile IDP proxy app)
To achieve above purpose we plan to utilize oauth 2.0 with *Authorization
code* grant type.
Briefly Explaining message flow :
Initially new application has to be registered in WSO2 IS under Oauth
management and obtain client_key, client_secret, Access Token Url and
Authorize Url
1. SDK initiate the process by sending client_key, redirect_url and scope
to mobile IDP proxy app
2. IDP proxy app obtain Authorization code
3. SDK (in side mobile app) receive Authorization code
4. SDK send second request directly to WSO2 IS with Authorization code,
client secret and redirect_url
5. SDK obtain access token
6. Mobile app pass access token to resource server
7. Resource server contact IPD and validate access token
This is much similar to Facebook approach where facebook application
act as mobile IDP proxy app and they provide SDK to develop apps. All your
suggestions are welcome.
--
Gayan Gunawardana
Software Engineer; WSO2 Inc.; http://wso2.com/
Email: [email protected]
Mobile: +94 (71) 8020933
Blog: http://gayanj2ee.blogspot.com/
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
