Hi all, How do we store client secret and access tokens in mobile application? Have we encrypted the client secret? In case of mobile device is lost, how do we remove the mobile application subscription from OAuth server without affecting to other mobile devices which uses same application? Do we generate the applicationId together with a unique mobile Id? Is the mobile IDP app code signed by a trusted cert? How does the trust relationship works with mobile IDP and WSO2IS?
thank you. On Mon, Mar 10, 2014 at 4:37 PM, Gayan Gunawardana <ga...@wso2.com> wrote: > Hi Nira, > > Reason to do that way is normally client secret does not share with any > other party > > > On Mon, Mar 10, 2014 at 4:24 PM, Niranjan Karunanandham <niran...@wso2.com > > wrote: > >> Hi Gayan, >> >> Here the IDP proxy app is only used to get the authorization code from >> the WSO2 IS and pass it to the SDK. After which the SDK is communicates >> directly with the WSO2 IS to get the access token and manage the access >> token and refresh token. >> Just a small clarification why we can't use the IDP proxy app to do this, >> .i.e, let the IDP proxy app manage the access token and refresh token for >> each app. Therefore cutting off the connection between the SDK and the WSO2 >> IS. Here if the access token expires then the SDK will call the IDP proxy >> app to get the token refreshed. >> >> >> >> >> On Mon, Mar 10, 2014 at 3:58 PM, Gayan Gunawardana <ga...@wso2.com>wrote: >> >>> Image attached >>> >>> >>> On Mon, Mar 10, 2014 at 3:51 PM, Gayan Gunawardana <ga...@wso2.com>wrote: >>> >>>> Hi All, >>>> >>>> Problem: Implement SSO for enterprise mobile apps >>>> >>>> The idea is to provide SDK for mobile apps developers within the >>>> organization, then they can integrate SDK inside the application and >>>> implement SSO across required applications. >>>> >>>> Provide (SDK + Mobile IDP proxy app) >>>> >>>> >>>> To achieve above purpose we plan to utilize oauth 2.0 with *Authorization >>>> code* grant type. >>>> >>>> >>>> >>>> Briefly Explaining message flow : >>>> >>>> Initially new application has to be registered in WSO2 IS under Oauth >>>> management and obtain client_key, client_secret, Access Token Url and >>>> Authorize Url >>>> >>>> 1. SDK initiate the process by sending client_key, redirect_url and >>>> scope to mobile IDP proxy app >>>> >>>> 2. IDP proxy app obtain Authorization code >>>> >>>> 3. SDK (in side mobile app) receive Authorization code >>>> >>>> 4. SDK send second request directly to WSO2 IS with Authorization code, >>>> client secret and redirect_url >>>> >>>> 5. SDK obtain access token >>>> >>>> 6. Mobile app pass access token to resource server >>>> >>>> 7. Resource server contact IPD and validate access token >>>> >>>> This is much similar to Facebook approach where facebook >>>> application act as mobile IDP proxy app and they provide SDK to develop >>>> apps. All your suggestions are welcome. >>>> -- >>>> Gayan Gunawardana >>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>> Email: ga...@wso2.com >>>> Mobile: +94 (71) 8020933 >>>> Blog: http://gayanj2ee.blogspot.com/ >>>> >>> >>> >>> >>> -- >>> Gayan Gunawardana >>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: ga...@wso2.com >>> Mobile: +94 (71) 8020933 >>> Blog: http://gayanj2ee.blogspot.com/ >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> *Niranjan Karunanandham* >> Senior Software Engineer - WSO2 Inc. >> WSO2 Inc.: http://www.wso2.com >> M: +94 777 749 661 <http:///> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: ga...@wso2.com > Mobile: +94 (71) 8020933 > Blog: http://gayanj2ee.blogspot.com/ > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Manjula Rathnayaka Software Engineer WSO2, Inc. Mobile:+94 77 743 1987
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
