Great..!!! Can we also start with iOS app...? Also - can you please test this with IS 4.1.0..?
Thanks & regards, -Prabath On Thu, Mar 27, 2014 at 4:31 PM, Gayan Gunawardana <[email protected]> wrote: > Hi All, > > Still code with on going development, but any body who interesting can try > it > > Android SDK > [1] https://github.com/GayanM/android-idp-sdk > > IDP Proxy mobile app > [2]https://github.com/GayanM/IDP-Proxy-App > > Sample Client Application > [3] https://github.com/GayanM/IDP-Consumer-Samples > > I will provide a readme once final review is done. > > > > > On Tue, Mar 11, 2014 at 12:16 PM, Shanmugarajah Sinnathamby <[email protected] > > wrote: > >> Hi Prabath, >> >> 1. Can't we use the implicit grant type instead of *Authorization code >> . * >> >> >> - *Authorization Code* for apps running on a web >> server<http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#web-server-apps> >> - *Implicit* for >> browser-based<http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#browser-based-apps> >> or mobile >> apps<http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#mobile-apps> >> >> Any reason why it can't be used. >> Is that because we use a proxy app and client app ? >> >> 2. Also can't we eliminate the use of web view. Rather use direct calls ? >> >> 3. Also can we have a custom grant type for mobile application , so that >> same level of security is achieved ? >> >> >> >> >> On Mon, Mar 10, 2014 at 10:39 PM, Chan <[email protected]> wrote: >> >>> IMO we don't revoke mobile app's Consumer key and Consumer secret but >>> revokes the Access token of a user. Next step for this integration is to >>> map access tokens that have been issued for devices. With this integration >>> EMM can revoke access of a mobile device from enterprise resources (APIs) >>> completely by coordinating with IS. >>> >>> Cheers~ >>> >>> >>> On Mon, Mar 10, 2014 at 6:10 PM, Suresh Attanayaka <[email protected]>wrote: >>> >>>> Hi Manjula, >>>> >>>> Let me answer inline, >>>> >>>> >>>> On Mon, Mar 10, 2014 at 4:54 PM, Manjula Rathnayake >>>> <[email protected]>wrote: >>>> >>>>> Hi all, >>>>> >>>>> How do we store client secret and access tokens in mobile application? >>>>> Have we encrypted the client secret? >>>>> >>>> We can let the mobile app developer to implement his own mechanism for >>>> this, or if we are supporting this at the SDK, we can use a password to >>>> encrypt the client secrete. >>>> >>>> In case of mobile device is lost, how do we remove the mobile >>>>> application subscription from OAuth server without affecting to other >>>>> mobile devices which uses same application? Do we generate the >>>>> applicationId together with a unique mobile Id? >>>>> >>>> >>>> User can always revoke the tokens issued for the application. We can >>>> let each application to have its own client-key, client-secrete as well >>>> using dynamic client registration. >>>> >>>> >>>>> Is the mobile IDP app code signed by a trusted cert? How does the >>>>> trust relationship works with mobile IDP and WSO2IS? >>>>> >>>> >>>> WSO2IS does not have to trust the proxy IDP in the mobile. IS will >>>> always validate client-key, client-secrete and will check user >>>> authentication at logins. >>>> >>>> >>>>> >>>>> thank you. >>>>> >>>>> >>>>> On Mon, Mar 10, 2014 at 4:37 PM, Gayan Gunawardana <[email protected]>wrote: >>>>> >>>>>> Hi Nira, >>>>>> >>>>>> Reason to do that way is normally client secret does not share with >>>>>> any other party >>>>>> >>>>>> >>>>>> On Mon, Mar 10, 2014 at 4:24 PM, Niranjan Karunanandham < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Gayan, >>>>>>> >>>>>>> Here the IDP proxy app is only used to get the authorization code >>>>>>> from the WSO2 IS and pass it to the SDK. After which the SDK is >>>>>>> communicates directly with the WSO2 IS to get the access token and >>>>>>> manage >>>>>>> the access token and refresh token. >>>>>>> Just a small clarification why we can't use the IDP proxy app to do >>>>>>> this, .i.e, let the IDP proxy app manage the access token and refresh >>>>>>> token >>>>>>> for each app. Therefore cutting off the connection between the SDK and >>>>>>> the >>>>>>> WSO2 IS. Here if the access token expires then the SDK will call the IDP >>>>>>> proxy app to get the token refreshed. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mon, Mar 10, 2014 at 3:58 PM, Gayan Gunawardana >>>>>>> <[email protected]>wrote: >>>>>>> >>>>>>>> Image attached >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Mar 10, 2014 at 3:51 PM, Gayan Gunawardana >>>>>>>> <[email protected]>wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> Problem: Implement SSO for enterprise mobile apps >>>>>>>>> >>>>>>>>> The idea is to provide SDK for mobile apps developers within the >>>>>>>>> organization, then they can integrate SDK inside the application and >>>>>>>>> implement SSO across required applications. >>>>>>>>> >>>>>>>>> Provide (SDK + Mobile IDP proxy app) >>>>>>>>> >>>>>>>>> >>>>>>>>> To achieve above purpose we plan to utilize oauth 2.0 with >>>>>>>>> *Authorization >>>>>>>>> code* grant type. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Briefly Explaining message flow : >>>>>>>>> >>>>>>>>> Initially new application has to be registered in WSO2 IS under >>>>>>>>> Oauth management and obtain client_key, client_secret, Access Token >>>>>>>>> Url and >>>>>>>>> Authorize Url >>>>>>>>> >>>>>>>>> 1. SDK initiate the process by sending client_key, redirect_url >>>>>>>>> and scope to mobile IDP proxy app >>>>>>>>> >>>>>>>>> 2. IDP proxy app obtain Authorization code >>>>>>>>> >>>>>>>>> 3. SDK (in side mobile app) receive Authorization code >>>>>>>>> >>>>>>>>> 4. SDK send second request directly to WSO2 IS with Authorization >>>>>>>>> code, client secret and redirect_url >>>>>>>>> >>>>>>>>> 5. SDK obtain access token >>>>>>>>> >>>>>>>>> 6. Mobile app pass access token to resource server >>>>>>>>> >>>>>>>>> 7. Resource server contact IPD and validate access token >>>>>>>>> >>>>>>>>> This is much similar to Facebook approach where facebook >>>>>>>>> application act as mobile IDP proxy app and they provide SDK to >>>>>>>>> develop >>>>>>>>> apps. All your suggestions are welcome. >>>>>>>>> -- >>>>>>>>> Gayan Gunawardana >>>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>>> Email: [email protected] >>>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>>> Blog: http://gayanj2ee.blogspot.com/ >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Gayan Gunawardana >>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>> Email: [email protected] >>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>> Blog: http://gayanj2ee.blogspot.com/ >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Niranjan Karunanandham* >>>>>>> Senior Software Engineer - WSO2 Inc. >>>>>>> WSO2 Inc.: http://www.wso2.com >>>>>>> M: +94 777 749 661 <http:///> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Gayan Gunawardana >>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>> Email: [email protected] >>>>>> Mobile: +94 (71) 8020933 >>>>>> Blog: http://gayanj2ee.blogspot.com/ >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Manjula Rathnayaka >>>>> Software Engineer >>>>> WSO2, Inc. >>>>> Mobile:+94 77 743 1987 >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Suresh Attanayake >>>> Senior Software Engineer; WSO2 Inc. http://wso2.com/ >>>> Blog : http://sureshatt.blogspot.com/ >>>> Web : http://www.ssoarcade.com/ >>>> Facebook : https://www.facebook.com/IdentityWorld >>>> Twitter : https://twitter.com/sureshatt >>>> LinkedIn : http://lk.linkedin.com/in/sureshatt >>>> Mobile : +94755012060 >>>> Mobile : +016166171172 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Chan (Dulitha Wijewantha) >>> Software Engineer - Mobile Development >>> WSO2Mobile >>> Lean.Enterprise.Mobileware >>> * ~Email [email protected] <[email protected]>* >>> * ~Mobile +94712112165 <%2B94712112165>* >>> * ~Website dulitha.me <http://dulitha.me>* >>> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >>> *~SO @chan <http://stackoverflow.com/users/813471/chan>* >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Shanmugarajah (Shan)* >> Director Architecture, Enterprise Mobility >> WSO2, Inc.; http://wso2.com >> Email: [email protected] >> Mobile : +94777748260 >> Blog: http://shanfour.blogspot.com >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > Blog: http://gayanj2ee.blogspot.com/ > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
