Sure I will check with IS 4.1.0
On Fri, Mar 28, 2014 at 10:59 AM, Prabath Siriwardena <[email protected]>wrote: > Great..!!! Can we also start with iOS app...? > > Also - can you please test this with IS 4.1.0..? > > Thanks & regards, > -Prabath > > > On Thu, Mar 27, 2014 at 4:31 PM, Gayan Gunawardana <[email protected]> wrote: > >> Hi All, >> >> Still code with on going development, but any body who interesting can >> try it >> >> Android SDK >> [1] https://github.com/GayanM/android-idp-sdk >> >> IDP Proxy mobile app >> [2]https://github.com/GayanM/IDP-Proxy-App >> >> Sample Client Application >> [3] https://github.com/GayanM/IDP-Consumer-Samples >> >> I will provide a readme once final review is done. >> >> >> >> >> On Tue, Mar 11, 2014 at 12:16 PM, Shanmugarajah Sinnathamby < >> [email protected]> wrote: >> >>> Hi Prabath, >>> >>> 1. Can't we use the implicit grant type instead of *Authorization code >>> . * >>> >>> >>> - *Authorization Code* for apps running on a web >>> server<http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#web-server-apps> >>> - *Implicit* for >>> browser-based<http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#browser-based-apps> >>> or mobile >>> apps<http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#mobile-apps> >>> >>> Any reason why it can't be used. >>> Is that because we use a proxy app and client app ? >>> >>> 2. Also can't we eliminate the use of web view. Rather use direct calls >>> ? >>> >>> 3. Also can we have a custom grant type for mobile application , so that >>> same level of security is achieved ? >>> >>> >>> >>> >>> On Mon, Mar 10, 2014 at 10:39 PM, Chan <[email protected]> wrote: >>> >>>> IMO we don't revoke mobile app's Consumer key and Consumer secret but >>>> revokes the Access token of a user. Next step for this integration is to >>>> map access tokens that have been issued for devices. With this integration >>>> EMM can revoke access of a mobile device from enterprise resources (APIs) >>>> completely by coordinating with IS. >>>> >>>> Cheers~ >>>> >>>> >>>> On Mon, Mar 10, 2014 at 6:10 PM, Suresh Attanayaka <[email protected]>wrote: >>>> >>>>> Hi Manjula, >>>>> >>>>> Let me answer inline, >>>>> >>>>> >>>>> On Mon, Mar 10, 2014 at 4:54 PM, Manjula Rathnayake <[email protected] >>>>> > wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> How do we store client secret and access tokens in mobile >>>>>> application? Have we encrypted the client secret? >>>>>> >>>>> We can let the mobile app developer to implement his own mechanism for >>>>> this, or if we are supporting this at the SDK, we can use a password to >>>>> encrypt the client secrete. >>>>> >>>>> In case of mobile device is lost, how do we remove the mobile >>>>>> application subscription from OAuth server without affecting to other >>>>>> mobile devices which uses same application? Do we generate the >>>>>> applicationId together with a unique mobile Id? >>>>>> >>>>> >>>>> User can always revoke the tokens issued for the application. We can >>>>> let each application to have its own client-key, client-secrete as well >>>>> using dynamic client registration. >>>>> >>>>> >>>>>> Is the mobile IDP app code signed by a trusted cert? How does the >>>>>> trust relationship works with mobile IDP and WSO2IS? >>>>>> >>>>> >>>>> WSO2IS does not have to trust the proxy IDP in the mobile. IS will >>>>> always validate client-key, client-secrete and will check user >>>>> authentication at logins. >>>>> >>>>> >>>>>> >>>>>> thank you. >>>>>> >>>>>> >>>>>> On Mon, Mar 10, 2014 at 4:37 PM, Gayan Gunawardana <[email protected]>wrote: >>>>>> >>>>>>> Hi Nira, >>>>>>> >>>>>>> Reason to do that way is normally client secret does not share with >>>>>>> any other party >>>>>>> >>>>>>> >>>>>>> On Mon, Mar 10, 2014 at 4:24 PM, Niranjan Karunanandham < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Gayan, >>>>>>>> >>>>>>>> Here the IDP proxy app is only used to get the authorization code >>>>>>>> from the WSO2 IS and pass it to the SDK. After which the SDK is >>>>>>>> communicates directly with the WSO2 IS to get the access token and >>>>>>>> manage >>>>>>>> the access token and refresh token. >>>>>>>> Just a small clarification why we can't use the IDP proxy app to do >>>>>>>> this, .i.e, let the IDP proxy app manage the access token and refresh >>>>>>>> token >>>>>>>> for each app. Therefore cutting off the connection between the SDK and >>>>>>>> the >>>>>>>> WSO2 IS. Here if the access token expires then the SDK will call the >>>>>>>> IDP >>>>>>>> proxy app to get the token refreshed. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Mar 10, 2014 at 3:58 PM, Gayan Gunawardana >>>>>>>> <[email protected]>wrote: >>>>>>>> >>>>>>>>> Image attached >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Mar 10, 2014 at 3:51 PM, Gayan Gunawardana <[email protected] >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> Problem: Implement SSO for enterprise mobile apps >>>>>>>>>> >>>>>>>>>> The idea is to provide SDK for mobile apps developers within the >>>>>>>>>> organization, then they can integrate SDK inside the application and >>>>>>>>>> implement SSO across required applications. >>>>>>>>>> >>>>>>>>>> Provide (SDK + Mobile IDP proxy app) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> To achieve above purpose we plan to utilize oauth 2.0 with >>>>>>>>>> *Authorization >>>>>>>>>> code* grant type. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Briefly Explaining message flow : >>>>>>>>>> >>>>>>>>>> Initially new application has to be registered in WSO2 IS under >>>>>>>>>> Oauth management and obtain client_key, client_secret, Access Token >>>>>>>>>> Url and >>>>>>>>>> Authorize Url >>>>>>>>>> >>>>>>>>>> 1. SDK initiate the process by sending client_key, redirect_url >>>>>>>>>> and scope to mobile IDP proxy app >>>>>>>>>> >>>>>>>>>> 2. IDP proxy app obtain Authorization code >>>>>>>>>> >>>>>>>>>> 3. SDK (in side mobile app) receive Authorization code >>>>>>>>>> >>>>>>>>>> 4. SDK send second request directly to WSO2 IS with Authorization >>>>>>>>>> code, client secret and redirect_url >>>>>>>>>> >>>>>>>>>> 5. SDK obtain access token >>>>>>>>>> >>>>>>>>>> 6. Mobile app pass access token to resource server >>>>>>>>>> >>>>>>>>>> 7. Resource server contact IPD and validate access token >>>>>>>>>> >>>>>>>>>> This is much similar to Facebook approach where facebook >>>>>>>>>> application act as mobile IDP proxy app and they provide SDK to >>>>>>>>>> develop >>>>>>>>>> apps. All your suggestions are welcome. >>>>>>>>>> -- >>>>>>>>>> Gayan Gunawardana >>>>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>>>> Email: [email protected] >>>>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>>>> Blog: http://gayanj2ee.blogspot.com/ >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Gayan Gunawardana >>>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>>> Email: [email protected] >>>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>>> Blog: http://gayanj2ee.blogspot.com/ >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> *Niranjan Karunanandham* >>>>>>>> Senior Software Engineer - WSO2 Inc. >>>>>>>> WSO2 Inc.: http://www.wso2.com >>>>>>>> M: +94 777 749 661 <http:///> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Gayan Gunawardana >>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>> Email: [email protected] >>>>>>> Mobile: +94 (71) 8020933 >>>>>>> Blog: http://gayanj2ee.blogspot.com/ >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Manjula Rathnayaka >>>>>> Software Engineer >>>>>> WSO2, Inc. >>>>>> Mobile:+94 77 743 1987 >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Suresh Attanayake >>>>> Senior Software Engineer; WSO2 Inc. http://wso2.com/ >>>>> Blog : http://sureshatt.blogspot.com/ >>>>> Web : http://www.ssoarcade.com/ >>>>> Facebook : https://www.facebook.com/IdentityWorld >>>>> Twitter : https://twitter.com/sureshatt >>>>> LinkedIn : http://lk.linkedin.com/in/sureshatt >>>>> Mobile : +94755012060 >>>>> Mobile : +016166171172 >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Chan (Dulitha Wijewantha) >>>> Software Engineer - Mobile Development >>>> WSO2Mobile >>>> Lean.Enterprise.Mobileware >>>> * ~Email [email protected] <[email protected]>* >>>> * ~Mobile +94712112165 <%2B94712112165>* >>>> * ~Website dulitha.me <http://dulitha.me>* >>>> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >>>> *~SO @chan <http://stackoverflow.com/users/813471/chan>* >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Shanmugarajah (Shan)* >>> Director Architecture, Enterprise Mobility >>> WSO2, Inc.; http://wso2.com >>> Email: [email protected] >>> Mobile : +94777748260 >>> Blog: http://shanfour.blogspot.com >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] >> Mobile: +94 (71) 8020933 >> Blog: http://gayanj2ee.blogspot.com/ >> > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933 Blog: http://gayanj2ee.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
