Seems like it does not work with IS 4.10 properly :(. I will try to figure out where the things going wrong.
On Fri, Mar 28, 2014 at 11:32 AM, Gayan Gunawardana <[email protected]> wrote: > Sure I will check with IS 4.1.0 > > > On Fri, Mar 28, 2014 at 10:59 AM, Prabath Siriwardena <[email protected]>wrote: > >> Great..!!! Can we also start with iOS app...? >> >> Also - can you please test this with IS 4.1.0..? >> >> Thanks & regards, >> -Prabath >> >> >> On Thu, Mar 27, 2014 at 4:31 PM, Gayan Gunawardana <[email protected]>wrote: >> >>> Hi All, >>> >>> Still code with on going development, but any body who interesting can >>> try it >>> >>> Android SDK >>> [1] https://github.com/GayanM/android-idp-sdk >>> >>> IDP Proxy mobile app >>> [2]https://github.com/GayanM/IDP-Proxy-App >>> >>> Sample Client Application >>> [3] https://github.com/GayanM/IDP-Consumer-Samples >>> >>> I will provide a readme once final review is done. >>> >>> >>> >>> >>> On Tue, Mar 11, 2014 at 12:16 PM, Shanmugarajah Sinnathamby < >>> [email protected]> wrote: >>> >>>> Hi Prabath, >>>> >>>> 1. Can't we use the implicit grant type instead of *Authorization >>>> code . * >>>> >>>> >>>> - *Authorization Code* for apps running on a web >>>> server<http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#web-server-apps> >>>> - *Implicit* for >>>> browser-based<http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#browser-based-apps> >>>> or mobile >>>> apps<http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#mobile-apps> >>>> >>>> Any reason why it can't be used. >>>> Is that because we use a proxy app and client app ? >>>> >>>> 2. Also can't we eliminate the use of web view. Rather use direct calls >>>> ? >>>> >>>> 3. Also can we have a custom grant type for mobile application , so >>>> that same level of security is achieved ? >>>> >>>> >>>> >>>> >>>> On Mon, Mar 10, 2014 at 10:39 PM, Chan <[email protected]> wrote: >>>> >>>>> IMO we don't revoke mobile app's Consumer key and Consumer secret but >>>>> revokes the Access token of a user. Next step for this integration is to >>>>> map access tokens that have been issued for devices. With this integration >>>>> EMM can revoke access of a mobile device from enterprise resources (APIs) >>>>> completely by coordinating with IS. >>>>> >>>>> Cheers~ >>>>> >>>>> >>>>> On Mon, Mar 10, 2014 at 6:10 PM, Suresh Attanayaka <[email protected]>wrote: >>>>> >>>>>> Hi Manjula, >>>>>> >>>>>> Let me answer inline, >>>>>> >>>>>> >>>>>> On Mon, Mar 10, 2014 at 4:54 PM, Manjula Rathnayake < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> How do we store client secret and access tokens in mobile >>>>>>> application? Have we encrypted the client secret? >>>>>>> >>>>>> We can let the mobile app developer to implement his own mechanism >>>>>> for this, or if we are supporting this at the SDK, we can use a password >>>>>> to >>>>>> encrypt the client secrete. >>>>>> >>>>>> In case of mobile device is lost, how do we remove the mobile >>>>>>> application subscription from OAuth server without affecting to other >>>>>>> mobile devices which uses same application? Do we generate the >>>>>>> applicationId together with a unique mobile Id? >>>>>>> >>>>>> >>>>>> User can always revoke the tokens issued for the application. We can >>>>>> let each application to have its own client-key, client-secrete as well >>>>>> using dynamic client registration. >>>>>> >>>>>> >>>>>>> Is the mobile IDP app code signed by a trusted cert? How does the >>>>>>> trust relationship works with mobile IDP and WSO2IS? >>>>>>> >>>>>> >>>>>> WSO2IS does not have to trust the proxy IDP in the mobile. IS will >>>>>> always validate client-key, client-secrete and will check user >>>>>> authentication at logins. >>>>>> >>>>>> >>>>>>> >>>>>>> thank you. >>>>>>> >>>>>>> >>>>>>> On Mon, Mar 10, 2014 at 4:37 PM, Gayan Gunawardana >>>>>>> <[email protected]>wrote: >>>>>>> >>>>>>>> Hi Nira, >>>>>>>> >>>>>>>> Reason to do that way is normally client secret does not share with >>>>>>>> any other party >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Mar 10, 2014 at 4:24 PM, Niranjan Karunanandham < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Gayan, >>>>>>>>> >>>>>>>>> Here the IDP proxy app is only used to get the authorization code >>>>>>>>> from the WSO2 IS and pass it to the SDK. After which the SDK is >>>>>>>>> communicates directly with the WSO2 IS to get the access token and >>>>>>>>> manage >>>>>>>>> the access token and refresh token. >>>>>>>>> Just a small clarification why we can't use the IDP proxy app to >>>>>>>>> do this, .i.e, let the IDP proxy app manage the access token and >>>>>>>>> refresh >>>>>>>>> token for each app. Therefore cutting off the connection between the >>>>>>>>> SDK >>>>>>>>> and the WSO2 IS. Here if the access token expires then the SDK will >>>>>>>>> call >>>>>>>>> the IDP proxy app to get the token refreshed. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Mar 10, 2014 at 3:58 PM, Gayan Gunawardana <[email protected] >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> Image attached >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Mar 10, 2014 at 3:51 PM, Gayan Gunawardana < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> >>>>>>>>>>> Problem: Implement SSO for enterprise mobile apps >>>>>>>>>>> >>>>>>>>>>> The idea is to provide SDK for mobile apps developers within the >>>>>>>>>>> organization, then they can integrate SDK inside the application and >>>>>>>>>>> implement SSO across required applications. >>>>>>>>>>> >>>>>>>>>>> Provide (SDK + Mobile IDP proxy app) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> To achieve above purpose we plan to utilize oauth 2.0 with >>>>>>>>>>> *Authorization >>>>>>>>>>> code* grant type. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Briefly Explaining message flow : >>>>>>>>>>> >>>>>>>>>>> Initially new application has to be registered in WSO2 IS under >>>>>>>>>>> Oauth management and obtain client_key, client_secret, Access Token >>>>>>>>>>> Url and >>>>>>>>>>> Authorize Url >>>>>>>>>>> >>>>>>>>>>> 1. SDK initiate the process by sending client_key, redirect_url >>>>>>>>>>> and scope to mobile IDP proxy app >>>>>>>>>>> >>>>>>>>>>> 2. IDP proxy app obtain Authorization code >>>>>>>>>>> >>>>>>>>>>> 3. SDK (in side mobile app) receive Authorization code >>>>>>>>>>> >>>>>>>>>>> 4. SDK send second request directly to WSO2 IS with >>>>>>>>>>> Authorization code, client secret and redirect_url >>>>>>>>>>> >>>>>>>>>>> 5. SDK obtain access token >>>>>>>>>>> >>>>>>>>>>> 6. Mobile app pass access token to resource server >>>>>>>>>>> >>>>>>>>>>> 7. Resource server contact IPD and validate access token >>>>>>>>>>> >>>>>>>>>>> This is much similar to Facebook approach where facebook >>>>>>>>>>> application act as mobile IDP proxy app and they provide SDK to >>>>>>>>>>> develop >>>>>>>>>>> apps. All your suggestions are welcome. >>>>>>>>>>> -- >>>>>>>>>>> Gayan Gunawardana >>>>>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>>>>> Email: [email protected] >>>>>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>>>>> Blog: http://gayanj2ee.blogspot.com/ >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Gayan Gunawardana >>>>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>>>> Email: [email protected] >>>>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>>>> Blog: http://gayanj2ee.blogspot.com/ >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Niranjan Karunanandham* >>>>>>>>> Senior Software Engineer - WSO2 Inc. >>>>>>>>> WSO2 Inc.: http://www.wso2.com >>>>>>>>> M: +94 777 749 661 <http:///> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Gayan Gunawardana >>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>> Email: [email protected] >>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>> Blog: http://gayanj2ee.blogspot.com/ >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Manjula Rathnayaka >>>>>>> Software Engineer >>>>>>> WSO2, Inc. >>>>>>> Mobile:+94 77 743 1987 >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Suresh Attanayake >>>>>> Senior Software Engineer; WSO2 Inc. http://wso2.com/ >>>>>> Blog : http://sureshatt.blogspot.com/ >>>>>> Web : http://www.ssoarcade.com/ >>>>>> Facebook : https://www.facebook.com/IdentityWorld >>>>>> Twitter : https://twitter.com/sureshatt >>>>>> LinkedIn : http://lk.linkedin.com/in/sureshatt >>>>>> Mobile : +94755012060 >>>>>> Mobile : +016166171172 >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Chan (Dulitha Wijewantha) >>>>> Software Engineer - Mobile Development >>>>> WSO2Mobile >>>>> Lean.Enterprise.Mobileware >>>>> * ~Email [email protected] <[email protected]>* >>>>> * ~Mobile +94712112165 <%2B94712112165>* >>>>> * ~Website dulitha.me <http://dulitha.me>* >>>>> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >>>>> *~SO @chan <http://stackoverflow.com/users/813471/chan>* >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Shanmugarajah (Shan)* >>>> Director Architecture, Enterprise Mobility >>>> WSO2, Inc.; http://wso2.com >>>> Email: [email protected] >>>> Mobile : +94777748260 >>>> Blog: http://shanfour.blogspot.com >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Gayan Gunawardana >>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: [email protected] >>> Mobile: +94 (71) 8020933 >>> Blog: http://gayanj2ee.blogspot.com/ >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > Blog: http://gayanj2ee.blogspot.com/ > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933 Blog: http://gayanj2ee.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
