We are working on a Xamarin Forms UWP app which has a requirement, when we click on the app icon, automatically log into the app without having to enter any user details. The app should use the same credentials used to login to the Windows 10 device. Basically, sign in user without prompting them to login again, fetch access token and get data from API.
The user would use their enterprise credentials to login and are on the enterprise network
Can someone point me to the right direction on how can we achieve this?
Thanks in advance.
SSO in Xamarin Forms UWP app on Windows 10
You could use Xamarin.Essentials: Web Authenticator to auth the specific and get token the store the data in to Application.Current.Properties like the following
Application.Current.Properties ["token"] = token;
When you open the app, you need check if Application.Current.Properties ["token"] contain the value, if the value is not null, you could login the app directly, if not, please get token and store it.
And if the token contains expiration time, you still need to check the if token is out of data and re-auth.
Related
I am currently working on a small project.
I use flutter for the frontend and springboot for the backend.
I want the springboot application to run locally on a raspberry pi.
Now I am wondering, if it is possible to implement a firebase (email/password) like authentication/authorization in springboot (without using firebase or any other cloud-based solutin) where you don't have to login every time you open the app.
Or you could compare it to facebook, instagram, snapchat, ... in all of these apps you stay logged in the whole time.
What possible ways are there to implement this in springboot?
I mean I could store the login credentials on the phone but I guess that wouldn't be secure or the correct way, right?
As you are approaching, there are several ways you can authenticate your end user in the mobile application.
Using email password
Using phone number verification
Using third party authentication provider ( facebook, gmail etc)
Without knowing your target end users, its hard to determine appropriate authentication mechanism.
By far as you are developing a flutter application and targeting mobile users, i assume your end users has some sim card installed in their mobile device and using the phone number and otp based solution seems frictionless for your end user.
You can use firebase admin sdk, prompt the user to type in their phone number and send otp to that phone number, then ask the end user for the correct otp. Send back the otp to firebase, firebase will give you a idToken (a token in firebase realm). Pass that idToken to the server ( spring boot rest service) and verify it from firebase. firebase will reply with user details ( basically the phone number)
Whole process involves setting up a firebase project, installing admin sdk and some tweaking in both mobile application and spring boot end.
For more info start here https://firebase.google.com/docs/admin/setup
I have a Xamarin.Forms iOS/Android app and have to authenticate the user against a Microsoft Azure B2C AD.
I have added the Microsoft.Identity.Client NuGet and using this for authentication.
Login works fine and I am able to use the returned token to call an Azure hosted service of our own.
The trouble is that when I try to logout the user it does not work as expected.
If the user logs out and immediately after kills the app, the next time the app is started the login screen is presented as expected.
To kill the app on iOS I go to app-switcher with double click home button and the swipe up.
But if the user does NOT kill the app, but instead presses my login button (triggers a call to AcquireTokenAsync()) the sign in screen is NOT presented by Microsoft.Identity.Client but instead a valid token is immediately returned and the app is able to use this token for service calls, i.e. it is a valid token.
Next time the app is launched the token is no longer there and the login screen appear.
The strange this is that when I run the sample from GitHub/active-directory-b2c-xamarin-native I see the same behaviour. So I suspect it is a bug in the MSAL component from Microsoft.
According to the sample logout should simply be done with calling
PublicClientApplication.UserTokenCache.Clear(PublicClientApplication.ClientId);
I have also tried with adding
foreach (var user in PublicClientApplication.Users)
{
user.SignOut();
}
without any change.
Any suggestions?
Just add following line in Droid Project:
CookieManager.Instance.RemoveAllCookie();
in iOS,
foreach (var cookie in NSHttpCookieStorage.SharedStorage.Cookies)
{
NSHttpCookieStorage.SharedStorage.DeleteCookie (cookie);
}
and for more details visit this link https://developer.xamarin.com/guides/xamarin-forms/cloud-services/authentication/azure/
This is happening because the service does not support certain features that would result in a user sign out. This is still a work in progress.
We are developing multiple apps for our client which all can be used using same credentials(credentials of there company portal).
So we want to implement something like single sign on, such that user need not to login each app.
I have already gone through these links
http://msdn.microsoft.com/en-us/library/live/hh826544.aspx
http://stackoverflow.com/questions/5598411/single-sign-on-choices-to-use-with-windows-phone-7
Here is what i need exactly:
step 1.) When user login to one app(say App1), the portal will return a token, ineed to store this token somewhere, such that only authorized apps can access this.
Step 2.) when any other app(of same group) launches it will check on the location for the token and if token exists, it will not demand for credentials.
Step.3) When user logs out from any app, it will remove the token from shared location.
We have already implemented this in IOS using keychain(possibly wrong term as i am not ios developer).This keychain provides a common space for the apps signed with same certificate.
As per my knowledge uptill windows phone 7.5 there is no possibility. Does windows Phone 8 has something for this.
If not i am open to any kind of suggestions to serve the purpose.
P.S. : Security is our major concern, So when you suggest please let us know you think there could be any security concers though hack or phone loss.
Thanks a lot..
I hope to be corrected but this won't work. Apps are isolated and can't share things like data packets and such.
i am not a windows app guy.
but a trick can work.
caution:
following can raise security concerns if API token expiration time limit is not properly considered.
use firesharp / any XMPP service (suitable for windows client) to send api tokens to other devices like notification message.
handle the notification in such a way that token is not displayed.
and also remember, there is no such think as log out in API authorization.
you will have to restrict access with token expiration time limit.
I am working on a Windows Phone app that utilizes the Facebook API. To do that I need the user to login and authorize my app, so that I can get an access_token. I've already done that, it works fine.
The question: how to keep using the Facebook API on the next launch of the app without having the user to log in again?
What I do: When the user logs in I save the access_token and the expiration time. Later, I can use the access_token when making API calls. This is all fine.
The problem: with offline_access not working anymore, the access tokens I get are valid for 60 days. This means that after 60 days they will stop working. Can I do something to renew those tokens without asking the user to login again?
My research:
I read the documentation, but it seems to mention only Android and iOS. While I assume it would be similar for Windows Phone, I am not able to find out what to do. The Facebook libraries for those other platforms have something like:
facebook.extendAccessTokenIfNeeded(this, null);
I was not able to find similar method for Windows Phone. While I read somewhere that this does not actually work for Android, it hints that there must be a way to do it.
I read about the new endpoint allowing renewing of access tokens, but it seems to only be able to extend short-lived tokens to long-lived. For me it is a bit unclear from the documentation here(Section 4):
https://developers.facebook.com/roadmap/offline-access-removal/
Any help is appreciated, thanks.
Follow the Offine Access Removal Guide on the link you provided. It has the API Call you can use to get a long-lived Access Token for the user - this is the replacement of offline_access.
Specifically, see Scenario 4.
In theory, Windows Mobile should fall under Exception 2 / 3. See if the Windows Mobile SDK has an option to access the access_token in a similar way to iOS and Android.
I am using Windows Azure toolkit for Windows Phone to authorize user with the help of Access Control Service. What is the supposed way to renew the session token in your app? Seems that all samples over the web ask user to sign in every 10 minutes (it's the default token expiration time. Increasing it to maximum allowed 24 hours doesn't really solve the problem - I want to sign in only once).
Is it possible to retrieve the token that remains valid until user explicitly revokes access for my app? Then I can store this token on the phone and use it to authorize service calls on user's behalf.
Currently ACS doesn’t provide a mechanism to renew tokens. The work around is to make the token live longer (increase token lifetime on the portal). But if you’re using an identity provider like Live ID, the user can choose to remember password. Then he doesn’t have to manually type password every time he tries to sign in. Your program can make this process more transparent. For example, try to connect to your service. If the service detects the token has expired, your Windows Phone application automatically opens the browser and ask the user to sign in again and get a new token. If the user chose to remember password, he will see the browser windows briefly show up, and then disappears without any action.
Best Regards,
Ming Xu.