Post on 27-Oct-2018
transcript
Authentication for iOS Apps Made Easy
Suganya Baskaran
Agenda
• Introduction
- Goals for API
- Authentication Manager
• Authenticating a User
- Authentication Challenges
- Demo
• Caching User Crdentials
- Keychain
- Demo
Introduction
Goals for Authenticat ion API
• Less code
- Simplied process
• Central Logic
- Avoid different failure point for resources
- Do it once and in one place!
• Consistent
- Handle different security mechanisms
• Centralized
• Go-to class for all security related configuration
• Coarse-grained
• Singleton
• AGSAuthenticationManager
• Responsible for authenticating user and caching user
credentials
Authenticat ion Manager
SECTION 1
Authenticating a User
Server or
PortalAuthentication
Manager
Challenge
Authenticat ion Process
Types of Challenges
• Username Password
• Client Certificate
• OAuth
• Untrusted Host
Challenge Actions
• Provide a credential
• Cancel
• Trust Host (for “Untrusted Host” type challenge)
• Handling a challenge
- Default
- Custom
- Hybrid
Authenticat ion Challenge
Handl ing Chal lenges: 1 . DEFAULT HANDLER
Auth Manager Presents UI Credentials Obtained from User Resource Loaded
Token/IWA OAuth PKI
NO Extra
Code!
Handl ing Chal lenges: 2 . CUSTOM HANDLER
Time
Implements didReceiveAuthChallenge
delegete method
Checks Challenge Type
Creates Custom UI
Presents UI to user & obtains
credential
Sets Credential on Challenge
Developer
Creates Challenge object & fires
delegate method
Loads Resource
Authentication Manager Adopt
<AGSAuthenticationManagerDelegate>
Handl ing Chal lenges: 3 . HYBRID HANDLER
• Custom Hander – for some
• Fall back to default handler – for the rest
- Eg. OAuth Challenges
DEMO
Authentication Challenges
OAuth Chal lenges
OAi
OAuth Configurations
Portal URL
Client ID
Redirect URI
Refresh Token Interval
Portal URL
Client ID
Redirect URI
Refresh Token Interval
• Sign into ArcGIS Org or Portal using OAuth
• Client ID of the app
• Optional Redirect URI
- Safari View Controller
Set OauthConfigurations on Authentication Manager
Fall back – username password
OAuth Chal lenges
• UI handled by Auth Manager
- Oauth VC internal
- No Custom Views
• Change presentation & transition styles
- Adopt <AGSAuthenticationManagerDelegate>
- wantsToShowViewController: & wantsToDismissViewController:
OAuth
DEMO
OAuth Challenge
SECTION 2
Caching User Credentials
Credent ia l Cache
• In memory cache
- Enabled by default
• Global
- Reusable for objects in the same domain
• Persist credentials
- between sessions
- between apps
- between devices using iCloud keychain sharing
Save credent ia l – Stay Logged in
• Between sessions (Identifier)
- Saves new credential to keychaiin
- Fetches existing credential to cache
- Updates to cache sync’ed to keychain
• Between apps (accessGroup)
- Apps must share the same accessGroup
• Between devices (acrossDevices)
- iCloud Keyshaing Sharing must be enabled in all devices
Credential
Cache
Device
Keychain
Remove Credent ia l – Logging out
Remove credentials from Cache
Credential
Cache
Device
Keychain
DEMO
Caching User Credentials
Remember Me
Authenticat ion in a nutshel l . .
Username Password
Client Certificate
OAuth
Challenge Types
Default
Custom
Hybrid
Challenge Handling Continue with credential
Continue with default
handler
Cancel
Challenge Actions
Resources can opt out of Authentication Manager!
Summary
Caching in a nutshel l
In Memory
Between sessions
Between apps
Between devices
Persist Credentials
Credentials from Cache
Remove
Summary
THANK YOU
Please Take Our Survey!
Download the Esri Events app
and go to DevSummit
Select the session you attended
Scroll down to the
“Feedback” section
Complete Answers,
add a Comment,
and Select “Submit”