Authentication for iOS Apps Made Easy

Suganya Baskaran

Agenda

• Introduction

- Goals for API

- Authentication Manager

• Authenticating a User

- Authentication Challenges

- Demo

• Caching User Crdentials

- Keychain

- Demo

Introduction

Goals for Authenticat ion API

• Less code

- Simplied process

• Central Logic

- Avoid different failure point for resources

- Do it once and in one place!

• Consistent

- Handle different security mechanisms

• Centralized

• Go-to class for all security related configuration

• Coarse-grained

• Singleton

• AGSAuthenticationManager

• Responsible for authenticating user and caching user

credentials

Authenticat ion Manager

SECTION 1

Authenticating a User

Server or

PortalAuthentication

Manager

Challenge

Authenticat ion Process

Types of Challenges

• Username Password

• Client Certificate

• OAuth

• Untrusted Host

Challenge Actions

• Provide a credential

• Cancel

• Trust Host (for “Untrusted Host” type challenge)

• Handling a challenge

- Default

- Custom

- Hybrid

Authenticat ion Challenge

Handl ing Chal lenges: 1 . DEFAULT HANDLER

Auth Manager Presents UI Credentials Obtained from User Resource Loaded

Token/IWA OAuth PKI

NO Extra

Code!

Handl ing Chal lenges: 2 . CUSTOM HANDLER

Time

Implements didReceiveAuthChallenge

delegete method

Checks Challenge Type

Creates Custom UI

Presents UI to user & obtains

credential

Sets Credential on Challenge

Developer

Creates Challenge object & fires

delegate method

Loads Resource

Authentication Manager Adopt

<AGSAuthenticationManagerDelegate>

Handl ing Chal lenges: 3 . HYBRID HANDLER

• Custom Hander – for some

• Fall back to default handler – for the rest

- Eg. OAuth Challenges

DEMO

Authentication Challenges

OAuth Chal lenges

OAi

OAuth Configurations

Portal URL

Client ID

Redirect URI

Refresh Token Interval

Portal URL

Client ID

Redirect URI

Refresh Token Interval

• Sign into ArcGIS Org or Portal using OAuth

• Client ID of the app

• Optional Redirect URI

- Safari View Controller

Set OauthConfigurations on Authentication Manager

Fall back – username password

OAuth Chal lenges

• UI handled by Auth Manager

- Oauth VC internal

- No Custom Views

• Change presentation & transition styles

- Adopt <AGSAuthenticationManagerDelegate>

- wantsToShowViewController: & wantsToDismissViewController:

OAuth

DEMO

OAuth Challenge

SECTION 2

Caching User Credentials

Credent ia l Cache

• In memory cache

- Enabled by default

• Global

- Reusable for objects in the same domain

• Persist credentials

- between sessions

- between apps

- between devices using iCloud keychain sharing

Save credent ia l – Stay Logged in

• Between sessions (Identifier)

- Saves new credential to keychaiin

- Fetches existing credential to cache

- Updates to cache sync’ed to keychain

• Between apps (accessGroup)

- Apps must share the same accessGroup

• Between devices (acrossDevices)

- iCloud Keyshaing Sharing must be enabled in all devices

Credential

Cache

Device

Keychain

Remove Credent ia l – Logging out

Remove credentials from Cache

Credential

Cache

Device

Keychain

DEMO

Caching User Credentials

Remember Me

Authenticat ion in a nutshel l . .

Username Password

Client Certificate

OAuth

Challenge Types

Default

Custom

Hybrid

Challenge Handling Continue with credential

Continue with default

handler

Cancel

Challenge Actions

Resources can opt out of Authentication Manager!

Summary

Caching in a nutshel l

In Memory

Between sessions

Between apps

Between devices

Persist Credentials

Credentials from Cache

Remove

Summary

THANK YOU

Please Take Our Survey!

Download the Esri Events app

and go to DevSummit

Select the session you attended

Scroll down to the

“Feedback” section

Complete Answers,

add a Comment,

and Select “Submit”