Tuesday, September 3, 13

An iOS Authentication Architecture for All

How to stop reinventing the auth wheel

Tuesday, September 3, 13

Great Apps

Tuesday, September 3, 13

What makes an app

truly great?

Tuesday, September 3, 13

AmazingFirst Impressions

Tuesday, September 3, 13

Reliableand

Secure

Tuesday, September 3, 13

Connected

Tuesday, September 3, 13

Personal

Tuesday, September 3, 13

WHAT’S THE BIG DEAL?

Tuesday, September 3, 13

Identity has a Roleto Play

Tuesday, September 3, 13

But, There’s A ProblemTuesday, September 3, 13

It’s ComplicatedTuesday, September 3, 13

So we end up like...

Tuesday, September 3, 13

Tuesday, September 3, 13

Instead we should...

Tuesday, September 3, 13

SpendTime

Building Features

that ROCK

Tuesday, September 3, 13

The good news...

Tuesday, September 3, 13

PatternThere’s a

for That

Tuesday, September 3, 13

‘Simplicity is the ultimate sophistication.’

- Steve Jobs

Tuesday, September 3, 13

So, auth is complicated.

Tuesday, September 3, 13

Why?

Tuesday, September 3, 13

It’s not our core competency.

Tuesday, September 3, 13

Tons AND TONS of Detail.

Tuesday, September 3, 13

Never stops evolving.

Tuesday, September 3, 13

and so...

Tuesday, September 3, 13

we spend a lot of time

Tuesday, September 3, 13

and, we get frustrated.

Tuesday, September 3, 13

Not only is it complicated,

Tuesday, September 3, 13

it can lead to poor user experiences.

Tuesday, September 3, 13

like...

Tuesday, September 3, 13

The WallTuesday, September 3, 13

Account creationTuesday, September 3, 13

Error Message: Your Password Must Be at Least 18770 Characters and Cannot Repeat Any of Your Previous 30689 Passwords

PasswordsTuesday, September 3, 13

However,the big issue is...

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

So what do we need?

Tuesday, September 3, 13

Tools, APIs, & Services

Tuesday, September 3, 13

That are...

Tuesday, September 3, 13

Easy & Secure

Tuesday, September 3, 13

Simple. Accessible.

Tuesday, September 3, 13

Rely on ExpertsTuesday, September 3, 13

Is there a painkiller?

Tuesday, September 3, 13

Tuesday, September 3, 13

But first...

Tuesday, September 3, 13

Tuesday, September 3, 13

Fav MOV

Tuesday, September 3, 13

Demo

Tuesday, September 3, 13

/RCacheaux/FAVMOV

Tuesday, September 3, 13

Tuesday, September 3, 13

Ok. Let’s personalize.

Tuesday, September 3, 13

Need Username and Profile Photo

Tuesday, September 3, 13

To be or not to be custom is the question.

Tuesday, September 3, 13

Identity Provider

Tuesday, September 3, 13

Tuesday, September 3, 13

Salt & Hash Passwords

Provide Two Factor Auth

Use Modern Irreversible Hash Function

Automatic Monitors

Operate Help Desk

Tuesday, September 3, 13

Tuesday, September 3, 13

Choose WiselyTuesday, September 3, 13

Relying Party

Tuesday, September 3, 13

Ok. Enough Vocabulary

Tuesday, September 3, 13

1

2

3

4

Pick an Identity Provider

Register Client

Incorporate API

Code Against API

Using an Identity Provider

Tuesday, September 3, 13

Let’s pick an IDP...

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

Authenticationvs

Authorization

Tuesday, September 3, 13

Scoping

Tuesday, September 3, 13

Demo

Tuesday, September 3, 13

‘That’s great, but what if my users don’t have

Facebook accounts.’

Tuesday, September 3, 13

Let’s pick another IDP...

Tuesday, September 3, 13

ARCHITECTURE

Tuesday, September 3, 13

Before, let’s walk through the code.

Tuesday, September 3, 13

Demo

Tuesday, September 3, 13

Now we can hold another IDP, which one?

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

ARCHITECTURE

Tuesday, September 3, 13

Accounts Framework

Tuesday, September 3, 13

Recommended Identity Providers

Tuesday, September 3, 13

What if my identity provider does not have an iOS API?

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

So you want a serverTuesday, September 3, 13

Backend as a Service

Tuesday, September 3, 13

Tuesday, September 3, 13

Now, you need custom accounts.

Tuesday, September 3, 13

Sign In vs Sign Up

Tuesday, September 3, 13

What about custom back-ends?

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

1

2

3

Secrets & Tokens

Single Sign On

Two Factor Authentication

Tuesday, September 3, 13

1

2

3

Secrets & Tokens

Single Sign On

Two Factor Authentication

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

Get,Store, Use

Tuesday, September 3, 13

Getting Tokens

Tuesday, September 3, 13

Basic HTTP Authentication

Tuesday, September 3, 13

Tuesday, September 3, 13

The Access TokenTuesday, September 3, 13

A word about OAuth 1

Tuesday, September 3, 13

OAUTH 1Tuesday, September 3, 13

Where to Store?

Tuesday, September 3, 13

The KeychainTuesday, September 3, 13

The Operating System

Tuesday, September 3, 13

Server-side

Tuesday, September 3, 13

Browser Cookies

Tuesday, September 3, 13

The FlowsTuesday, September 3, 13

App App App App

IDP App Browser

UIWebView

OS

Tuesday, September 3, 13

How to Use Tokens

Tuesday, September 3, 13

HTTP Authentication

Tuesday, September 3, 13

1

2

3

Secrets & Tokens

Single Sign On

Two Factor Authentication

Tuesday, September 3, 13

1

2

3

Secrets & Tokens

Single Sign On

Two Factor Authentication

Tuesday, September 3, 13

Sharable Tokens

Tuesday, September 3, 13

Across Apps

Tuesday, September 3, 13

Across DevicesTuesday, September 3, 13

Across Platforms

Tuesday, September 3, 13

1

2

3

Secrets & Tokens

Single Sign On

Two Factor Authentication

Tuesday, September 3, 13

1

2

3

Secrets & Tokens

Single Sign On

Two Factor Authentication

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

The future

Tuesday, September 3, 13

biometrics

Tuesday, September 3, 13

ID

Tuesday, September 3, 13

More in accounts framework

Tuesday, September 3, 13

Less Custom Accounts

Tuesday, September 3, 13

Account Chooser

Tuesday, September 3, 13

cross Platform sign on

Tuesday, September 3, 13

WHAT’S THE BIG DEAL?

Tuesday, September 3, 13

Taking care of identity has many

benefits...

Tuesday, September 3, 13

Improve Lives

Tuesday, September 3, 13

More Usage

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

Less of this

Tuesday, September 3, 13

And More of this

Tuesday, September 3, 13

remember

Tuesday, September 3, 13

delight your users

Tuesday, September 3, 13

Resources

Tuesday, September 3, 13

Tuesday, September 3, 13

Tuesday, September 3, 13

http://www.ietf.org/rfc/rfc6749.txtOAuth 2.0 RFC

http://www.ietf.org/rfc/rfc2617.txtHTTP Authentication RFC

http://openid.net/connect/OpenID Connect

Tuesday, September 3, 13

Twitter IntegrationWWDC 2011

Integrating With Facebook, Twitter and Sina Weibo

WWDC 2012

Protecting Secrets with the KeychainWWDC 2013

Tuesday, September 3, 13

Google IO 2013

https://developers.google.com/live/shows/576883641Identity Tech Overview: Less Pain, More Gain

https://developers.google.com/live/shows/601975672

How to Offer Google+ Sign-In Alongside Other Social Sign-In Services

Tuesday, September 3, 13

http://www.parse.comParse

http://www.windowsazure.com/en-us/develop/mobile/

Windows Azure Mobile Services

Backend as a Service

Tuesday, September 3, 13

http://www.accountchooser.comAccount Chooser

https://www.tbray.org/ongoing/Tim Bray’s Ongoing Blog

Tuesday, September 3, 13

https://code.google.com/p/gtm-oauth/GTM OAuth

https://github.com/facebook/facebook-ios-sdkFacebook iOS SDK

Libraries

https://developers.google.com/+/Google+ Sign In

Tuesday, September 3, 13

/RCacheaux/FAVMOV

Tuesday, September 3, 13

René CacheauxiOS Architectrene.cacheaux@mutualmobile.com

rene.cacheaux@gmail.com@RCachATX

Tuesday, September 3, 13

Tuesday, September 3, 13