we're trying to integrate keycloak with native app but the login/registration oauth2 flow with keycloak presents the default login page which doesn't fit our requirements about material design user screens
I see that there are few options to customise the login screen :
Customise the theme provided by keycloak or Deploy new theme to JBoss
Add a nodejs api-server to interact with mobile app and use keycloak.grantManager.obtainDirectly API but this uses grantType=password in keycloak-connect package - keycloak-connect
More information about obtainDirectly
The first option is bit tedious so we have implemented the second option, but that comes with grantType=password flow which is not recommended by oauth
I would like to know if there is any solution from keycloak to use custom login with Authorization Code
Related
Hello in my mobile application I am using the msal_mobile plugin to sign-in to an Azure AD B2C identity provider.
The problem is it asks for a login again in webview or custom tab when navigating to a website the user is already authorized to view, this is the case even if you redirect to browser but according to docs cookies are stored and SSO should work if you use ASWebAuthenticationSession or SFAuthenticationSession but it is still asking me to login.
So my questions are
is it possible to achieve SSO using webview?
is there any other way to get cookies or keep session from msal_mobile plugin & set it to system browser or browser cache
plugin : msal_mobile
I am currently trying to implement OpenID Connect using Okta as my identity provider.
The only plugin I found that was capable of handling OpenID Connect was the Flutter AppAuth Plugin .
Unfortunately I was not able to use it with a Native Webview in order to have a seamless experience for the end user or more especially to not have any navbar cf. image below:
Anyone was able to implement this flow as a native Webview ?
I don't believe you'll be able to do this in a native Webview. OAuth and OIDC are designed so the application never knows about the user's credentials - the application just receives an ID token and access token. If you tried to embed Okta (or any OAuth flow) in a native login, the application could get at the user's credentials, and possibly harvest them. Popping a browser is a more secure way of doing things.
To add to Matt's answer, AppAuth is the standard pattern here, which involves use of special InApp / system browsers:
Chrome Custom Tabs
ASWebAuthenticationSession
My blog has some details on this. I always recommend people to start with AppAuth samples. A couple of posts:
AppAuth Setup with Private URI Schemes
Advanced Sample with Claimed HTTPS Schemes
Problematic
I have a working Keycloak in production and I need my users to log into a mobile app, developed using react native using that Keycloak. Till now I was using the normal login flow through the in-app browser as AppAtuh, but now I received a request from users, to say in the app while logging in.
What I've tried
I made the Keycloak theme for the mobile login ressemble the Mobile App UI so much, that it could be just opened using react WebView as a normal screen.
On the paper, this idea works, but in real life, I cannot take advantage of the Keycloak ID cookie placed. So whenever the WebView open, a new session with cookies are generated. It's not useful.
I started calling keycloak endpoints myself from inside the mobile app. It's not an easy job, because some endpoints doesn't works because of OTP configurations that I've done.
Secondly, this Idea works for simple process like login, but does not work very well for registration or reset-password. And it's just an example. My Kecloak does have a list of Authenticators which uses phoneNumber and some cookies to login.
Specifications
I'm using Keycloak 10 (started with keycloak 6 a year ago)
The mobile app is developed using React Native and Expo. Tthe first login flow was using the library Expo AppAuth and the second, React native WebView
Have you read that? I think you should consider using Custom URI scheme for your Keycloak OpenID Connect client and use default phone browser. This might be helpful as well.
I have a NativeScript Angular android app, which i need to integrate with Okta. I was able to successfully integrate my Angular web application with Okta but (As i am not mobile app developer) finding it hard to wrap my mind on how to integrate it with mobile app.
I tried to go through the documentation available at Okta official site(https://developer.okta.com/docs/concepts/auth-overview/#choosing-an-oauth-2-0-flow) it feels like the recommendation is to implement Authorization Code with PKCE for which I would need below:
1.An embedded browser in the mobile app to show Okta login page.
2.Some sort of local server which can receive callback from Okta with auth code and integration of the auth code received in callback with application api service.
Do you think it is right line of thinking?
If yes, how shall i get a web server in mobile app and what would be its address(Would it be localhost?) to receive callback from Okta?
Is there any JavaScript library which can be easily integrated with NativeScript code to do it?
I came across https://github.com/openid/AppAuth-JS but not sure how can i integrate it.
Thanks
You can use the Okta widget and the openAuth method of InAppBrowser plugin to be able to authenticate the users and later redirect to the app again by using deep linking, you can see the example folder of that plugin: https://github.com/proyecto26/nativescript-inappbrowser#usage
We're using this plugin from React Native too and we can get the token from okta after redirect the users through deep linking, it works very well. It's required to deploy the Okta widget in an external domain and register the deep links of your apps (Android/iOS) from Okta, e.g:
${scheme}://${host}/callback (Android)
${scheme}://callback (iOS)
I am building a web app using the MEAN stack and I want to enable user sign-in with Facebook, Google, Twitter, etc. The caveat is that I also want to support accessibility and internationalization.
The Auth solutions that I've looked at usually popup a new window - which is not ideal for my app; I want the login to be part of the normal page flow.
I can write my own UI markup that does the authentication on the server side using JWT and exposed APIs (like Facebook API) but I was hoping that there is already a solution like Firebase Auth that meets my needs. Any suggestions?