Auth0 - Identity Management

  1. 4 years ago

    VinDo

    6 Jun 2019 User since 2018

    I am trying to build a 'login and password' capability to allow access to authorised users to an app - so that data, stored in the cloud can be downloaded into the app.

    I have considered writing a 'logon' application but would require hashing techniques and an online secure database - I have chosen instead to use Auth0 - an online identity management as a service.

    The attached app - opens the universal login interface from Auth0 in a web view - and I have successfully logged in (according to Auth0) - I haven managed to get the redirect uri to work however. I am stumbling in two parts:

    1) The application doesn't appear to run on the phone in Creoplayer (more than once) - I am not sure if this is related to 'web history, cookies, or locally held tokens? or something else. - the app does run in the simulator on Creo on the Mac (at least once!).

    2) Once authorised I can't work out how to handle the redirect uri that Auth0 issues - and open the meat of the app (loading window)
    I have tried to implement the handling of opening the main page in the app using an incoming URL - (openurl) - but either I have got this wrong or because the redirect is coming from inside the app - the openurl isn't applicable...

    My aim is to have user authentication incorporated into an iPhone app -

    I have attached my app - below!

    Any thoughts gratefully received

  2. andrea

    7 Jun 2019 Administrator User since 2016

    Hi @VinDo

    1) The WebView shows the login page just once because after a successful login the token is stored in the browser's cookies and this token is used until the expiration date (or until the cookie is deleted)

    2) You can't open a custom redirect URL in the Creo Simulator and in the CreoPlayer because both apps are only registered to receive URLs with schema "com.creolabs.creo", but your app will receive your custom URL if you build the IPA and install it on an iOS device.

    3) You can more easily use the Auth0 API with the OAuth2 authentication parameters of the HTTPClient object, please see the attached example.
    The basic points of this implementation are:
    a) Create an HTTPClient object (Auth0_v2 in the attached example) for your Auth0 Application Domain and set the authentication type to OAuth2 and set the OAuth2 parameters as described in the Auth0 site. Please note that you have to add the Redirect URL for the Creo Simulator/Player com.creolabs.creo://callback to the Allowed Callback URLs in the dashboard of your Auth0 Application to make it work in the Creo Simulator and CreoPlayer, this value will not be used in the built App.
    b) Create an HTTPRequest object (Userinfo) to obtain the info of the logged user and enable the Use Authentication parameter.
    c) Send the Userinfo request and use show the result (see the code in the DidShow event of the loading window). If a valid access token was previously obtained, the request immediately returns the user info; otherwise, it automatically opens the system browser (the mac browser for the Creo Simulator for Mac, the iOS browser on CreoPlayer and on the built App) with the Auth0 authentication page and then, when the user log-in, it automatically stores the access token, returns to the app by calling the callback URL and goes on with the Userinfo request by attaching the access token as the authorization bearer in the request's header.

  3. VinDo

    10 Jun 2019 User since 2018

    Andrea, this is really useful many thanks. I have re-worked into a deployed application - and works great. I shall build in this.
    VinDo

  4. VinDo

    16 Jun 2019 User since 2018

    Andrea, I notice you have done an Auth0 tech note many thanks.

    Is there a way of removing the access token once a user is logged in? so that the user is essentially logged out and/or force them to login again? Or does the logout endpoint do this?

    I have tried using the Auth0 logout endpoint - which appears to send (text connection responds with ok) - but doesn't appear to remove the token, or log out the user?

    Regards

    VinDo

  5. andrea

    18 Jun 2019 Administrator User since 2016
    Edited 4 years ago by andrea

    The token is stored in the keychain, you can manually delete it from the keychain (look for AFOAuthCredentialService).
    We are working to add a way to programmatically manage those tokens.

  6. andrea

    19 Jun 2019 Administrator User since 2016
    Edited 4 years ago by andrea

    @VinDo,
    a new deleteAccessToken method for the HTTPClient objects will be available in the next release, with an improved naming of the tokens in the keychain.

or Sign Up to reply!