Mobile Authentication for iOS Applications - Stormpath 101
•
1 like•888 views
Want to build user authentication into your iOS apps quickly and securely? In this presentation, iOS Developer Evangelist Edward Jiang will go over OAuth, best practices, and how to easily integrating Facebook, Google, and email logins into your app using Stormpath's iOS SDK! Topics Covered: - Stormpath Customer Identity Management - What does authentication mean? - Common methods of mobile authentication - OAuth Token Authentication - Building Login & Registration with Stormpath - Making authenticated network requests - Add Facebook / Google login with one line of code - Technical Q&A
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (16)
Similar to Mobile Authentication for iOS Applications - Stormpath 101
Similar to Mobile Authentication for iOS Applications - Stormpath 101 (20)
Recently uploaded
Recently uploaded (20)
Mobile Authentication for iOS Applications - Stormpath 101
- 2. Welcome! • Agenda • Stormpath 101 (5 mins) • Get Started with iOS (25 mins) • Q&A (30 mins) • Kaitlyn Barnard Marketing • Edward Jiang iOS Developer Evangelist
- 3. Speed to Market & Cost Reduction • Complete Identity solution out-of-the-box • Security best practices and updates by default • Clean & elegant API/SDKs • Little to code, no maintenance
- 4. Stormpath User Management User Data User Workflows Google ID Your Applications Application SDK Application SDK Application SDK ID Integrations Facebook Active Directory SAML
- 7. Authentication Proving You Are Who You Say You Are
- 10. Basic Authentication GET /resource HTTP/1.1 Authorization: Basic 3CjvTdI30yoMS1xr3byzuz 3CjvTdI30yoMS1xr3byzuz = Base64(“username:password”)
- 11. Session Authentication Username Password SessionID edjiang TxGA2UwvQ9qFTyzK 4zyCMdpxbtPXWgC8 demouser 5uGGNsn253UZRpbU kRqVCcqmwgEhkaH9
- 12. Server-Based Authentication • Easy to use and implement • Auth details are sent on every request • Auth details do not expire • Hard to scale, as verifying a request needs access to central database
- 14. OAuth 2 Token Authentication POST /oauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type=password& username=username& password=password { "access_token": “eyJqdGkiOiI2UUxkc0xKeFlIZnU4M2…”, "refresh_token": “eyJqdGkiOiI2UUxkc0h6c2RoTXZWRV…”, "token_type": "Bearer", "expires_in": 3600 }
- 15. OAuth 2 Token Authentication GET /me HTTP/1.1 Authorization: Bearer eyJqdGkiOiI2UUxkc0xKeI… { "email": "edward@stormpath.com", "givenName": "Edward", "surname": "Jiang", "fullName": "Edward Jiang”, }
- 16. What is this token? eyJqdGkiOiI2UUxkc0xKeFa…
- 17. Header eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CJ9. { "typ": "JWT", "alg": "HS256" } It’s a JSON Web Token! Body eyJpc3MiOiJodHRwczovL2V4YW1wbGU uY29tIiwic3ViIjoidXNlcm5hbWUiLCJuYm YiOjE0NjIzMDcyNTgsImV4cCI6MTQ2Mj MxMDg1OCwiaWF0IjoxNDYyMzA3MjU4 fQ. Signature XcRsBv9qQUgmZwXmEyb1sa1M2GvIepy5r DKR5WmEpn0 HS256(header + “.” + body, signingKey) { "iss": "https://example.com", "sub": "username", "nbf": 1462307258, "exp": 1462310858, "iat": 1462307258 }
- 18. Token Authentication • More Secure o Auth details are sent on every request, BUT! o Auth token expires • Easy to scale, as servers can verify a token with the signing key • Extensible o Scale across multiple backend services o Can embed information in the JSON
- 19. LET’S LOOK AT SOME CODE!
- 20. iOS Resources • Stormpath Launches Mobile Support https://stormpath.com/blog/stormpath-mobile-support-ios-android/ • Tutorial: Build an iOS Application with Stormpath https://stormpath.com/blog/build-note-taking-app-swift-ios • Stormpath iOS SDK https://github.com/stormpath/stormpath-sdk-ios • iOS Example Application https://github.com/stormpath/stormpath-ios-notes-example
- 21. QUESTIONS?
- 22. THANK YOU