The document provides an overview of mobile authentication strategies for iOS applications, covering essential topics such as Stormpath services, common authentication methods, and OAuth 2 token authentication. It emphasizes the importance of security, scalability, and provides resources for implementing authentication in iOS apps. The presentation includes a Q&A session to address further inquiries.

1. Mobile Authentication for iOS
Applications

2. Welcome!
• Agenda
• Stormpath 101 (5 mins)
• Get Started with iOS (25 mins)
• Q&A (30 mins)
• Kaitlyn Barnard
Marketing
• Edward Jiang
iOS Developer Evangelist

3. Speed to Market & Cost Reduction
• Complete Identity solution out-of-the-box
• Security best practices and updates by default
• Clean & elegant API/SDKs
• Little to code, no maintenance

4. Stormpath User Management
User Data
User
Workflows Google ID
Your Applications
Application SDK
Application SDK
Application SDK
ID Integrations
Facebook
Active
Directory
SAML

5. Let’s talk about
Authentication

7. Authentication
Proving You Are Who You Say You Are

8. Common Methods of
Authentication

9. Basic Authentication

10. Basic Authentication
GET /resource HTTP/1.1
Authorization: Basic 3CjvTdI30yoMS1xr3byzuz
3CjvTdI30yoMS1xr3byzuz =
Base64(“username:password”)

11. Session Authentication
Username Password SessionID
edjiang TxGA2UwvQ9qFTyzK 4zyCMdpxbtPXWgC8
demouser 5uGGNsn253UZRpbU kRqVCcqmwgEhkaH9

12. Server-Based Authentication
• Easy to use and implement
• Auth details are sent on every request
• Auth details do not expire
• Hard to scale, as verifying a request needs access to
central database

13. OAuth 2 Token
Authentication

14. OAuth 2 Token Authentication
POST /oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=password&
username=username&
password=password
{
"access_token": “eyJqdGkiOiI2UUxkc0xKeFlIZnU4M2…”,
"refresh_token": “eyJqdGkiOiI2UUxkc0h6c2RoTXZWRV…”,
"token_type": "Bearer",
"expires_in": 3600
}

15. OAuth 2 Token Authentication
GET /me HTTP/1.1
Authorization: Bearer eyJqdGkiOiI2UUxkc0xKeI…
{
"email": "edward@stormpath.com",
"givenName": "Edward",
"surname": "Jiang",
"fullName": "Edward Jiang”,
}

16. What is this token?
eyJqdGkiOiI2UUxkc0xKeFa…

17. Header
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV
CJ9.
{
"typ": "JWT",
"alg": "HS256"
}
It’s a JSON Web Token!
Body
eyJpc3MiOiJodHRwczovL2V4YW1wbGU
uY29tIiwic3ViIjoidXNlcm5hbWUiLCJuYm
YiOjE0NjIzMDcyNTgsImV4cCI6MTQ2Mj
MxMDg1OCwiaWF0IjoxNDYyMzA3MjU4
fQ.
Signature
XcRsBv9qQUgmZwXmEyb1sa1M2GvIepy5r
DKR5WmEpn0
HS256(header + “.” + body,
signingKey)
{
"iss":
"https://example.com",
"sub": "username",
"nbf": 1462307258,
"exp": 1462310858,
"iat": 1462307258
}

18. Token Authentication
• More Secure
o Auth details are sent on every request, BUT!
o Auth token expires
• Easy to scale, as servers can verify a token with the signing
key
• Extensible
o Scale across multiple backend services
o Can embed information in the JSON

19. LET’S LOOK AT SOME CODE!

20. iOS Resources
• Stormpath Launches Mobile Support
https://stormpath.com/blog/stormpath-mobile-support-ios-android/
• Tutorial: Build an iOS Application with Stormpath
https://stormpath.com/blog/build-note-taking-app-swift-ios
• Stormpath iOS SDK
https://github.com/stormpath/stormpath-sdk-ios
• iOS Example Application
https://github.com/stormpath/stormpath-ios-notes-example

21. QUESTIONS?

22. THANK YOU