Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mobile Authentication for iOS Applications - Stormpath 101

644 views

Published on

Want to build user authentication into your iOS apps quickly and securely?

In this presentation, iOS Developer Evangelist Edward Jiang will go over OAuth, best practices, and how to easily integrating Facebook, Google, and email logins into your app using Stormpath's iOS SDK!

Topics Covered:
- Stormpath Customer Identity Management
- What does authentication mean?
- Common methods of mobile authentication
- OAuth Token Authentication
- Building Login & Registration with Stormpath
- Making authenticated network requests
- Add Facebook / Google login with one line of code
- Technical Q&A

Published in: Software
  • Be the first to comment

  • Be the first to like this

Mobile Authentication for iOS Applications - Stormpath 101

  1. 1. Mobile Authentication for iOS Applications
  2. 2. Welcome! • Agenda • Stormpath 101 (5 mins) • Get Started with iOS (25 mins) • Q&A (30 mins) • Kaitlyn Barnard Marketing • Edward Jiang iOS Developer Evangelist
  3. 3. Speed to Market & Cost Reduction • Complete Identity solution out-of-the-box • Security best practices and updates by default • Clean & elegant API/SDKs • Little to code, no maintenance
  4. 4. Stormpath User Management User Data User Workflows Google ID Your Applications Application SDK Application SDK Application SDK ID Integrations Facebook Active Directory SAML
  5. 5. Let’s talk about Authentication
  6. 6. Authentication Proving You Are Who You Say You Are
  7. 7. Common Methods of Authentication
  8. 8. Basic Authentication
  9. 9. Basic Authentication GET /resource HTTP/1.1 Authorization: Basic 3CjvTdI30yoMS1xr3byzuz 3CjvTdI30yoMS1xr3byzuz = Base64(“username:password”)
  10. 10. Session Authentication Username Password SessionID edjiang TxGA2UwvQ9qFTyzK 4zyCMdpxbtPXWgC8 demouser 5uGGNsn253UZRpbU kRqVCcqmwgEhkaH9
  11. 11. Server-Based Authentication • Easy to use and implement • Auth details are sent on every request • Auth details do not expire • Hard to scale, as verifying a request needs access to central database
  12. 12. OAuth 2 Token Authentication
  13. 13. OAuth 2 Token Authentication POST /oauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type=password& username=username& password=password { "access_token": “eyJqdGkiOiI2UUxkc0xKeFlIZnU4M2…”, "refresh_token": “eyJqdGkiOiI2UUxkc0h6c2RoTXZWRV…”, "token_type": "Bearer", "expires_in": 3600 }
  14. 14. OAuth 2 Token Authentication GET /me HTTP/1.1 Authorization: Bearer eyJqdGkiOiI2UUxkc0xKeI… { "email": "edward@stormpath.com", "givenName": "Edward", "surname": "Jiang", "fullName": "Edward Jiang”, }
  15. 15. What is this token? eyJqdGkiOiI2UUxkc0xKeFa…
  16. 16. Header eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CJ9. { "typ": "JWT", "alg": "HS256" } It’s a JSON Web Token! Body eyJpc3MiOiJodHRwczovL2V4YW1wbGU uY29tIiwic3ViIjoidXNlcm5hbWUiLCJuYm YiOjE0NjIzMDcyNTgsImV4cCI6MTQ2Mj MxMDg1OCwiaWF0IjoxNDYyMzA3MjU4 fQ. Signature XcRsBv9qQUgmZwXmEyb1sa1M2GvIepy5r DKR5WmEpn0 HS256(header + “.” + body, signingKey) { "iss": "https://example.com", "sub": "username", "nbf": 1462307258, "exp": 1462310858, "iat": 1462307258 }
  17. 17. Token Authentication • More Secure o Auth details are sent on every request, BUT! o Auth token expires • Easy to scale, as servers can verify a token with the signing key • Extensible o Scale across multiple backend services o Can embed information in the JSON
  18. 18. LET’S LOOK AT SOME CODE!
  19. 19. iOS Resources • Stormpath Launches Mobile Support https://stormpath.com/blog/stormpath-mobile-support-ios-android/ • Tutorial: Build an iOS Application with Stormpath https://stormpath.com/blog/build-note-taking-app-swift-ios • Stormpath iOS SDK https://github.com/stormpath/stormpath-sdk-ios • iOS Example Application https://github.com/stormpath/stormpath-ios-notes-example
  20. 20. QUESTIONS?
  21. 21. THANK YOU

×