Mobile Authentication for iOS Applications - Stormpath 101
1 like896 views
The document provides an overview of mobile authentication strategies for iOS applications, covering essential topics such as Stormpath services, common authentication methods, and OAuth 2 token authentication. It emphasizes the importance of security, scalability, and provides resources for implementing authentication in iOS apps. The presentation includes a Q&A session to address further inquiries.
Mobile Authentication for iOS Applications - Stormpath 101
- 2. Welcome! • Agenda • Stormpath 101 (5 mins) • Get Started with iOS (25 mins) • Q&A (30 mins) • Kaitlyn Barnard Marketing • Edward Jiang iOS Developer Evangelist
- 3. Speed to Market & Cost Reduction • Complete Identity solution out-of-the-box • Security best practices and updates by default • Clean & elegant API/SDKs • Little to code, no maintenance
- 4. Stormpath User Management User Data User Workflows Google ID Your Applications Application SDK Application SDK Application SDK ID Integrations Facebook Active Directory SAML
- 7. Authentication Proving You Are Who You Say You Are
- 10. Basic Authentication GET /resource HTTP/1.1 Authorization: Basic 3CjvTdI30yoMS1xr3byzuz 3CjvTdI30yoMS1xr3byzuz = Base64(“username:password”)
- 11. Session Authentication Username Password SessionID edjiang TxGA2UwvQ9qFTyzK 4zyCMdpxbtPXWgC8 demouser 5uGGNsn253UZRpbU kRqVCcqmwgEhkaH9
- 12. Server-Based Authentication • Easy to use and implement • Auth details are sent on every request • Auth details do not expire • Hard to scale, as verifying a request needs access to central database
- 14. OAuth 2 Token Authentication POST /oauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type=password& username=username& password=password { "access_token": “eyJqdGkiOiI2UUxkc0xKeFlIZnU4M2…”, "refresh_token": “eyJqdGkiOiI2UUxkc0h6c2RoTXZWRV…”, "token_type": "Bearer", "expires_in": 3600 }
- 15. OAuth 2 Token Authentication GET /me HTTP/1.1 Authorization: Bearer eyJqdGkiOiI2UUxkc0xKeI… { "email": "edward@stormpath.com", "givenName": "Edward", "surname": "Jiang", "fullName": "Edward Jiang”, }
- 16. What is this token? eyJqdGkiOiI2UUxkc0xKeFa…
- 17. Header eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CJ9. { "typ": "JWT", "alg": "HS256" } It’s a JSON Web Token! Body eyJpc3MiOiJodHRwczovL2V4YW1wbGU uY29tIiwic3ViIjoidXNlcm5hbWUiLCJuYm YiOjE0NjIzMDcyNTgsImV4cCI6MTQ2Mj MxMDg1OCwiaWF0IjoxNDYyMzA3MjU4 fQ. Signature XcRsBv9qQUgmZwXmEyb1sa1M2GvIepy5r DKR5WmEpn0 HS256(header + “.” + body, signingKey) { "iss": "https://example.com", "sub": "username", "nbf": 1462307258, "exp": 1462310858, "iat": 1462307258 }
- 18. Token Authentication • More Secure o Auth details are sent on every request, BUT! o Auth token expires • Easy to scale, as servers can verify a token with the signing key • Extensible o Scale across multiple backend services o Can embed information in the JSON
- 19. LET’S LOOK AT SOME CODE!
- 20. iOS Resources • Stormpath Launches Mobile Support https://stormpath.com/blog/stormpath-mobile-support-ios-android/ • Tutorial: Build an iOS Application with Stormpath https://stormpath.com/blog/build-note-taking-app-swift-ios • Stormpath iOS SDK https://github.com/stormpath/stormpath-sdk-ios • iOS Example Application https://github.com/stormpath/stormpath-ios-notes-example
- 21. QUESTIONS?
- 22. THANK YOU