Integration of Identity Server with Android/iOS app

antrikshkmr · January 21, 2020, 12:17pm

How can I integrate my identity server with my Android/iOS so that after login with SSO is successful it redirects me to my app? I am trying to use WebView to show the login options. Also when the user gets redirected to the app I need the user’s credentials as well within the app. I couldn’t find any documentation related to this.

Sebastian · January 21, 2020, 12:34pm

Hi,

I guess you are talking about Squidex Identity.

The identity system is more a POC right now, therefore there is almost no documentation yet. But I think the idea has potential and does not exist in other systems yet, so I would really appreciate any help. I think the project is small enough to jump into the code relatively quick.

It uses OpenID connect. What you need to do is to create a client. A client is another application such as a mobile app or web application. You an find more information here: http://docs.identityserver.io/en/latest/reference/client.html

You need the following information:

ClientId, e.g. my-app
ClientSecret: Any SHA256 encrypted shared secret. You can use this tool for that: https://hashgenerator.de/

Then you need an OIDC client for your mobile app: Usually you need to define the client id and secret there and also the URL to squidex identity, e.g.:

This can be used I guess: https://github.com/openid/AppAuth-Android

antrikshkmr · January 23, 2020, 2:03pm

Hi Sebastian,

How can get the auth endpoint and the token end point for our squidex identity server?

Sebastian · January 23, 2020, 2:05pm

I will have a look today, but I am in a few meetings the next hours.

antrikshkmr · January 23, 2020, 2:08pm

Thanks. Is it also possible to setup a call or a meeting with you?

Sebastian · January 23, 2020, 2:24pm

Yeah, why not. Tomorrow 2pm German time?

antrikshkmr · January 23, 2020, 2:25pm

Yeah that would be great. Will a skype meeting work for you?

Sebastian · January 23, 2020, 2:27pm

Yes, my account is sebastianstehle

antrikshkmr · January 23, 2020, 2:28pm

Can I get you email address? Because we use skype for business so this username won’t work.

Sebastian · January 23, 2020, 2:29pm

mail2stehle@gmail.com

antrikshkmr · January 23, 2020, 2:30pm

Thank you. I’ll send the meeting invite shortly.

antrikshkmr · January 23, 2020, 2:42pm

@Sebastian I have sent out the invite. Hope you have received it.

Sebastian · January 24, 2020, 1:02pm

Sorry, have not received anything. Can you give me your skype, or send me a hangout meeting or so.

antrikshkmr · February 3, 2020, 5:49pm

Hey Sebastian,

I was trying to integrate our Identity Server in my Android App. I have created a client in CMS and i am using the same ClientId in my app but whenever i try to authorize it says Error: Unknown client or client not enabled.
What can be the fix for this? I am using AppAuthLibrary for the android app.

Android code snippet
public static class AuthorizeListener implements Button.OnClickListener {
@Override
public void onClick(View view) {

  AuthorizationServiceConfiguration serviceConfiguration = new AuthorizationServiceConfiguration(
      Uri.parse("http://IdentityServerURL/connect/authorize") /* auth endpoint */,
      Uri.parse("http://IdentityServerURL/connect/token") /* token endpoint */
  );

  String clientId = "s6BhdRkqt3";

  Uri redirectUri = Uri.parse("com.google.codelabs.appauth:/oauth2callback");
  AuthorizationRequest.Builder builder = new AuthorizationRequest.Builder(
      serviceConfiguration,

      clientId,
      AuthorizationRequest.RESPONSE_TYPE_CODE,
      redirectUri
  );
  builder.setScopes("profile");

builder.setResponseType(“id_token token”);
AuthorizationRequest request = builder.build();

  AuthorizationService authorizationService = new AuthorizationService(view.getContext());

  String action = "com.google.codelabs.appauth.HANDLE_AUTHORIZATION_RESPONSE";
  Intent postAuthorizationIntent = new Intent(action);
  PendingIntent pendingIntent = PendingIntent.getActivity(view.getContext(), request.hashCode(), postAuthorizationIntent, 0);

  authorizationService.performAuthorizationRequest(request, pendingIntent);

}

Sebastian · February 3, 2020, 6:17pm

Can you share the exact logs from identity server?

antrikshkmr · February 4, 2020, 12:52pm

Hi Sebastian,

Below are the logs from the Identity Server.

fail: IdentityServer4.Stores.ValidatingClientStore[0]
      Invalid client configuration for client 930857497838-gos2rg1mvcmpo3q234jdvmmkl1gq5ov8.apps.googleusercontent.com: no allowed grant type specified
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
      Unknown client or not enabled: 930857497838-gos2rg1mvcmpo3q234jdvmmkl1gq5ov8.apps.googleusercontent.com
      {
        "SubjectId": "anonymous",
        "RequestedScopes": "",
        "Raw": {
          "scope": "openid",
          "redirect_uri": "http://squidex.centralus.cloudapp.azure.com/profile",
          "state": "abc",
          "nonce": "xyz",
          "client_secret": "12345",
          "response_type": "token",
          "grant_type": "client_credentials",
          "client_id": "930857497838-gos2rg1mvcmpo3q234jdvmmkl1gq5ov8.apps.googleusercontent.com"
        }
      }
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
      Request validation failed

Sebastian · February 4, 2020, 1:17pm

Have you sent the grant type for your client to client_credentials?

antrikshkmr · February 4, 2020, 1:38pm

Yes it is sent as client_credentials. I got it working on my app. But when I register it doesn’t automatically redirect me to the app even though i have mentioned the correct redirect_uri.

Sebastian · February 4, 2020, 1:40pm

What have you done to fix it? Have you got any logs about redirect urls?

antrikshkmr · February 4, 2020, 1:42pm

I changed the grant type to implicit and attached nonce and state with the endpoint call.
There are no logs coming up. I think there is no as such error. I want to redirect the user to my app when the registration is done on the identity server which is not happening currently