Analysis of existing OpenID Connect applications and libraries in iOS to be used as a basis for the implementation of the federation functionality described in https://github.com/OpenIDC/fedoidc/blob/master/draft/oidcfed.hf.txt.
AppAuth for iOS and macOS (from Google)
URL: https://openid.github.io/AppAuth-iOS/
External references: https://connect2id.com/blog/openid-ios-client-library
AppAuth for iOS and macOS is a client SDK for communicating with OAuth 2.0 and OpenID Connect providers. It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language. In addition to mapping the raw protocol flows, convenience methods are available to assist with common tasks like performing an action with fresh tokens.
It follows the best practices set out in OAuth 2.0 for Native Apps including using SFSafariViewController on iOS for the auth request. For this reason, UIWebView is explicitly not supported due to usability and security reasons.
It also supports the PKCE extension to OAuth which was created to secure authorization codes in public clients when custom URI scheme redirects are used.
AeroGear iOS
URL: https://aerogear.org/ios/
The library features are ranging from networking, authorization (and in particular OAuth2) , Storage and Crypto. We believe the iOS platform offers a solid and extremely powerful foundation, but there are cases in which developer productivity can be improved by offering a much easier access to that foundation. Please use the corresponding links below for more information of the features provided by each respective library.
HTTP Module
aerogear-ios-http is a thin layer to take care of your http requests working with NSURLSession. Taking care of:
Json serializer
Multipart upload
HTTP Basic/Digest authentication support
Pluggable object serialization
background processing support
OAuth2 Module
aerogear-ios-oauth2 is an OAuth2 Client based on aerogear-ios-http. Taking care of:
account manager for multiple OAuth2 accounts,
request access and refresh token,
grant access through secure external browser and URI schema to re-enter app,
(implicit or explicit) refresh tokens,
revoke tokens,
permanent secure storage,
adaptable to OAuth2 specific providers. Existing extensions: Google, Facebook, Keycloak etc…
openID Connect login
JSON Serialization Module
aerogear-ios-jsonsz serializes ‘Swift’ objects back-forth from their JSON representation the ‘easy way’.
Useful resources and tools
- Mobile Application SSO Developers Guide
"... now a third option available in the major mobile operating systems. Both Apple (iOS9+ - SFSafariViewController) and Google (Chrome 45+ - Chrome Custom Tabs) have added a web controller that provides all the benefits of the native system browser in a control that can be placed within an application. This user experience benefits by providing access to shared cookies across instances and keeping the user inside the application, and security and privacy concerns are mitigated as the application doesn’t have access to the data provided in the browser component. All this in a simple interface for developers to implement."
https://developer.pingidentity.com/en/resources/napps-native-app-sso.html
OpenID Connect Federation 1.0
https://github.com/OpenIDC/fedoidc/blob/master/draft/oidcfed.hf.txt.Roland's test demo
https://agaton-sax.com:8080/JWT online library (JWT.IO allows you to decode, verify and generate JWT)
jwt.io.
SWIFT Resources
SWIFT Tour: "The Swift Programming Language (Swift 4)"
https://developer.apple.com/library/content/documentation/Swift/Conceptual/Swift_Programming_Language/GuidedTour.html#//apple_ref/doc/uid/TP40014097-CH2-ID1SWIFT (apple developer website)
https://developer.apple.com/documentation/swiftWorking with JSON in Swift
https://developer.apple.com/swift/blog/?id=37