Tweet
Tweet

Slide 1

Slide 1 text

Mobile Authentication for iOS Applications

Slide 2

Slide 2 text

Welcome! • Agenda • Stormpath 101 (5 mins) • Get Started with iOS (25 mins) • Q&A (30 mins) • Kaitlyn Barnard Marketing • Edward Jiang iOS Developer Evangelist

Slide 3

Slide 3 text

Speed to Market & Cost Reduction • Complete Identity solution out-of-the-box • Security best practices and updates by default • Clean & elegant API/SDKs • Little to code, no maintenance

Slide 4

Slide 4 text

Stormpath User Management User Data User Workflows Google ID Your Applications Application SDK Application SDK Application SDK ID Integrations Facebook Active Directory SAML

Slide 5

Slide 5 text

Let’s talk about Authentication

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

Authentication Proving You Are Who You Say You Are

Slide 8

Slide 8 text

Common Methods of Authentication

Slide 9

Slide 9 text

Basic Authentication

Slide 10

Slide 10 text

Basic Authentication GET /resource HTTP/1.1 Authorization: Basic 3CjvTdI30yoMS1xr3byzuz 3CjvTdI30yoMS1xr3byzuz = Base64(“username:password”)

Slide 11

Slide 11 text

Session Authentication Username Password SessionID edjiang TxGA2UwvQ9qFTyzK 4zyCMdpxbtPXWgC8 demouser 5uGGNsn253UZRpbU kRqVCcqmwgEhkaH9

Slide 12

Slide 12 text

Server-Based Authentication • Easy to use and implement • Auth details are sent on every request • Auth details do not expire • Hard to scale, as verifying a request needs access to central database

Slide 13

Slide 13 text

OAuth 2 Token Authentication

Slide 14

Slide 14 text

OAuth 2 Token Authentication POST /oauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type=password& username=username& password=password { "access_token": “eyJqdGkiOiI2UUxkc0xKeFlIZnU4M2…”, "refresh_token": “eyJqdGkiOiI2UUxkc0h6c2RoTXZWRV…”, "token_type": "Bearer", "expires_in": 3600 }

Slide 15

Slide 15 text

OAuth 2 Token Authentication GET /me HTTP/1.1 Authorization: Bearer eyJqdGkiOiI2UUxkc0xKeI… { "email": "[email protected]", "givenName": "Edward", "surname": "Jiang", "fullName": "Edward Jiang”, }

Slide 16

Slide 16 text

What is this token? eyJqdGkiOiI2UUxkc0xKeFa…

Slide 17

Slide 17 text

Header eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CJ9. { "typ": "JWT", "alg": "HS256" } It’s a JSON Web Token! Body eyJpc3MiOiJodHRwczovL2V4YW1wbGU uY29tIiwic3ViIjoidXNlcm5hbWUiLCJuYm YiOjE0NjIzMDcyNTgsImV4cCI6MTQ2Mj MxMDg1OCwiaWF0IjoxNDYyMzA3MjU4 fQ. Signature XcRsBv9qQUgmZwXmEyb1sa1M2GvIepy5r DKR5WmEpn0 HS256(header + “.” + body, signingKey) { "iss": "https://example.com", "sub": "username", "nbf": 1462307258, "exp": 1462310858, "iat": 1462307258 }

Slide 18

Slide 18 text

Token Authentication • More Secure o Auth details are sent on every request, BUT! o Auth token expires • Easy to scale, as servers can verify a token with the signing key • Extensible o Scale across multiple backend services o Can embed information in the JSON

Slide 19

Slide 19 text

LET’S LOOK AT SOME CODE!

Slide 20

Slide 20 text

iOS Resources • Stormpath Launches Mobile Support https://stormpath.com/blog/stormpath-mobile-support-ios-android/ • Tutorial: Build an iOS Application with Stormpath https://stormpath.com/blog/build-note-taking-app-swift-ios • Stormpath iOS SDK https://github.com/stormpath/stormpath-sdk-ios • iOS Example Application https://github.com/stormpath/stormpath-ios-notes-example

Slide 21

Slide 21 text

QUESTIONS?

Slide 22

Slide 22 text

THANK YOU