Erik Jan de Wit edewit

OAuth2 for native apps

Do you want to build a cool iOS/Android app to share your photos on Twitter, Facebook or Google+? If so, you will need to authenticate through OAuth2. Instead of using their own authentication schemes, most providers choose to implement OAuth2, the latest revision of the OAuth protocol. It gives users a secure way to talk to their services, but more importantly, allows users to safely authorise access to their data from third-party services without giving them their credentials.

If you think security topic is hard to tackle, join me in this live coding session. We'll delve deep into OAuth2 protocol and see the challenges to overcome from a native app perspective: embedded web view vs external browser, URL schema for callback, local storage for tokens, refresh access tokens transparently...

After this session, OAuth2 will have no secret to you!

###Jboss developer studio

In order to have something to build an mobile client application for let's first create a backend. To do this fast we'll use forge, forge is continues wizard that takes your input and generates code from that. To begin start JBoss Developer Studio and select 'Window' -> 'Open view' from the menu, then select 'Other' type forge in the search and you'll see a 'Froge Console'. In the 'Forge Console' that has just opened type the following:

project-new --named demo
jpa-new-entity --named Contact
jpa-new-field --named name
jpa-new-field --named age --type int
rest-generate-endpoints-from-entities --targets org.demo.model.Contact

url: http://localhost:8080/auth/realms/saml-demo/protocol/saml?SAMLRequest=jVJdT8IwFP0rS99L9wHCGkaCECMJ6gLogy%2BmbHfSpGtnb4fy7x2bRHwQfWtuz7n3nHPvGEWpKj6t3U6v4K0GdN5HqTTy9iMhtdXcCJTItSgBucv4enq35GHP55U1zmRGkY5yGSwQwTppNPGmp%2BfMaKxLsGuwe5nB42qZkJ1zFWdMmUyonUHHR%2F7IZ1BWyhwAGPHmjUapxZH%2FG1o0dpgFoUpkRx80h9Kwk9y2RLwbYzNojSekEAqBeIt5Qhbzl2EeFIUQWxoXeUT7IipoHAcBjYPM3%2FbzUTgE0YAxbTzJPXzTEWtYaHRCu4SEfjCg%2FoiGVxs%2F5lHE%2Fag3iMJn4qVfQq6lzqV%2BvZzbtgMhv91sUpo%2BrDfEewKLrf0GQCbjox%2FeDrdny%2FvvOiZ%2FJD5mZ%2F27YRW%2Fbxou5qlRMjt4U6XM%2B6zJ2zVZOFtDG24p3GUJx4rMadFCubNCowTtCJt0I3%2Be5eQT

gzip inflate and base64 decode:

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="http://localhost:8080/employee/" Destination="http://localhost:8080/auth/realms/saml-demo/protocol/saml" ForceAuthn="false" ID="ID_7d1ffaab-9fd3-4a3f-9911-91c0b4d827ea" IsPassive="false" IssueInstant="2015-08-26T09:33

	13:29:30,431 INFO [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (MSC service thread 1-4) Initializing database schema
	13:29:30,496 ERROR [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (MSC service thread 1-4) Change Set META-INF/jpa-changelog-1.0.0.Final.xml::1.0.0.Final::[email protected] failed. Error: Error executing SQL ALTER TABLE PUBLIC.REALM_SOCIAL_CONFIG ADD CONSTRAINT CONSTRAINT_1 PRIMARY KEY (REALM_ID, NAME): Constraint "CONSTRAINT_1" already exists; SQL statement:
	ALTER TABLE PUBLIC.REALM_SOCIAL_CONFIG ADD CONSTRAINT CONSTRAINT_1 PRIMARY KEY (REALM_ID, NAME) [90045-173]: liquibase.exception.DatabaseException: Error executing SQL ALTER TABLE PUBLIC.REALM_SOCIAL_CONFIG ADD CONSTRAINT CONSTRAINT_1 PRIMARY KEY (REALM_ID, NAME): Constraint "CONSTRAINT_1" already exists; SQL statement:
	ALTER TABLE PUBLIC.REALM_SOCIAL_CONFIG ADD CONSTRAINT CONSTRAINT_1 PRIMARY KEY (REALM_ID, NAME) [90045-173]
	at liquibase.executor.jvm.JdbcExecutor.ex

	{
	"status":"ok",
	"summary":null,
	"details":[
	{
	"description":null,
	"test_status":"ok",
	"result":"database status is ok",
	"runtime":31
	},

	// e.Arguments = "/MainPage.xaml?message=bla&test=super"

	var page = e.Arguments.Substring(1, e.Arguments.IndexOf('.') - 1);
	var data = UrlQueryParser.ParseQueryString(e.Arguments);
	var type = typeof(App); //known type

	// NameSpace.Class,Assembly
	rootFrame.Navigate(Type.GetType(type.Namespace + "." + page + "," + type.Namespace), data);

	using Windows.Foundation.Metadata;

	// you used to have
	#if WINDOWS_PHONE_APP
	// something for hardware buttons
	#endif

	// now you can use Metadata to make it a runtime check
	if (ApiInformation.IsTypePresent("Windows.Phone.UI.Input.HardwareButtons"))
	{

	# Clone an existing Feedhenry forms app
	git clone <Feedhenry forms app>

	APP_NAME=forms
	# Create a new cordova project using the HTML, CSS and JavaScript of the forms app
	cordova create $APP_NAME --copy-from <Feedhenry forms app>/www
	cd $APP_NAME
	cordova platform add windows

	# Install the jscompat to be able to have dynamic content

	<HTML>
	<HEAD>
	<TITLE>HTTP Post Binding (Request)</TITLE>
	</HEAD>
	<BODY Onload="document.forms[0].submit()">
	<FORM METHOD="POST" ACTION="http://localhost:8080/auth/realms/saml-demo/protocol/saml">
	<INPUT TYPE="HIDDEN" NAME="SAMLRequest" VALUE="PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC8iIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvc2FtbC1kZW1vL3Byb3RvY29sL3NhbWwiIEZvcmNlQXV0aG49ImZhbHNlIiBJRD0iSURfYTZlMWVhOGMtN2IzYy00YTg3LTk1MmUtNzhkOWNjOTk3MWNjIiBJc1Bhc3NpdmU9ImZhbHNlIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMDgtMjZUMDg6NTI6NDkuODAyWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC88L3NhbWw6SXNzdWVyPjxzYW1sc

	{
	"561e136ca34ed92c23000001": {
	"data": {
	"name": "one ran tan",
	"created": "2015-10-14T10:33:47.9814184+02:00"
	},
	"hashvalue": "Q2j+IzlusVC84z6j1zwDdX8aAOI=",
	"uid": "561e136ca34ed92c23000001"
	},
	"561e1371a34ed92c23000003": {