Hi Nira, Reason to do that way is normally client secret does not share with any other party
On Mon, Mar 10, 2014 at 4:24 PM, Niranjan Karunanandham <niran...@wso2.com>wrote: > Hi Gayan, > > Here the IDP proxy app is only used to get the authorization code from the > WSO2 IS and pass it to the SDK. After which the SDK is communicates > directly with the WSO2 IS to get the access token and manage the access > token and refresh token. > Just a small clarification why we can't use the IDP proxy app to do this, > .i.e, let the IDP proxy app manage the access token and refresh token for > each app. Therefore cutting off the connection between the SDK and the WSO2 > IS. Here if the access token expires then the SDK will call the IDP proxy > app to get the token refreshed. > > > > > On Mon, Mar 10, 2014 at 3:58 PM, Gayan Gunawardana <ga...@wso2.com> wrote: > >> Image attached >> >> >> On Mon, Mar 10, 2014 at 3:51 PM, Gayan Gunawardana <ga...@wso2.com>wrote: >> >>> Hi All, >>> >>> Problem: Implement SSO for enterprise mobile apps >>> >>> The idea is to provide SDK for mobile apps developers within the >>> organization, then they can integrate SDK inside the application and >>> implement SSO across required applications. >>> >>> Provide (SDK + Mobile IDP proxy app) >>> >>> >>> To achieve above purpose we plan to utilize oauth 2.0 with *Authorization >>> code* grant type. >>> >>> >>> >>> Briefly Explaining message flow : >>> >>> Initially new application has to be registered in WSO2 IS under Oauth >>> management and obtain client_key, client_secret, Access Token Url and >>> Authorize Url >>> >>> 1. SDK initiate the process by sending client_key, redirect_url and >>> scope to mobile IDP proxy app >>> >>> 2. IDP proxy app obtain Authorization code >>> >>> 3. SDK (in side mobile app) receive Authorization code >>> >>> 4. SDK send second request directly to WSO2 IS with Authorization code, >>> client secret and redirect_url >>> >>> 5. SDK obtain access token >>> >>> 6. Mobile app pass access token to resource server >>> >>> 7. Resource server contact IPD and validate access token >>> >>> This is much similar to Facebook approach where facebook application >>> act as mobile IDP proxy app and they provide SDK to develop apps. All >>> your suggestions are welcome. >>> -- >>> Gayan Gunawardana >>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: ga...@wso2.com >>> Mobile: +94 (71) 8020933 >>> Blog: http://gayanj2ee.blogspot.com/ >>> >> >> >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: ga...@wso2.com >> Mobile: +94 (71) 8020933 >> Blog: http://gayanj2ee.blogspot.com/ >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > *Niranjan Karunanandham* > Senior Software Engineer - WSO2 Inc. > WSO2 Inc.: http://www.wso2.com > M: +94 777 749 661 <http:///> > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: ga...@wso2.com Mobile: +94 (71) 8020933 Blog: http://gayanj2ee.blogspot.com/
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture