A demo mobile app using OpenID Connect, which aims for the best usability and reliability.
The app is a simple UI with some basic navigation between views, to render fictional investment resources.
Its data is returned from an OAuth-secured API that uses claims-based authorization.
The app uses user attributes from both the OpenID Connect userinfo endpoint and its API.
Open the app in Xcode and run the app on a simulator, to trigger an OpenID Connect login flow.
This triggers an OpenID Connect code flow to authenticate the user with the AppAuth pattern.
Logins run in the system browser using a AsWebAuthenticationSession
and the app cannot access the user's credentials:
You can login to the app using my AWS Cognito test account:
- User: [email protected]
- Password: GuestPassword1
The app receives the login response using a claimed HTTPS scheme redirect URI, in the most secure way.
iOS Universal Links enables the claimed HTTPS scheme redirect URI and requires a cloud hosted deep linking assets file.
Interstitial web pages ensure a user gesture after login and logout, so that responses return to the app reliably.
After login you can test all lifecycle operations, including token refresh, expiry events and logout.
- See the API Journey - Client Side for further information on the app's behaviour.
- See blog posts for further details specific to the iOS app, starting in the Code Sample Overview.
Some developers may run into the following error after login, where the deep link fails to invoke the mobile app.
Instead, the URL invoked by this JavaScript runs in the browser, resulting in a Not Found
error:
If you run into this type of problem, see the iOS Code Sample – Infrastructure blog post on ways to resolve it.
- The app's code uses Swift and its views use SwiftUI.
- AppAuth-iOS implements the code flow with PKCE.
- AWS Serverless or Kubernetes is used to host remote API endpoints that the app calls.
- AWS Cognito is the default authorization server for the app and API.
- The iOS Keychain stores tokens on the device and isolates this data from other apps.
- AWS S3 and Cloudfront serve mobile deep linking asset files and interstitial web pages.