Support SSO login for native apps #22438
NilsBaumgartner1994
started this conversation in
Feature Requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Summary
Currently we are having hard times when SSO logins should be supported for native apps like react native.
The problem is, we don't want to use an "In-App-Browser" due to security concern for users. Such an "In-App-Browser" could be mocked and grab your user credentials.
Alternatively a native app would open the phone browser which then authenticates at the SSO and would finally redirect the user to the app using "Deep Link".
Here comes the problem. As the Deep Link only opens our app, the app has no access to the phone browser cookies nor will send them at requests. Even if it would send them, these cookies would be cleared when the user would clear the brower cache.
Therefore we have currently no access to the auth data when login in via SSO.
As a workaround we could create a custom endpoint which redirects to the app via Deep Link and passes as an argument a refresh token: #22427
This workaround is not very secure as:
As this workaround works for native apps it exposes some challenges and security concerns. Either I am missing here how to send the auth_data to directus within an React-Native app, Accessing the cookie from the browser or something different.
I believe we need a possibility for a SSO-Login for the SDK Client: #19723
Basic Example
No response
Motivation
Support of Directus SSO Login for Native Apps
Detailed Design
An implementation and handling of the tokens from within the SDK-JS
Requirements List
Must Have:
Should Have:
Drawbacks
Alternatives
Adoption Strategy
Unresolved Questions
How to keep security up and to pass the credentials to the app?
Beta Was this translation helpful? Give feedback.
All reactions