堆栈内存溢出
  简体   繁体   English

Okta身份验证和OAuth来保护API

[英]Okta Authentication and OAuth to secure API

 原文  2016-08-01 21:20:26       android/ xamarin/ oauth-2.0/ okta/ okta-api

问题描述

I'm creating an Android application for my employee that will require the sales people to login using Okta authentication (I plan on using their authentication api). 我正在为我的员工创建一个Android应用程序,该应用程序将要求销售人员使用Okta身份验证登录(我打算使用他们的身份验证api)。 My question is on how to secure the WEB API my code will be calling from the android app. 我的问题是如何保护我的代码将从android应用程序调用的WEB API。 Should I use Okta's OAuth implementation to do this? 我应该使用Okta的OAuth实现来做到这一点吗?

What I was thinking was if I use Okta's authentication (to have them login), I can also call the OAuth API to retrieve a token and then an access token. 我当时想的是,如果我使用Okta的身份验证(让他们登录),我还可以调用OAuth API来检索令牌,然后再访问令牌。 I could then lock down the API by checking the access token I received from Okta. 然后,我可以通过检查从Okta收到的访问令牌来锁定API。

Do you think this is the best way to do this using Okta? 您认为这是使用Okta做到这一点的最佳方法吗?

Thanks! 谢谢!

1 个解决方案

解决方案1
 2  2016-08-02 16:53:03

08/18/2016 update: we now have a Xamarin code sample available at https://github.com/raphaellondner-okta/okta-oauth-xamarin-android-customtabs 2016年8月18日更新:我们现在在https://github.com/raphaellondner-okta/okta-oauth-xamarin-android-customtabs提供了Xamarin代码示例

As of 08/18/2016, you will need a slightly modified version of IdentityModel.OidcClient ( https://github.com/raphaellondner-okta/IdentityModel.OidcClient/tree/rl-pkce-secretless ) to make it work with Okta and PKCE. 从2016年8月18日开始,您将需要稍微修改版本的IdentityModel.OidcClient( https://github.com/raphaellondner-okta/IdentityModel.OidcClient/tree/rl-pkce-secretless )以使其与Okta一起使用和PKCE。 Hopefully these proposed changes will make it to the master branch soon. 希望这些提议的更改将很快进入master分支。

Original answer: I suggest you take a look at our OAuth Android sample available at https://github.com/oktadeveloper/okta-openidconnect-appauth-sample-android (we leverage AppAuth to achieve both the authentication with Okta and the authorization using OAuth and our OAuth features). 原始答案:我建议您看一下我们的OAuth Android示例, 网址https://github.com/oktadeveloper/okta-openidconnect-appauth-sample-android (我们利用AppAuth既可以使用Okta进行身份验证,也可以使用OAuth和我们的OAuth功能)。

We do not yet have a Xamarin sample available yet, but the general idea is to leverage the OAuth authorization code flow using an embedded browser to call the Okta /authorize endpoint, grab the code that's returned from Okta in the browser response url (as a fragment) and pass it on to your mobile app to exchange the code for an access token. 我们还没有Xamarin示例,但是一般的想法是使用嵌入式浏览器来利用OAuth授权代码流来调用Okta / authorize端点,在浏览器响应URL中获取从Okta返回的代码(作为片段)并将其传递给您的移动应用,以交换访问令牌的代码。

Our OAuth features are still in beta so if need access to them, please contact us at developers at okta dot com. 我们的OAuth功能仍处于测试阶段,因此,如果需要访问它们,请通过okta dot com与开发人员联系。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在SoundCloud API上使用OAuth2进行身份验证 - Authentication with oauth2 on soundcloud api Kotlin 和 AWS Lambda:如何实现像 OAUTH2 这样的安全身份验证 - Kotlin and AWS Lambda: How to implement secure authentication like OAUTH2 如何使用查询身份验证保护REST API - how to secure rest api with query authentication 带有OAuth Spring身份验证的移动Restful API - Mobile restful api with oauth spring authentication 在android中的woocommerce rest api OAuth身份验证 - woocommerce rest api OAuth authentication in android 使用Google OAuth 2.0进行API身份验证 - API authentication using Google OAuth 2.0 Android Drive API OAuth BAD_AUTHENTICATION - Android Drive API OAuth BAD_AUTHENTICATION 如何使用基本身份验证保护Android / ios应用程序的Web API - How to secure Web API for android/ios apps with basic authentication Spring Boot中的安全REST API无需登录身份验证 - Secure REST API in Spring Boot without login authentication 我如何登录到okta而不重定向到okta网站进行身份验证? - How do I login to okta without redirecting to the okta website for authentication?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM