如何直接在Auth0中登录而不重定向通用登录页面?
[英]How to login directly in Auth0 without redirect universal login page?
问题描述
I'm working on Auth0 integration, i successfully integrated Auth0 SDK in my Swift project, but i want to implement direct login from my app with out redirect into Auth0 universal login page.
我正在处理 Auth0 集成,我成功地将 Auth0 SDK 集成到我的 Swift 项目中,但我想实现从我的应用程序直接登录而不重定向到 Auth0 通用登录页面。
I studied mobile login flow here ( https://auth0.com/docs/flows/concepts/mobile-login-flow ).我在这里研究了移动登录流程( https://auth0.com/docs/flows/concepts/mobile-login-flow )。
I implemented Auth0 login in iOS Swift it's working.我在 iOS Swift 中实现了 Auth0 登录,它正在工作。 But i want direct login.但我想直接登录。
See my screens查看我的屏幕
When we click login in my app it shows pop up.当我们在我的应用程序中单击登录时,它会弹出。
Click continue it will open Auth0.com page (I don't want this page, i want direct login with out this page How?)单击继续它将打开 Auth0.com 页面(我不想要这个页面,我想直接登录没有这个页面如何?)
I don't want this page, i want direct login with out this page through mu app login page, How?.我不想要这个页面,我想通过 mu app 登录页面直接登录没有这个页面,如何?。
Is it possible?.是否可以?。
For this i followed this link https://auth0.com/docs/flows/guides/mobile-login-flow/add-login-using-mobile-login-flow and implemented code_verifier and code_challage.为此,我按照此链接https://auth0.com/docs/flows/guides/mobile-login-flow/add-login-using-mobile-login-flow并实施了code_verifier 和 code_challage。 But when i implement Authorize the User it's given html response .但是当我实现授权用户时,它会给出html 响应。
My code is:我的代码是:
func codeVerifier() {
var buffer = [UInt8](repeating: 0, count: 32)
_ = SecRandomCopyBytes(kSecRandomDefault, buffer.count, &buffer)
let verifier = Data(bytes: buffer).base64EncodedString()
.replacingOccurrences(of: "+", with: "-")
.replacingOccurrences(of: "/", with: "$_")
.replacingOccurrences(of: "=", with: "")
.trimmingCharacters(in: .whitespaces)
print("Code_Verifier : \(verifier)")
codeChallenger(verifier: verifier)
}
func codeChallenger(verifier:String) {
// Dependency: Apple Common Crypto library
// http://opensource.apple.com//source/CommonCrypto
guard let data = verifier.data(using: .utf8) else {
return
}
var buffer = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH))
data.withUnsafeBytes {
_ = CC_SHA256($0, CC_LONG(data.count), &buffer)
}
let hash = Data(bytes: buffer)
let challenge = hash.base64EncodedString()
.replacingOccurrences(of: "+", with: "-")
.replacingOccurrences(of: "/", with: "$_")
.replacingOccurrences(of: "=", with: "")
.trimmingCharacters(in: .whitespaces)
print("Code_Challenger : \(challenge)")
authorizwTheUser(code_challange: challenge)
}
func authorizwTheUser(code_challange:String) {
let url = "https://domain.auth0.com/authorize?"
var request = URLRequest(url: URL(string: url)!)
request.setValue("application/json", forHTTPHeaderField: "Content-Type")
request.httpMethod = "GET"
print("URL : \(request)")
let parameters = "response_type=token&code_challenge=\(code_challange)&code_challenge_method=S256&client_id=&redirect_uri=com.myappname.Auth0DemoSwift://domainname.auth0.com/ios/com.domainname.Auth0DemoSwift/callback&scope=openid profile&state=xyzABC123x"
request.httpBody = parameters.data(using: .utf8)
print(parameters)
let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data, error == nil else { // check for fundamental networking error
print("error=\(String(describing: error))")
return
}
if let httpStatus = response as? HTTPURLResponse, httpStatus.statusCode != 200 { // check for http errors
print("statusCode should be 200, but is \(httpStatus.statusCode)")
print("response = \(String(describing: response))")
}
// If Response is in String formate
let responseString = String(data: data, encoding: .utf8)
let dictionary = data
print("dictionary = \(dictionary)")
print("responseString = \(String(describing: responseString!))")
do {
let response = try JSONSerialization.jsonObject(with: data, options: .allowFragments) as? [String: AnyObject]
print(response!)
let res = response!["Response"]
let status = res!["status"] as! String
if status == "SUCCESS" {
} else {
}
} catch let error as NSError {
print(error)
}
}
task.resume()
}
1 个解决方案
解决方案1
2 2019-01-07 11:25:35
If you want to avoid the consent screen and redirection to auth0 hosted login page, you can use authentication API with password-realm grant type .如果您想避免同意屏幕并重定向到 auth0 托管登录页面,您可以使用带有password-realm grant type 的身份验证 API。 The disadvantages are:缺点是:
- NO SSO没有单点登录
- You need to develop your own UI您需要开发自己的 UI
- Easy to use brute force attack (Enable brute force protection in the dashboard)易于使用的蛮力攻击(在仪表板中启用蛮力保护)
As described:如描述:
The Authentication API exposes AuthN/AuthZ functionality of Auth0, as well as the supported identity protocols like OpenID Connect, OAuth 2.0, and SAML.
Sign In:登入:
Auth0.authentication()
.login(
usernameOrEmail: "support@auth0.com",
password: "secret-password",
realm: "Username-Password-Authentication",
scope: "openid"
)
.start { result in
switch result {
case .success(let credentials):
print("Obtained credentials: \(credentials)")
case .failure(let error):
print("Failed with \(error)")
}
}
Sign up:注册:
Auth0.authentication()
.createUser(
email: "support@auth0.com",
password: "secret-password",
connection: "Username-Password-Authentication",
userMetadata: ["first_name": "First",
"last_name": "Last"]
)
.start { result in
switch result {
case .success(let user):
print("User Signed up: \(user)")
case .failure(let error):
print("Failed with \(error)")
}
}
It is documented here: https://github.com/auth0/Auth0.swift#authentication-api-ios--macos--tvos它记录在这里: https : //github.com/auth0/Auth0.swift#authentication-api-ios--macos--tvos
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.