stackoom
  简体   繁体   中英

Auth0 Swift SDK .authentication().login returning invalid token

 原文  2018-09-10 19:06:12       ios/ swift/ auth0

Question

I recently began a new project that uses Auth0 in which I am adding an iOS app to an existing web app project. The web app uses a machine to machine Auth0 app and we have added a Auth0 native app to handle the iOS authentication.

Everything is working as expected if I use the .webauth() call. The webauth returns a valid token and through breakpoints I have followed the code to see that it goes through the PKCE process.

The issue I am wondering about is if it is possible to use the Swift SDK and .authentication().login to get a valid token so I can create a custom login page. The designers requirements are such that custom is what we need.

Currently if I just use the .authentication().login call it returns an invalid token. I can see that this flow does not follow PKCE protocol and returns a token whose header says it is signed with RS256 when in reality it is signed with HS256.

I see where I can implement a PKCE authentication through RESTful calls(and using a webview...) but I would think it would be possible with the swift SDK provided. Any hints or help would be greatly appreciated.

Using Auth0.Swift 1.2.2, Xcode 10 beta, ios 11, swift 4.

The webauth call: 

Auth0
   .webAuth()
   .connection("MY-CONNECTION)
   .audience("https://myapp.auth0.com/userinfo")
   .start { result in
        switch result {
        case .success(let credentials):
            print("credentials: \(credentials)")
        case .failure(let error):
            print(error)
         }
     }

The authentication() call: 

 Auth0
    .authentication()
    .login(
        usernameOrEmail: "me@mycompany.com",
        password: "password",
        realm: "MY-CONNECTION",
        audience: "https://myapp.auth0.com/userinfo",
        scope: "openid")
    .start { result in
        switch result {
        case .success(let credentials):
            print("Obtained credentials: \(credentials)")
        case .failure(let error):
            print("Failed with \(error)")
        }
}

Thank you,

ben

1 answers

solution1
 -1 ACCPTED  2018-09-11 14:36:57

It has been pointed out to me that creating a custom Auth0 login basically goes against the security that Auth0 is trying to provide. It takes the handling of usernames and passwords out of Auth0's hands and puts them back into being handled by the creator of the app.

So, custom logins are not supposed to be part of the design. And despite it's lack of customizability I will be implementing the .lock login flow to keep from having to use a web login in my app.

Just want to put this here in case someone else ends up in my situation.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Firebase + auth0 authentication Auth0 “Lock” for Swift Username-Password Login not working LazyImage Loading in Auth0 SDK for iOS Azure AD - Oauth2 returning Invalid Authentication Token Can't get access token in Xcode Swift Facebook login SDK Why is my Auth0 token always coming back as invalid when sent from iOS to node.js server? Handle user login with token base authentication (multiple ViewControllers) in Swift how to provide authentication token to login api by alamofire4 and swift3 auth0 login issue “We’re sorry, something went wrong when attempting to log in.” error 403 Invalid State How to login directly in Auth0 without redirect universal login page?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM