How can we make a user logged in a Mobile App also sign in to a Web app. I have a partner's mobile app that has a link to a dashboard in our web app. When consumer click on the "dashboard" link on Mobile App, I can pass user id through a query string, but I am wondering how can I make them sign in to our Web app without going through another Login screen. I have read a bit about SSO, is that right direction I am thinking towards? I see that SSO is used for multiple Web apps, but I don't know if I can leverage that concept for Mobile App and Web App scenario. If you came across any article/post describing more on this specific behavior, please share.
Make a user login to a Web app from Mobile App
208 Views Asked by Kul At
1
There are 1 best solutions below
Related Questions in ANDROID
- Creating global Class holder
- Flutter + Dart: Editing name of a tab shows up a black screen
- android-pdf-viewer Received status code 401 from server: Unauthorized
- Sdk 34 WRITE_EXTERNAL_STORAGE not working
- ussd reader in Recket Native module
- Incorrect display of LinearGradientBrush in IOS
- The Binary Version Of its metadata is 1.8.0, expected Version is 1.6.0 build error
- I can't make TextInput to auto expand properly in Android
- Creating multiple instances of a class with different initializing values in Flutter
- How to create a lottie animation
- making android analyze with coverity sast tool
- Flutter plugin development android src not opening after opening example
- I initialize my ViewModel in the Activity with several fragments as tabs, but the fragments(tabs) return null for the updated livedata
- Node.js Server + Socket.IO + Android Mobile Applicatoin XHR Polling Error...?
- How I can use the shared preferences class?
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in SINGLE-SIGN-ON
- Generate Databricks personal access token using REST API
- Allow external users to login using custom SAML app in Google Admin
- Handling errors in MSAL Redirect - reactjs login with microsoft sso
- How would single sign-on work for my multi-tenant application?
- How can we make an environment specific Token-based authorization using Ping Token?
- Is it possible to integrate Looker Studio with websites without keeping it public, to preserve data?
- OKTA SSO Driven API Invocation
- Is there any way to login SSO using RestAssured or using any API calls?
- Is it possible to interact with SSO between Website A and Website B?
- SSO to Grafana embeded in iframe
- Secure React App and .net 6 apis with Keycloack
- Integrating one tap sign in with phone from phone email - Converting html and javascript code to React JS
- I need SSO and Maven to work together in a Tomcat 9 Eclipse project, I have check the usual suspects but I think I missed something
- Firebase Authentication SAML resource metadata file
- How to add ForceAuthn flag on AWS cognito
Related Questions in OPENID-CONNECT
- Error from Identity Provider - OIDC Scope Error
- Blazor Web App (.Net 8) with oidc loses auth when switching to client
- Call Databricks API from an ASP.NET Core web application
- OIDC Error after adding Microsoft.IdentityModel.JsonWebTokens
- Implementing IDP Initiated Flow Using OIDC
- How can I add an identity provider to an existing user in an AWS Cognito user pool using the OIDC protocol?
- How can I protect an Java Spring boot API against Azure AD B2C if I only have an id_token?
- Migrating .gitlab-ci.yml from Terraform to OpenTofu with OIDC Setup
- Cookie not being set when using Blazor server App with individual authentication hooked up with Duende IdentityServer
- Blazor Web Assembly Standalone OIDC
- Azure AD OIDC authentication for S3 upload
- OIDC - Dummy Redirect URL a security issue?
- OPEN ID connect request to refresh access token
- Prevent deeplinking on redirect
- Google OIDC: How to get the member_key of an external SSO user?
Related Questions in PKCE
- How to connect Spotify PKCE Authorization Boilerplate to Login-Button in React
- OIDC - Dummy Redirect URL a security issue?
- Enable PKCE in swagger inside backstage.io
- Is PKCE flow with facade secure?
- How to use a plain vanilla get/post method to obtain a authentication token in postman?
- How bad is it to broadcast the access token in a SPA PKCE flow?
- How to handle session management in FastAPI with Okta OIDC & PKCE
- Authorisation code Flow with PKCE using Jmeter
- Electron + MSAL OAuth 2.0 redirection issue due to form-action during authentication
- Laravel Socialite Twitter: Missing required parameter [code_verifier]
- spring boot (Resource server) and keycloak (Authorization server) and angular client app question for access token when i authenticate
- Application Python for OIDC connexion
- Why Both PKCE and Client-Secret
- Application not redirecting to authorisation page
- Spotify API: Problem setting Authorization Code with PKCE Flow
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
To achieve SSO there are prerequisites on how login is implemented. The 2 factors are
identity provider session cookiesandcookie jars.LOGIN FLOWS
The general login flow is App to Authorization Server (AS) to Identity Provider (IDP). To enable SSO, users must login via the same IDP, though they can use a different AS.
ANDROID
Typically an Android app implements login using a Chrome Custom Tab. Whereas a web app is invoked in the Chrome browser. These share the same cookies.
IOS
Typically an iOS app implements login using an ASWebAuthenticationSession window. Whereas a web app is invoked in the Safari browser. These do not share the same cookies.
ADVANCED OPTIONS
An advanced option is for the source mobile application to issue a nonce at the target application's AS, then pass the nonce to the web app. My previous answer has some details on that.