Is the Web-based OIDC flow from the Mobile SDK enough for SSO and PKCE?

rulo · May 22, 2024, 4:23pm

I’m trying to implement SSO with PKCE on mobile.
Since it is the first time I work with Okta for mobile, I started with this article about the new available mobile SDKs.

I’m using WebAuthenticationUI for web-based OIDC authentication, that it is based on AuthorizationCodeFlow, which seems to works fine for SignIn, SignOut.
But then in the Swift Github examples I find that in the WebSignIn (iOS) application after getting the token it is saved in the keychain:
try Keychain.saveDeviceSSO(token)
And then in another example SingleSignOn (iOS) it is retrieved to use TokenExchangeFlow.

In summary, I’d like to know what is the correct path, steps to implement SSO with PKCE on mobile, is it enough to use only the WebAuthenticationUI library or is it necessary to add the TokenExchangeFlow code too?

daniel.sanders · May 24, 2024, 1:44pm

Hello @rulo,

I’d recommend looking over our Samples for the Swift SDK as a starting point and comparing the library imports there to what you are attempting to do: https://github.com/okta/okta-mobile-swift/tree/master/Samples - we do have several options, but if none of these fit you can choose one that’s close to what you need, such as Classic Native Auth, and match the library imports that way to confirm that you get all of the ones you need.

system · May 28, 2024, 8:19am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.