SSO in Xamarin Cross Platform mobile app


#1

Hi,
I’m relatively new to OAuth and OKTA. I have created a Xamarin ios/android app and would like to use okta for authentication and to get user info.
Looking for some direction and/or sample code.
Thus far I haven’t had any success.
Thanks.


Pkce with asp.net core 2 web api and xamarin android app
#2

We don’t have an OOB sample for this today or documentation, but it looks like Xamarin has a generic OAuth 2.0 connector that you could use with Okta:

https://developer.xamarin.com/guides/xamarin-forms/cloud-services/authentication/oauth/


#3

Even better, Xamarin has packages that support AppAuth, which Okta supports: https://github.com/xamarin/XamarinComponents/tree/master/XPlat/OpenId

We’re working on some new samples/articles that will show you exactly how to set this up in a Xamarin app. @allen.foster I’ll reply here when we publish. :slight_smile:


#4

Nice catch! I totally missed that


#5

Thanks for the replies. I have tried the Xamarin component referenced by Nate. But I am not sure what value I should provide for the AccessTokenURL parameter.
Is that URL something I get from my OKTA developer dashboard for the iOS app I am trying to use?
thanks.
Allen


#6

I can’t find the documentation for that particular parameter.

But, I’m going to try to guess that they need the token endpoint.

If you are using the default authorization server, it should look like:

https://{{yourOktaSubdomain}}.oktapreview.com/oauth2/default/v1/token

You can always check using the /.well-known/openid-configuration endpoint

For example, when you look at mine, you see it in the token_endpoint key:
https://tom-okta.oktapreview.com/oauth2/default/.well-known/openid-configuration

Hope this helps!


#7

Hi @nate.barbettini,

Any news about samples/articles describing how to properly implement Xamarin forms app with Okta Auth?

Thanks ! :slight_smile:


#8

Hi,

I’m trying to configure Okta OAuth into a Xamarin Forms project.

I’m using the Xamarin.Auth.XamarinForms nuget package to achieve that.

Here is the main part of the OAuth code:

var auth = new OAuth2Authenticator(
            clientId: "xxxxxxx",
            scope: "openid profile offline_access",
            authorizeUrl: new Uri("https://xxxxx.oktapreview.com/oauth2/default/v1/authorize"),
            redirectUrl: new Uri("com.oktapreview.xxxxx:/callback"))
        {
            AccessTokenUrl = new Uri("https://xxxxx.oktapreview.com/oauth2/default/v1/token")
        };

I got the following error:

PKCE code challenge is required when the token endpoint authentication method is 'NONE'

If I don’t set any AccessTokenUrl the error is:

The response type is not supported by authorization server. Configured response types: [code]

I’ve also tried different scope configuration without any success.

Any idea of what is wrong in the configuration of the OAuth2Authenticator instance?

@allen.foster Did you solved your issue?

Thanks for your help.

Antoine.


Assign users to app using .NET SDK
#9

Still hoping for your help :slightly_smiling_face:
Without that, Okta could not be a solution for Xamarin.Forms users like us.
Many thanks!


#10

I’m not an expert in xamarin or mobile dev, but looking at the error, I see that you will need pass a code_challenge to the /authorize endpoint as part of PKCE.
I assume you have read this link - https://developer.okta.com/authentication-guide/implementing-authentication/auth-code-pkce

I also came across this link which might be useful - https://www.davidbritch.com/2017/08/using-pkce-with-identityserver-from_9.html


#11

@aboulinguez Do the Xamarin AppAuth components (linked earlier) not work in your case?


#12

Hi,

@vijet was right. The problem came from the generation of the “PKCE code challenge”.

This first issue is fixed and we are able to display the Okta login page into our Xamarin Forms application.

Obviously, we are now facing another problem. :smile:
We encounter the following error after submiting the login form (see the screenshot)

This problem seems to be linked to SSL certificate management with mono.

Any idea of what is the most secured way to solve this?

We probably can just ignore and bypass the error but is there a better solution?

(When all these issues will be fixed, I will try to post the complete code to share the solution)

Thanks again for your help.

Best regards,

Antoine Boulinguez.


#13

Any idea @nate.barbettini?

Thanks a lot.

Best regards,

Antoine Boulinguez.