Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Use openid/AppAuth-Android library with the IdentityServer4 #479

Closed
madhuteja opened this issue Nov 15, 2016 · 13 comments
Closed

Use openid/AppAuth-Android library with the IdentityServer4 #479

madhuteja opened this issue Nov 15, 2016 · 13 comments
Labels
question

Comments

@madhuteja
Copy link

I'm developing an ASP.Net MVC application and an Android app for my client. Back end service will be an ASP.Net Core API service.
And I want to use IdentityServer4 for authentication and authorization for my apps. I managed to configure the IdentityServer4 for the ASP.Net client and it's working great with the HybridAndClientCredentials grant type. My Android app is native and developed in JAVA, so I can't use "IdentityModel.OidcClient" library. So I'm looking for the openid's library AppAuth-Android , but I couldn't find any help or samples on this.
So how can I authorize my Android client with the AppAuth-Android library?
Can any one help me on this?
Any help is greatly appreciated.
@madhuteja madhuteja changed the title How to use openid/AppAuth-Android library with the IdentityServer4? Use openid/AppAuth-Android library with the IdentityServer4 Nov 15, 2016
@leastprivilege
Copy link
Member

AppAuth is not our library. It should work with IdentityServer4, but I haven't tried it myself yet.

@madhuteja
Copy link
Author

Working fine with GrantTypes.Code and required PKCE, but not working with the GrantTypes.Hybrid.
Getting "Invalid grant type for client: authorization_code" error.

@leastprivilege
Copy link
Member

OK - then they probably don't support hybrid. Thanks!

@madhuteja
Copy link
Author

That's OK. Thanks for the great framework.

@neerajyadav
Copy link

@madhuteja I'm also trying to use IS4 with an android app. Have you achieved it? It would be really helpful if you could pass the client definition you used for android app.

How are you receiving tokens at client end ? via custom Uri scheme? What is the RedirectUri you defined in client definition?

@madhuteja
Copy link
Author

@neerajyadav try this client configuration in IdSvr4

new Client { ClientId = "mobile", ClientName = "Mobile Client", AllowedGrantTypes = GrantTypes.Code, RedirectUris = { "com.yourcompany.yourapp://oidccallback" }, AllowedScopes = { StandardScopes.OpenId.Name, StandardScopes.Profile.Name, StandardScopes.OfflineAccess.Name, "api1" } }

How to implement in Android app? below link will help you.
https://codelabs.developers.google.com/codelabs/appauth-android-codelab/#0

@neerajyadav
Copy link

@madhuteja Doesn't it require RequirePkce = true and AllowAccessTokensViaBrowser = true ?

@madhuteja
Copy link
Author

@neerajyadav Ahhh!, I forgot it. It only requires RequirePkce = true

@neerajyadav
Copy link

@madhuteja I configured the client. When I pass openid or profile in scopes from android client, it says invalid scope, however passing api1 works.

@leastprivilege does code client without secret be treated as public client? Also why does passing identity scopes from authorization code client give invalid_scope ?

@leastprivilege
Copy link
Member

you need to check the logs.

@neerajyadav
Copy link

For those who are looking to configure android client with IdentityServer4, here is how your client configuration should look like in IS.

new Client
               {
                   ClientId = "client.android",
                   RequireClientSecret = false,
                   ClientName = "Android app client",
                   AllowedGrantTypes = GrantTypes.Code,
                   RequirePkce = true,
                   //AllowAccessTokensViaBrowser = true,
                   RequireConsent = false,
                   
                   RedirectUris = { "com.yourcompany.app://oidccallback" },
                   AllowedScopes =
                   {
                       IdentityServerConstants.StandardScopes.OpenId,
                       IdentityServerConstants.StandardScopes.Profile,
                       IdentityServerConstants.StandardScopes.Email,
                       IdentityServerConstants.StandardScopes.Phone,
                       "api1"
                   },
                   AllowOfflineAccess = true
               }

Three main things you need to make sure, RequirePkce = true, RequireClientSecret = false, AllowedGrantTypes = GrantTypes.Code . I wasted two days to figuring out RequireClientSecret should be false. With a lot of logging on production server I learned that.

This client is working fine with Android - AppAuth library. Also while sending scopes from android client, you need to make sure to include openid scope.

I will publish a sample repo for android client and IS both, as soon as I get free time.

@hadiidbouk
Copy link

I have made a simple using AppAuth-android with Identity Server 4 , check it here

@lock
Copy link

lock bot commented Jan 14, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@leastprivilege @neerajyadav @hadiidbouk @madhuteja