one (exprimental) SSO solution written in ruby for generic mobile apps
- TGT(ticket-granting ticket) which represents an user's sign-in status in rosso
- ST(service ticket) which represents the user's access to one app on a device
- UDID(unique device ID) which represents one mobile device in a proper time span
rosso consists of several sub-services which are:
- generic ticket storage(GTS)
- TGT issuer(TI)
- ST issuer(SI)
- client apps should register in rosso (appkey and securekey given)
- every api call should have special HTTP headers
- unique device id(UDID) algorism should be provided
- user open app1
- app1 calculates UDID and request for ST and TGT at GTS
- neither ST nor TGT found, app1 prompts login page to user
- with user's credential, app1 requests for a new TGT at TI
- if done, then app1 requests for an ST with such TGT at SI
- if ST issued, user can start to use app1 (app1 also does internally log-in)
- user open app2
- app2 calculates UDID and request for ST and TGT at GTS
- no ST for app2 but GTS has TGT for such UDID
- with TGT app2 request for its ST at SI
- if ST issued, user can start to use app2
UDID is the unique ID for devices and there are several approaches to get UDID. UDID should be same for apps on the same device (during a certain length period). You can roll your own to calculate UDID.
'pseudo id' is recommended. please refer to jared's answer on StackOverflow
'identifierForVendor' is recommended for now. but it is tricky since Apple's policy for the uniqueness crossing apps.
- apps should be published in AppStore by same vendor
- OR, if apps are in local development, bundle ID should be same in first two parts:
com.vendor.app1andcom.vendor.app2. (please refer to apple developer site)
for Chinese developers, here is a good article.