[Wasm] Documentation and examples for OpenId Connect Authentication #3393
Comments
jhancock4d
added
kind/consumer-experience
triage/untriaged
|
Thanks for the request! At this point, we only looked at the implementation for MSAL.NET, but we're opened to suggestions. If you have an existing Uno sample that you'd like to see working on WebAssembly that does not work, could you please post it here ? |
jeromelaban
added
platform/wasm 🌐
jeromelaban
changed the title
|
I don't even have a direction to go to make this work cross platform. MSAL.net and Microsoft authentication would be used by an vanishingly small portion of users because it's both tied to Microsoft and incredibly limited in the b2c version. In C# land they're either using IdentityServer4 or Open-Adict for servers. In general however, Uno needs to have support or at least a sample that allows authentication and renewal for all platforms against ANY OpenIdConnect compliant server. (Microsoft or otherwise) Basically I'd be looking for a sample that has .net Core with IdentityServer4 on it as the IdP and then some sort of implementation in uno that will work across all platforms to login to said IdP. This means on web that it would use code flow with pkce and without client secret and would do auth token updates based on an iframe implementation that calls the endpoint using cookies. On ios, android, windows etc. this would use client secret and request an updated auth token based on the refresh token flow. Note that the web flow is completely different than the actual client flow. |
|
@jhancock4d I think that my issue #3433 covers what you requested in general.
|
|
For the web, it is much better to open a popup window then redirect from the app and back in terms of UX and performance. |
|
@xperiandri popup window doesn't work in firefox. There is no way to launch it quickly enough that Firefox won't block the popup causing a bad experience for end users sadly. |
agneszitte
added
project/documentation 📖
|
One presumes that this would work on everything but web: https://github.com/IdentityModel/IdentityModel.OidcClient ? Could this be extended to support webassembly and handle the redirects?
|
jeromelaban
added
the
difficulty/tbd
What would you like clarification on:
Right now the standard authentication is OpenID connect. On C# that means using IdentityModel.OidcClient as the client library which works great on UWP, Android and iOS (and presumably works on Uno but it isn't clear.)
We really need documentation on how to do standardized OpenidConnect authentication that works across all platforms including WASM. Ideally we would be able to use IdentityModel.OidcClient and provide our own IBrowser implementation that did some sort of redirect on the same page and came back, captured the url and passed it back and authenticated.
Concern?
For which Platform:
Anything else we need to know?
Basically Uno to be viable with most new apps needs to be able to handle OpenIdConnect across all platforms. Flutter struggles mightily over this as an example with no single plugin that handles all 3 platforms well making it a non-starter for Web + iOS + Android right now for most LoB applications. Uno could have significant advantages to flutter if this functoinality was available and well documented either by extending IdentityModel.OidcClient to work with WASM itself or using the current functionality and providing an example of IBrowser for IdentityModel.OidcClient that would work.
The text was updated successfully, but these errors were encountered: