Okta authentication for iOS app: SAML vs OpenID

106 views
Skip to first unread message

ji...@opencraft.com

unread,
Jan 3, 2018, 12:37:07 AM1/3/18
to General Open edX discussion
Hello,

OpenCraft wants to add Okta authentication to the edX iOS application (and eventually to the Android app) for one of our clients.  There's a couple of options for this, and we'd appreciate guidance on which is most likely to be accepted upstream.

SAML

Okta supports SAML, and so that's what we're currently using to authenticate to the platform.

Issue#632 discusses authenticating to the app with SAML, and converting the SAML token to an OAuth2 token on the platform. And there's also an edX meeting agenda item about Appsembler adding SAML SSO support.

But I've been unable to find any code or examples of how to do this?

We'd be very interested to hear how this works, and about any progress made on this front.

OpenID Connect

Okta supports OpenID Connect, and provides an iOS SDK based on AppAuth that handles the kick out to the browser to login, and redirects back to the app to finish.  Okta SDK and AppAuth also work on Android.

So this seems like a better-supported option, but we've encountered some issues:
  • Would edX accept the addition of Okta to the pods currently used by the iOS app, or is this something we'd need to maintain as a patch?

  • Okta's iOS SDK is all Swift, so it needs to be built as a framework.  But we can't do that due to the static Google binaries.
    There's an open issue to add static support for Swift pods, but I'm not sure what to do about it right now.

    Someone said the workaround was to use Carthage instead, but it only supports building static frameworks, not compiling with static binaries, and moving to Carthage seems political.  Are there any other options?

  • To illustrate, I get the following error when I try to install the pod directly:

    [!] Pods written in Swift can only be integrated as frameworks; add `use_frameworks!` to your Podfile or target to opt into using it. The Swift Pod being used is: OktaAuth


    But adding     use_frameworks! causes this error: 

    [!] The 'Pods-edX' target has transitive dependencies that include static binaries: (edx-app-ios/Pods/GoogleAnalytics/Libraries/libGoogleAnalytics.a and edx-app-ios/Pods/GoogleIDFASupport/Libraries/libAdIdAccessLibrary.a)


  • Will also need to package the Pods project with "Defines Module: Yes" to allow the Swift classes to be accessible from Objective-C.
  • Okta's latest iOS SDK required the app to be built for iOS 9, but we can use an older v0.1.0.
Thank you for your advice!

Cheers,
--
Jill
Reply all
Reply to author
Forward
0 new messages