AppAuth for Android (and iOS) - now on GitHub!
Andy Zmolek
Tech Founder | Analyst of Fractal Patterns | AI Realist | Sorcerer of Partner Ecosystems | Conjurer of Market Insight | Trusted Advisor
I've been collaborating with our federated identity team to help make it easier for mobile app developers to implement enterprise SSO in their apps, and I'm pleased to share with my identity-minded LinkedIn contacts that we have recently released AppAuth as open source software for mobile app developers. AppAuth is a client library for OAuth and OpenID Connect that enables Android (and iOS) apps to do authentication and authorization on native in a secure and usable way (via Chrome Custom Tabs and SFSafariViewController, respectively), fully supporting the Google-proposed best practice specification for native app auth that's now an IETF OAuth Working group project.
Want to play with it now? Grab the reference libraries from GitHub:
- Android project: https://openid.github.io/AppAuth-Android
- iOS project: https://openid.github.io/AppAuth-iOS
Many of our own internal projects will soon depend on this library, and we are encouraging app developers (particularly enterprise SaaS developers) to adopt it, since it will let them replace the less secure and user unfriendly dependence on WebView for 3rd-party sign-in. The best part: it works with essentially all OAuth-based WebSSO solutions (including OpenID Connect), so if you support federated identity in your SaaS service already, this will be super easy to implement. Also, it doesn't matter whether you support Google identity or not, this library is completely orthogonal to what choices of identity provider (IdP) you and your customer might make.
William Denniss and I will be presenting a couple of sessions at this year's Cloud Identity Summit in June around AppAuth but you don't have to wait until then if you want to learn more - just drop me a note and we'll help you get started.