Taxonomy Icon

Mobile Development

Implementing mobile user authentication

Get the code View the demo Review the architecture

Summary

In this code pattern, learn how you can leverage IBM Mobile Foundation service to implement user authentication mechanisms using social logins or enterprise logins by using an LDAP server.

Description

User authentication is a fundamental requirement in almost all enterprise mobile apps. For internal mobile apps, such as those related to payroll or business travel booking, organizations want to leverage single-sign-on by authenticating users against its on-premise LDAP server. And, for apps targeted to end users where enterprise data is not exposed, such as an app for product users that allows them to raise service requests, organizations want to allow users to authenticate using their social login such as Facebook login or Google login. In this developer code pattern, we show you how to authenticate users using both social login and enterprise login mechanisms.

When you have completed this code pattern, you will understand:

  • How to achieve user authentication in mobile apps where the user repository is an enterprise LDAP server.
  • How to achieve user authentication in mobile apps using Social login mechanisms like Google or Facebook.
  • How to write Mobile Foundation adapters that fetch data from Cloud Object Storage service and Cloudant service.
  • How to capture user’s geo-location & image from camera and show in Google Maps.

Flows

Social login

This architecture diagram illustrates the social login flow (here described with Google but also relevant to Facebook or other social providers). The diagram shows that the trigger to call social providers is initiated by the client.

Architecture diagram showing social authentication

  1. User launches the mobile app, and chooses to sign in with Google.
  2. The Google Android SDK calls the Google Signin REST service.
  3. The access token from the REST service is received, and the mobile app calls the login API, with scope social-login and credentials (vendor + token).
  4. The Mobile Foundation SDK sends the credentials and scope to the Mobile Foundation Authorization Server API. The Authorization API calls the mapped security check social-login to validate the credentials.
  5. The social-login security check validates the token with its web client identifier from the security check configuration. The social-login returns the authenticated user to the Authorization Server API.
  6. The Authorization Server API returns the authenticated user data to the Mobile Foundation SDK. The Mobile Foundation SDK passes authenticated user data back to the app.
  7. If user authentication succeeds, the mobile app shows the home page. The mobile app makes a call to the Mobile Foundation adapter to fetch the data from the Cloudant database and return it to the mobile app.
  8. The data fetched from Cloudant will have references to the images stored in Cloud Object Storage. The mobile app makes a call to the Mobile Foundation adapter to get the Authorization token for interacting with Cloud Object Storage service. The Mobile Foundation adapter makes a call to the Cloud Object Storage service’s token manager endpoint to get the Authorization token and returns it to the mobile app.
  9. The mobile app initializes image-caching plugin and fetches the images from Object Storage.
  10. The mobile app displays the data obtained from the Mobile Foundation adapter as a list of items.
  11. User clicks on one of the list item to see more details. A detail page is shown consisting of image and geo-location marked inside Google Maps.

LDAP login

Architecture diagram showing LDAP authentication

  1. The user launches the mobile app, and clicks the login button.
  2. The mobile app invokes the Mobile Foundation security check adapter to validate the user credentials.
  3. To validate the user credentials, the security check adapter connects to the on-premise enterprise LDAP server through a secure gateway.
  4. The enterprise LDAP server validates the credentials and sends the response back to the Mobile Foundation server through the secure gateway.
  5. The Mobile Foundation server returns the authenticated user data to the Mobile Foundation SDK. The Mobile Foundation SDK passes authenticated user data back to the app.
  6. If user authentication succeeds, the mobile app shows the home page. The mobile app makes a call to the Mobile Foundation adapter to fetch the data from the Cloudant database and return it to the mobile app.
  7. The data fetched from Cloudant will have references to the images stored in Cloud Object Storage. The mobile app makes a call to the Mobile Foundation adapter to get the Authorization token for interacting with Cloud Object Storage service. The Mobile Foundation adapter makes a call to the Cloud Object Storage service’s token manager endpoint to get the Authorization token and returns it to the mobile app.
  8. The mobile app initializes image-caching plugin and fetches the images from Object Storage.
  9. The mobile app displays the data obtained from the Mobile Foundation adapter as a list of items.
  10. The user clicks on one of the list item to see more details. A detail page is shown consisting of image and geo-location marked inside Google Maps.

Instructions

Please see detailed instructions in the README.