1

I am using Azure MobileServiceClient to authenticate with a mobile app. I want to enable a secure logout function, which involves deleting the cookies created by the web component. Otherwise anyone selecting "Login" will simply get logged in if there's an unexpired cookie lurking around. Deleting the cookies is working great.

Unfortunately, it means that a user returning to the same provider on the same device has to provide their username again (clearly, I don't want to store their password).

I found out how to make it work with Google. (Google OpenId doc) I simply provide a dictionary of parameters to the LoginAsync method. That dictionary contains the key "login_hint" and the user's email address (which, btw, has to be valid to work).

This doesn't seem to work for Facebook, Microsoft or Twitter accounts and I don't know why. I read a document that said that "login_hint" or "username" was supported by convention, but none of that seems to work.

Anyone have any experience (even a completely different approach) with this they can share?

TIA.

Bill Noel
  • 1,120
  • 9
  • 21

1 Answers1

2

In order to implement IdP provided solutions like that, you need to move to a client-flow authentication. Client-Flow is when you use the IdP provided SDK to authenticate the user. Once the IdP has given you a token, you pass that token (silently) to Azure Mobile Apps to exchange it for a ZUMO token that you can use with the Azure Mobile Apps service.

Once you have the client-flow enabled, you can do anything that the IdP (Facebook, Google, etc.) will allow you to do. It's not really an Azure Mobile problem - more of an IdP problem.

Adrian Hall
  • 7,990
  • 1
  • 18
  • 26
  • Thanks, Adrian. I was worried about the access_token flowing to the client as a less secure method than the server approach. Still trying to get my head around it all. I'll look at your GitHub repository ToDo to see if the client approach is in there. I was trying to avoid 4 platforms times 4 providers worth of work. Lazy me. :) – Bill Noel Jul 25 '16 at 22:33
  • I thought I remembered a reference to a sample you did, but I must have been having a senior moment there. I'll keep looking for some sample code. Seems like that kind of thing out to be out there everywhere, but I'm having trouble finding it. Thanks, again. – Bill Noel Jul 25 '16 at 23:11
  • I am working on some new samples for client-flow in Xamarin Forms, but they aren't there yet. – Adrian Hall Jul 26 '16 at 16:06
  • That would be really great. I am using server side for everything and the only part that's a problem is having the ability to display the IdP login prefilled with a user's login name. 'login_hint' works perfectly for Google, but not for any other IdP. It's a financial app, so SSO is out. I'll stick with server directed and nuking the cookies until I can see your client directed samples. Super helpful, Adrian. As always. Thanks. – Bill Noel Jul 27 '16 at 14:01
  • You weren't talking about using the Xamarin Auth component to do this, were you? – Bill Noel Jul 27 '16 at 15:45
  • @nhwilly Here's a Xamarin.Forms Facebook client flow example: https://github.com/azure-appservice-samples/contosomoments#authentication – lindydonna Jul 27 '16 at 19:45
  • Wow, thanks @lindydonna-msft I'm headed out on holiday for a week, but it'll be the first thing I swing at when I get back. – Bill Noel Jul 30 '16 at 12:46