SlideShare a Scribd company logo

Mobile Authentication for iOS Applications - Stormpath 101

Stormpath
Stormpath

The document provides an overview of mobile authentication strategies for iOS applications, covering essential topics such as Stormpath services, common authentication methods, and OAuth 2 token authentication. It emphasizes the importance of security, scalability, and provides resources for implementing authentication in iOS apps. The presentation includes a Q&A session to address further inquiries.

Software
1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Mobile Authentication for iOS Applications
Welcome! • Agenda • Stormpath 101 (5 mins) • Get Started with iOS (25 mins) • Q&A (30 mins) • Kaitlyn Barnard Marketing • Edward Jiang iOS Developer Evangelist
Speed to Market & Cost Reduction • Complete Identity solution out-of-the-box • Security best practices and updates by default • Clean & elegant API/SDKs • Little to code, no maintenance
Stormpath User Management User Data User Workflows Google ID Your Applications Application SDK Application SDK Application SDK ID Integrations Facebook Active Directory SAML
Let’s talk about Authentication
Mobile Authentication for iOS Applications - Stormpath 101
Authentication Proving You Are Who You Say You Are
Common Methods of Authentication
Basic Authentication
Basic Authentication GET /resource HTTP/1.1 Authorization: Basic 3CjvTdI30yoMS1xr3byzuz 3CjvTdI30yoMS1xr3byzuz = Base64(“username:password”)
Session Authentication Username Password SessionID edjiang TxGA2UwvQ9qFTyzK 4zyCMdpxbtPXWgC8 demouser 5uGGNsn253UZRpbU kRqVCcqmwgEhkaH9
Server-Based Authentication • Easy to use and implement • Auth details are sent on every request • Auth details do not expire • Hard to scale, as verifying a request needs access to central database
OAuth 2 Token Authentication
OAuth 2 Token Authentication POST /oauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type=password& username=username& password=password { "access_token": “eyJqdGkiOiI2UUxkc0xKeFlIZnU4M2…”, "refresh_token": “eyJqdGkiOiI2UUxkc0h6c2RoTXZWRV…”, "token_type": "Bearer", "expires_in": 3600 }
OAuth 2 Token Authentication GET /me HTTP/1.1 Authorization: Bearer eyJqdGkiOiI2UUxkc0xKeI… { "email": "edward@stormpath.com", "givenName": "Edward", "surname": "Jiang", "fullName": "Edward Jiang”, }
What is this token? eyJqdGkiOiI2UUxkc0xKeFa…
Header eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CJ9. { "typ": "JWT", "alg": "HS256" } It’s a JSON Web Token! Body eyJpc3MiOiJodHRwczovL2V4YW1wbGU uY29tIiwic3ViIjoidXNlcm5hbWUiLCJuYm YiOjE0NjIzMDcyNTgsImV4cCI6MTQ2Mj MxMDg1OCwiaWF0IjoxNDYyMzA3MjU4 fQ. Signature XcRsBv9qQUgmZwXmEyb1sa1M2GvIepy5r DKR5WmEpn0 HS256(header + “.” + body, signingKey) { "iss": "https://example.com", "sub": "username", "nbf": 1462307258, "exp": 1462310858, "iat": 1462307258 }
Token Authentication • More Secure o Auth details are sent on every request, BUT! o Auth token expires • Easy to scale, as servers can verify a token with the signing key • Extensible o Scale across multiple backend services o Can embed information in the JSON
LET’S LOOK AT SOME CODE!
iOS Resources • Stormpath Launches Mobile Support https://stormpath.com/blog/stormpath-mobile-support-ios-android/ • Tutorial: Build an iOS Application with Stormpath https://stormpath.com/blog/build-note-taking-app-swift-ios • Stormpath iOS SDK https://github.com/stormpath/stormpath-sdk-ios • iOS Example Application https://github.com/stormpath/stormpath-ios-notes-example
QUESTIONS?
THANK YOU

More Related Content

What's hot (20)

PDF
JWTs in Java for CSRF and Microservices
Stormpath
 
PPTX
REST API Security: OAuth 2.0, JWTs, and More!
Stormpath
 
PDF
Securing Web Applications with Token Authentication
Stormpath
 
PPTX
Mobile Authentication for iOS Applications
Lindsay Brunner
 
PPTX
Building a document e-signing workflow with Azure Durable Functions
Joonas Westlin
 
PDF
The Ultimate Guide to Mobile API Security
Stormpath
 
PDF
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
PDF
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
PPTX
Spring Security
Manish Sharma
 
PDF
Authentication: Cookies vs JWTs and why you’re doing it wrong
Derek Perkins
 
PPTX
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Roy Kim
 
PPTX
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
PDF
MongoDB World 2019: MongoDB Atlas Security 101 for Developers
MongoDB
 
PDF
What are JSON Web Tokens and Why Should I Care?
Derek Edwards
 
PPTX
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
PPTX
Zero Credential Development with Managed Identities
Joonas Westlin
 
PDF
Super simple application security with Apache Shiro
Marakana Inc.
 
PPTX
Zero Credential Development with Managed Identities for Azure resources
Joonas Westlin
 
PDF
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Peter Selch Dahl
 
PPTX
Instant Security & Scalable User Management with Spring Boot
Stormpath
 
JWTs in Java for CSRF and Microservices
Stormpath
 
REST API Security: OAuth 2.0, JWTs, and More!
Stormpath
 
Securing Web Applications with Token Authentication
Stormpath
 
Mobile Authentication for iOS Applications
Lindsay Brunner
 
Building a document e-signing workflow with Azure Durable Functions
Joonas Westlin
 
The Ultimate Guide to Mobile API Security
Stormpath
 
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
Spring Security
Manish Sharma
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Derek Perkins
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Roy Kim
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
MongoDB World 2019: MongoDB Atlas Security 101 for Developers
MongoDB
 
What are JSON Web Tokens and Why Should I Care?
Derek Edwards
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
Zero Credential Development with Managed Identities
Joonas Westlin
 
Super simple application security with Apache Shiro
Marakana Inc.
 
Zero Credential Development with Managed Identities for Azure resources
Joonas Westlin
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Peter Selch Dahl
 
Instant Security & Scalable User Management with Spring Boot
Stormpath
 

Viewers also liked (16)

PDF
Building Beautiful REST APIs in ASP.NET Core
Stormpath
 
PPTX
Storing User Files with Express, Stormpath, and Amazon S3
Stormpath
 
PPTX
Custom Data Search with Stormpath
Stormpath
 
PPTX
Beautiful REST+JSON APIs with Ion
Stormpath
 
PPTX
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Stormpath
 
PDF
Getting Started With Angular
Stormpath
 
PDF
Build a REST API for your Mobile Apps using Node.js
Stormpath
 
PPTX
Token Authentication for Java Applications
Stormpath
 
PDF
Building Beautiful REST APIs with ASP.NET Core
Stormpath
 
PPTX
Build a Node.js Client for Your REST+JSON API
Stormpath
 
PPTX
So long scrum, hello kanban
Stormpath
 
PPTX
Elegant Rest Design Webinar
Stormpath
 
PPTX
Build A Killer Client For Your REST+JSON API
Stormpath
 
PPTX
REST API Design for JAX-RS And Jersey
Stormpath
 
PPT
ID Next 2013 Keynote Slides by Mike Schwartz
Mike Schwartz
 
PPTX
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5
Denis Gundarev
 
Building Beautiful REST APIs in ASP.NET Core
Stormpath
 
Storing User Files with Express, Stormpath, and Amazon S3
Stormpath
 
Custom Data Search with Stormpath
Stormpath
 
Beautiful REST+JSON APIs with Ion
Stormpath
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Stormpath
 
Getting Started With Angular
Stormpath
 
Build a REST API for your Mobile Apps using Node.js
Stormpath
 
Token Authentication for Java Applications
Stormpath
 
Building Beautiful REST APIs with ASP.NET Core
Stormpath
 
Build a Node.js Client for Your REST+JSON API
Stormpath
 
So long scrum, hello kanban
Stormpath
 
Elegant Rest Design Webinar
Stormpath
 
Build A Killer Client For Your REST+JSON API
Stormpath
 
REST API Design for JAX-RS And Jersey
Stormpath
 
ID Next 2013 Keynote Slides by Mike Schwartz
Mike Schwartz
 
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5
Denis Gundarev
 
Ad

Similar to Mobile Authentication for iOS Applications - Stormpath 101 (20)

PPTX
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...
DataArt
 
PDF
Secure all things with CBSecurity 3
Ortus Solutions, Corp
 
PDF
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
Kumton Suttiraksiri
 
PPTX
Cnam cours azure zecloud mobile services
Aymeric Weinbach
 
PPS
Security testing
Tabăra de Testare
 
PPTX
Cloud Powered Mobile Apps with Azure
Kris Wagner
 
PPTX
The user s identities
Giuliano Latini
 
PPTX
Cloud Powered Mobile Apps with Azure
Ken Cenerelli
 
PPTX
No-Code SAML Support for SaaS Applications with Stormpath
Lindsay Brunner
 
PDF
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
aOS Community
 
PPTX
Mobile Services for Windows Azure
Abhishek Sur
 
PPTX
Defence
Reduan Rafi
 
PPTX
Passwordless Development using Azure Identity
Sarah Dutkiewicz
 
PDF
Azure AD B2C – integration in a bank
Kseniia Lvova
 
PPTX
TechNet Conference 2013 Berlin-Wie Sie Office 365 mit Windows Azure steuern b...
atwork
 
PPTX
Intelligent Cloud Conference: Azure AD B2C Application security made easy
Sjoukje Zaal
 
PDF
RSA SecurID Access
MarketingArrowECS_CZ
 
PPTX
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
PDF
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
NCCOMMS
 
PPTX
Azure API Apps
BizTalk360
 
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...
DataArt
 
Secure all things with CBSecurity 3
Ortus Solutions, Corp
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
Kumton Suttiraksiri
 
Cnam cours azure zecloud mobile services
Aymeric Weinbach
 
Security testing
Tabăra de Testare
 
Cloud Powered Mobile Apps with Azure
Kris Wagner
 
The user s identities
Giuliano Latini
 
Cloud Powered Mobile Apps with Azure
Ken Cenerelli
 
No-Code SAML Support for SaaS Applications with Stormpath
Lindsay Brunner
 
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
aOS Community
 
Mobile Services for Windows Azure
Abhishek Sur
 
Defence
Reduan Rafi
 
Passwordless Development using Azure Identity
Sarah Dutkiewicz
 
Azure AD B2C – integration in a bank
Kseniia Lvova
 
TechNet Conference 2013 Berlin-Wie Sie Office 365 mit Windows Azure steuern b...
atwork
 
Intelligent Cloud Conference: Azure AD B2C Application security made easy
Sjoukje Zaal
 
RSA SecurID Access
MarketingArrowECS_CZ
 
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
NCCOMMS
 
Azure API Apps
BizTalk360
 
Ad

Recently uploaded (20)

PDF
Empower Your Tech Vision- Why Businesses Prefer to Hire Remote Developers fro...
logixshapers59
 
PDF
TheFutureIsDynamic-BoxLang witch Luis Majano.pdf
Ortus Solutions, Corp
 
PDF
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
PDF
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
PDF
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
PDF
Linux Certificate of Completion - LabEx Certificate
VICTOR MAESTRE RAMIREZ
 
PDF
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
PDF
[Solution] Why Choose the VeryPDF DRM Protector Custom-Built Solution for You...
Lingwen1998
 
PPTX
Transforming Mining & Engineering Operations with Odoo ERP | Streamline Proje...
SatishKumar2651
 
PDF
MiniTool Partition Wizard Free Crack + Full Free Download 2025
bashirkhan333g
 
PDF
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
PDF
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
PDF
SciPy 2025 - Packaging a Scientific Python Project
Henry Schreiner
 
PPTX
Home Care Tools: Benefits, features and more
Third Rock Techkno
 
PPTX
Finding Your License Details in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PDF
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
PPTX
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
PPTX
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
PDF
Wondershare PDFelement Pro Crack for MacOS New Version Latest 2025
bashirkhan333g
 
PDF
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 
Empower Your Tech Vision- Why Businesses Prefer to Hire Remote Developers fro...
logixshapers59
 
TheFutureIsDynamic-BoxLang witch Luis Majano.pdf
Ortus Solutions, Corp
 
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
Linux Certificate of Completion - LabEx Certificate
VICTOR MAESTRE RAMIREZ
 
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
[Solution] Why Choose the VeryPDF DRM Protector Custom-Built Solution for You...
Lingwen1998
 
Transforming Mining & Engineering Operations with Odoo ERP | Streamline Proje...
SatishKumar2651
 
MiniTool Partition Wizard Free Crack + Full Free Download 2025
bashirkhan333g
 
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
SciPy 2025 - Packaging a Scientific Python Project
Henry Schreiner
 
Home Care Tools: Benefits, features and more
Third Rock Techkno
 
Finding Your License Details in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
Wondershare PDFelement Pro Crack for MacOS New Version Latest 2025
bashirkhan333g
 
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 

Mobile Authentication for iOS Applications - Stormpath 101

  • 2. Welcome! • Agenda • Stormpath 101 (5 mins) • Get Started with iOS (25 mins) • Q&A (30 mins) • Kaitlyn Barnard Marketing • Edward Jiang iOS Developer Evangelist
  • 3. Speed to Market & Cost Reduction • Complete Identity solution out-of-the-box • Security best practices and updates by default • Clean & elegant API/SDKs • Little to code, no maintenance
  • 4. Stormpath User Management User Data User Workflows Google ID Your Applications Application SDK Application SDK Application SDK ID Integrations Facebook Active Directory SAML
  • 7. Authentication Proving You Are Who You Say You Are
  • 10. Basic Authentication GET /resource HTTP/1.1 Authorization: Basic 3CjvTdI30yoMS1xr3byzuz 3CjvTdI30yoMS1xr3byzuz = Base64(“username:password”)
  • 11. Session Authentication Username Password SessionID edjiang TxGA2UwvQ9qFTyzK 4zyCMdpxbtPXWgC8 demouser 5uGGNsn253UZRpbU kRqVCcqmwgEhkaH9
  • 12. Server-Based Authentication • Easy to use and implement • Auth details are sent on every request • Auth details do not expire • Hard to scale, as verifying a request needs access to central database
  • 14. OAuth 2 Token Authentication POST /oauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type=password& username=username& password=password { "access_token": “eyJqdGkiOiI2UUxkc0xKeFlIZnU4M2…”, "refresh_token": “eyJqdGkiOiI2UUxkc0h6c2RoTXZWRV…”, "token_type": "Bearer", "expires_in": 3600 }
  • 15. OAuth 2 Token Authentication GET /me HTTP/1.1 Authorization: Bearer eyJqdGkiOiI2UUxkc0xKeI… { "email": "[email protected]", "givenName": "Edward", "surname": "Jiang", "fullName": "Edward Jiang”, }
  • 16. What is this token? eyJqdGkiOiI2UUxkc0xKeFa…
  • 17. Header eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CJ9. { "typ": "JWT", "alg": "HS256" } It’s a JSON Web Token! Body eyJpc3MiOiJodHRwczovL2V4YW1wbGU uY29tIiwic3ViIjoidXNlcm5hbWUiLCJuYm YiOjE0NjIzMDcyNTgsImV4cCI6MTQ2Mj MxMDg1OCwiaWF0IjoxNDYyMzA3MjU4 fQ. Signature XcRsBv9qQUgmZwXmEyb1sa1M2GvIepy5r DKR5WmEpn0 HS256(header + “.” + body, signingKey) { "iss": "https://example.com", "sub": "username", "nbf": 1462307258, "exp": 1462310858, "iat": 1462307258 }
  • 18. Token Authentication • More Secure o Auth details are sent on every request, BUT! o Auth token expires • Easy to scale, as servers can verify a token with the signing key • Extensible o Scale across multiple backend services o Can embed information in the JSON
  • 19. LET’S LOOK AT SOME CODE!
  • 20. iOS Resources • Stormpath Launches Mobile Support https://stormpath.com/blog/stormpath-mobile-support-ios-android/ • Tutorial: Build an iOS Application with Stormpath https://stormpath.com/blog/build-note-taking-app-swift-ios • Stormpath iOS SDK https://github.com/stormpath/stormpath-sdk-ios • iOS Example Application https://github.com/stormpath/stormpath-ios-notes-example