Enabling Mobile Apps to Share Authentication State
Mobile applications usually don’t share an authentication state. They were written by different developers and have no way of using one app’s authentication state in the other apps on the same mobile device.
Appdome is a no-code mobile integration platform as a service (iPaaS), supporting a wide variety of implementations for Android and iOS apps.
This Knowledge Base article summarizes the steps needed for mobile apps to share authentication state using Appdome’s Cross-App ID. Cross-App ID can be added to any iOS or Android app instantly, with no code or coding.
Easily Enabling Mobile Apps to Share Authentication State
Cross-App ID is the ability of two or more mobile apps to share authentication state. Known as cross-app identity, this allows end-users of mobile apps to sign into one app, simultaneously unlocking (i.e., authenticating) the other apps used by that user.
In order for mobile apps to share authentication state, Appdome’s Cross-App ID uses metadata to verify user login between apps. Appdome-Built apps using Cross-App ID share such metadata securely. This allows the user to login once, sharing and updating the metadata needed for other built apps automatically. Appdome provides a framework in its Fusion Layer that allows other mobile apps to access the metadata, such as cookies, auth-state for apps built with Open-ID for SSO, Keychain in iOS apps, and Credentials in iOS apps. The data is saved outside the app’s sandbox. For security, the data is encrypted with a unique key that is shared only with other built apps in the group. The selected apps with access to the metadata are defined by a dynamic trust group, consisting of Appdome-Built Cross-App ID apps created in the same Account, Team, or Fusion Set on Appdome.
The following diagram further elaborates on the Cross-App ID capability and flow:
- The ‘first’ app is challenged with the authentication by the identity provider protecting the resource (‘App Server’ in the diagram). It performs the authentication and receives the token/cookies once authentication is successful.
- The authenticated app stores the authentication credentials within Appdome’s Secure Storage.
- When the second built app is launched, it searches the Appdome Secure Storage, and since relevant authentication credentials for that specific identity provider/gateway exist in the Secure Storage, it extracts the cookies/token.
- When the second built app tries to reach the protected resource (App server), it attaches the authentication header/cookie to the outgoing request. Since the gateway/identity provider trusts these credentials, the App can reach the protected resource without triggering authentication within the second app.
How to Add Cross-App ID to Any Mobile App on Appdome
Follow these step-by-step instructions to add Cross-App ID to Any Mobile App and enable these mobile apps to share authentication state:
- Configure your desired SSO provider as described in Appdome for Single Sign-on
- Open the Scheme drop-down list named Appdome SSO+ Suite
- In the Appdome SSO+ Suite, enable Cross-App ID
- In Shared Scope, select the sharing option which best suits your deployment
- When finished, click Build My App.
- Only built apps can share data, none built apps won’t have access to the encrypted data
- Only built apps in the same “Shared Scope” will share data
- Cookies will be saved per URL. Make sure that the login URL is the same in all desired apps
- To share state among OpenID Connect apps, you must Build all apps with the same client id
- Sign all iOS apps with the same provisioning profile to allow access to a directory outside of the app’s sandbox
The technology behind Build My App has two major elements – (1) a micro service architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add conditional access to the mobile app in seconds.
Congratulations! You now have a mobile app fully integrated with Cross-App ID.
After Adding Cross-App ID to a Mobile App on Appdome
After you have added Cross-App ID to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome-Built App
Appdome is a full featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
Sign the Appdome-Built App (Required)
In order to deploy an Appdome-Built app, it must be signed. Signing iOS app and Signing an Android app are easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Deploy the Appdome-Built App to a Mobile Device
Once you have signed your Appdome-Built app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Built apps, please read this knowledge base.
That is it – Enjoy Appdome for Single Sign-On with Cross-App ID in your app!
End-to-End Video of Cross-App ID
How Do I Learn More?
If you have any questions around enabling mobile apps to share authentication state, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.