Adding Modern Authentication (OAuth2) to Mobile Apps

Modern Authentication is the term Microsoft uses to refer to its implementation of the OAuth 2.0 authorization framework for client/server authentication. Modern Authentication leverages standard authentication libraries to enable applications to support single sign-on (SSO) features like 2FA/MFA and to use access and refresh tokens to validate authentication requests.

This KB article provides step-by-step instructions to add Microsoft Modern Authentication to any Android or iOS app without code or coding.

Adding Modern Authentication (OAuth2) to Mobile Apps Without Coding

Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate Microsoft Modern Authentication to any mobile app – instantly, no code or coding required.

Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on SAML, OAuth, OpenID Connect or any other authentication standard inside the app.  Users merely upload mobile apps, select the Mobile Enterprise Authentication by Appdome service and click “Build My App.” The Appdome technology adds Modern Authentication and relevant standards, frameworks and more to the app automatically, with no manual development work at all.

The following diagram illustrates the Single-Sign-On flow for apps that have been integrated with Modern Authentication (OAuth2).

  1. The application sends an unauthorized request to reach a resource like internal.mycomp.com which is protected by a gateway, AD, or the app server itself.
  2. The server protecting the resource responds with 401 or 30X response since the request is not authorized.
  3. Appdome identifies the response from the protected resource and opens an internal Webview within the Built App
  4. The internal Webview navigates to the Hub URL (e.g. https://company-portal-url.com/api/portal.html)
  5. The user can now authenticate using any authentication method the hub URL requires, during the authorization session, the cookies and authorization token are received
  6. The Azure server redirects to the Success URI (e.g. https://successful-authentication-internal-url/portal.html) since the authorization succeeded. Note that the app’s Success URI is configured on Azure should match the configuration during fusion.
  7. Appdome identifies the Success URI redirect and closes the internal Webview, returning the view to the original app.
  8. Now, when the app tries to reach the protected resource, the authorization header or cookies are attached to the outgoing request. The gateway will trust these credentials and the app will reach the protected resource internal.mycompany.com successfully.

Prerequisites for Using Appdome for Modern Authentication

In order to use Appdome’s no code implementation of Microsoft Modern Authentication authentication, you’ll need:

  • Appdome account
  • Mobile App (.ipa for iOS, or .apk or .aab for Android)
  • AD Hub URL
  • Authentication Successful URI on AD
  • Application protected resource URL
  • Signing Credentials (e.g., signing certificates and provisioning profile)

How to Add Modern Authentication to Any Mobile App on Appdome

  1. Upload a Mobile App to Your Account

    Please follow these steps to add a mobile app to your Appdome account.
    If you don’t have an Appdome account, click here to create an account.

    From the “Build” tab, select Authentication

  2. Under the Authentication Profiles, open the Select Scheme drop-down list, select Mobile Enterprise Authentication by Appdome
  3. Add the Protected Resources
  4. Add the Authentication Portal URL
  5. Add Redirect URIs
  6. If your deployment uses Open ID, Enable OpenID Authentication
    • If your deployment requires additional HTTP modifiers to authenticate (optional), upload a file
    • The file should be a text file with each row containing a header to add(with + as the first character) or to remove (with – as the first character). e.g:
      +Connection: Keep-Alive
      “-Content-Encoding: gzi”
    • Enter Client ID
  7. Enable Cross-App ID (optional).  The Cross-App ID allows the Built app to share the authentication state for Single Sign-On.
  8. Click Build My App  

The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add Modern Authentication to the mobile app in seconds. For example, the technology of Open-ID Connect and Webview authentication, work that ordinarily a developer would need to do.

Congratulations! You now have a mobile app fully integrated with Modern Authentication.

success message appdome - modern authentication

After Adding Modern Authentication to a Mobile App on Appdome

After you have added Modern Authentication to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.

Please view the article here on How to Complete My Mobile Integration Project After I Build My App.

That is it – Enjoy your newly integrated mobile app!

How Do I Learn More?

Appdome provides additional alternatives for No Code Microsoft Authentication in Mobile Apps.  Appdome also has other no code implementations for MicroVPN and enterprise mobility, all of which can be combined with Modern Authentication on Appdome.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Gil Hartman

Have a question?

Ask an expert

EnrikaMaking your security project a success!