Identityserver4: Use openid/AppAuth-Android library with the IdentityServer4

Created on 15 Nov 2016  路  13Comments  路  Source: IdentityServer/IdentityServer4

I'm developing an ASP.Net MVC application and an Android app for my client. Back end service will be an ASP.Net Core API service.
And I want to use IdentityServer4 for authentication and authorization for my apps. I managed to configure the IdentityServer4 for the ASP.Net client and it's working great with the HybridAndClientCredentials grant type. My Android app is native and developed in JAVA, so I can't use "IdentityModel.OidcClient" library. So I'm looking for the openid's library AppAuth-Android , but I couldn't find any help or samples on this.
So how can I authorize my Android client with the AppAuth-Android library?
Can any one help me on this?
Any help is greatly appreciated.

question
Source
picture madhuteja

Most helpful comment

I have made a simple using AppAuth-android with Identity Server 4 , check it here

picture hadiidbouk on 6 Jul 2017
👍2

All 13 comments

AppAuth is not our library. It should work with IdentityServer4, but I haven't tried it myself yet.

leastprivilege picture leastprivilege on 15 Nov 2016

Working fine with GrantTypes.Code and required PKCE, but not working with the GrantTypes.Hybrid.
Getting "Invalid grant type for client: authorization_code" error.

madhuteja picture madhuteja on 18 Nov 2016

OK - then they probably don't support hybrid. Thanks!

leastprivilege picture leastprivilege on 18 Nov 2016

That's OK. Thanks for the great framework.

madhuteja picture madhuteja on 18 Nov 2016

@madhuteja I'm also trying to use IS4 with an android app. Have you achieved it? It would be really helpful if you could pass the client definition you used for android app.

How are you receiving tokens at client end ? via custom Uri scheme? What is the RedirectUri you defined in client definition?

neerajyadav picture neerajyadav on 19 Dec 2016

@neerajyadav try this client configuration in IdSvr4

new Client { ClientId = "mobile", ClientName = "Mobile Client", AllowedGrantTypes = GrantTypes.Code, RedirectUris = { "com.yourcompany.yourapp://oidccallback" }, AllowedScopes = { StandardScopes.OpenId.Name, StandardScopes.Profile.Name, StandardScopes.OfflineAccess.Name, "api1" } }

How to implement in Android app? below link will help you.
https://codelabs.developers.google.com/codelabs/appauth-android-codelab/#0

madhuteja picture madhuteja on 20 Dec 2016

@madhuteja Doesn't it require RequirePkce = true and AllowAccessTokensViaBrowser = true ?

neerajyadav picture neerajyadav on 20 Dec 2016

@neerajyadav Ahhh!, I forgot it. It only requires RequirePkce = true

madhuteja picture madhuteja on 20 Dec 2016

@madhuteja I configured the client. When I pass openid or profile in scopes from android client, it says invalid scope, however passing api1 works.

@leastprivilege does code client without secret be treated as public client? Also why does passing identity scopes from authorization code client give invalid_scope ?

neerajyadav picture neerajyadav on 23 Dec 2016

you need to check the logs.

leastprivilege picture leastprivilege on 23 Dec 2016

For those who are looking to configure android client with IdentityServer4, here is how your client configuration should look like in IS.

```
new Client
{
ClientId = "client.android",
RequireClientSecret = false,
ClientName = "Android app client",
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
//AllowAccessTokensViaBrowser = true,
RequireConsent = false,

                RedirectUris = { "com.yourcompany.app://oidccallback" },
                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    IdentityServerConstants.StandardScopes.Email,
                    IdentityServerConstants.StandardScopes.Phone,
                    "api1"
                },
                AllowOfflineAccess = true
            }

```

Three main things you need to make sure, RequirePkce = true, RequireClientSecret = false, AllowedGrantTypes = GrantTypes.Code . I wasted two days to figuring out RequireClientSecret should be false. With a lot of logging on production server I learned that.

This client is working fine with Android - AppAuth library. Also while sending scopes from android client, you need to make sure to include openid scope.

I will publish a sample repo for android client and IS both, as soon as I get free time.

neerajyadav picture neerajyadav on 24 Dec 2016
👍2

I have made a simple using AppAuth-android with Identity Server 4 , check it here

hadiidbouk picture hadiidbouk on 6 Jul 2017
👍2

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 14 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

leastprivilege picture leastprivilege  路  3Comments
klioqc picture klioqc  路  3Comments
nukec picture nukec  路  3Comments
cixonline picture cixonline  路  3Comments
mackie1001 picture mackie1001  路  3Comments