This blog post is an addendum to the article, Build a Xamarin App with Authentication and Offline Support, to be published in MSDN Magazine, September 2015. I’ll update this post with a link once the article is available. Part 1, Cloud-Connected Mobile Apps – Create a Web Service with Azure Web Apps and WebJobs, which discusses the backend of the project, is available now.
The OAuth credential flow in Altostratus is as follows, using Facebook as an example. Once the user is
- The mobile client app displays a web browser control and navigates to a known URL on the backend.
- The backend redirects to the Facebook sign-in page where the user signs in with his or her Facebook credentials.
- The backend does sends requests to Facebook to retrieve an access token.
- The client app redirects the browser back to the backend’s endpoint. The redirect URL includes the access token in the fragment hash.
- The client app has been waiting for the redirect. At this point, it parses the access token from the URL fragment.
- If the user is not yet registered with the backend, the client app sends a registration request to the backend. The backend creates a database entry for the user and issues a second access token. This step only happens on the first login.
- Once the user is registered, the client app includes the access token to make authenticated requests.