Skip to content

Native Mobile App

The Mobile Native Application (MNA) calls the API provided by the Resource server directly. The MNA application is responsible for an user authentication with the IAM Authorization Server and it uses the public client to access the IAM Authorization Server. The MNA application manages ans uses Tokens. The Access Token (ID Token, Refresh Token) is exposed to the MNA application, so application must ensure Tokens are stored in protected storage as secrets.

diagram

  1. The User click Sign in/Log in button on NMA application and the NMA application initializes the Authentication flow by calling the IAM Server standard Oauth2 Authorization endpoint (/auth).
  2. The IAM Server redirects User to Login page provided by the IAM Server. An User provides his/her credentials in order to Authenticate. As RFC8252 suggests the the Login Page should be rendered in external user agent/browser.
  3. Upon successful authentication the IAM Server returns Authorization code via browser agent to the NMA application .
  4. The NMA application calls he IAM Server standard Oauth2 Token endpoint (/token) to exchange Authorization Code for Tokens (ID Token, Access Token and Refresh Token).
  5. The IAM Server returns Tokens to the NMA application and the NMA application stores token utilizing the mobile platform (iOS, Android) SDK.
  6. The NMA application stores received tokens and the NMA calls the underlying Service APIs with Access Token.