[mitreid-connect] Single SignOn between Mobile Applications and OpenID Connect
Rosa Sanchez Guerrero
rosa.rsg at gmail.com
Thu Aug 17 07:51:13 EDT 2017
We are working on a Project in our Company in which business people require
SSO between two mobile applications:
-Mobile Application A (APPa) with an identity repository (IRa)
-Mobile Application B (APPb) with an identity repository (IRb)
The corresponding between users of IRa and users of IRb can be established
through a common field (identification number).
We have reviewed in the literature different approaches to implement SSO
between mobile applications:
-Sharing of tokens
-NAPPS (Native Single Sign On Application)
- Use of webviews or browser. We think that this options are not the best
from a security point of view.
We like to know which is the most appropriate from a security point of view
and how your Mitreid solution based on OpenID Connect could help us to
solve this challenge.
If so, could you explain us what would be the steps to follow and the
OpenID Connect flows (authorization code, hybrid, etc.) more appropriate
for this purpose?
Let's assume that the SSO is unidirectional, i.e, the user authenticates
first in APPa and then, she accesses to APPb seamlessly.
Kind regards and thanks,
Rosa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20170817/fa86d5e1/attachment.html
More information about the mitreid-connect
mailing list