<div dir="ltr"><p class="MsoNormal"><span lang="EN-US">We are
working on a Project in our Company in which business people require SSO
between two mobile applications:<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">-Mobile
Application A (APPa) with an identity repository (IRa)<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US">-Mobile
Application B (APPb) with an identity repository (IRb)<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">The
corresponding between users of IRa and users of IRb can be established through
a common field (identification number).<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">We have
reviewed in the literature different approaches to implement SSO between mobile
applications:<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">-Sharing of
tokens<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US">-NAPPS (Native
Single Sign On Application)<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US">- Use of
webviews or browser. We think that this options are not the best from a security
point of view.<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">We like to
know which is the most appropriate from a security point of view and how your
Mitreid solution based on OpenID Connect could help us to solve this challenge.<span></span></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">If so,
could you explain us what would be the
steps to follow and the OpenID Connect flows (authorization code, hybrid, etc.)
more appropriate for this purpose?<span></span></span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">Let's assume that the SSO is unidirectional, i.e, the user authenticates first in APPa and then, she accesses to APPb seamlessly.</span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">Kind regards and thanks,</span></p><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal"><span lang="EN-US">Rosa</span></p></div>