github authentication using xamarin.auth

How can I implement implicit (or other applicable) OAuth Login flow to login to GitHub from my app. Is Xamarin.Auth applicable here?

Answers

  • ColeXColeX Member, Xamarin Team Xamurai
    edited November 2018
  • rafsanulhasanrafsanulhasan Member ✭✭
    edited December 2018

    Thanks @ColeX for the useful reference. That nearly solved my problem. But when I've gone through it. I found that there are some limitations in auth0 service though very good. They don't support MAC, watchOS, tvOS, GTK (Linux). 7000 active client per month.

    Besides my requirement is a bit complex. The project I'm working on is an open-source project. The GitHub OAuth App's Client ID and Secret has been hardcoded into a config.json file in every projects Assets folder and have a platform specific implementation to retrieve them. I'm using Prism & Unity for Navigation and a DI container for better manageability, test-ability, loosely-coupling/high-cohesion and more specifically to implement IoC principles . Since I want to keep the secret keys secret from the open source community for the Beta, Preview and Production versions, I've created 4 different OAuth apps in GitHub for:

    1. the dev branch
    2. beta (only for testing inside organization and developers or contributors
    3. Preview (only for beta testers in the store apps)
    4. Production

    The OAuth app for the dev branch is exposed to the community. and the keys are changed dynamically during CI builds (using Pipelines) behind the scenes and deploying them to Mobile Center. I need the keys to be exposed in the dev brach to make it visible for learners and for my documentation purpose.

    I've chosen this strategy because there is no feature like User Secrets in secrets.json (available in ASP.NET Core) available in Xamarin.Forms. There are other libraries but I don't like them.

    If I want to continue with my strategy and integrate auth0, it seems that I need to create 4 different accounts in auth0 because the connection to third party API does not allow creating connections to multiple apps from a single Identity Provider. Which might be cumbersome and I don't want it.

    Since GitHub has a security issue with OAuth login flow (it can not be determined in OAuth flow that which application is using it) as per their API documentation, I don't want to expose it to the community because I don't want to loose control over it. If GitHub would had supported OIDC for its API login flow, that would be great.

    Because of the limitation I explained in the last paragraph, I decided to try creating 4 accounts in auth0. but the implementation needs a platform-specific way (like Xamarin.Auth) to achieve my goal because auth0's Nuget Library has limitation with platforms.

    Can you help me with that: Platform specific implementation of auth0 using Xamarin.Auth !!!

Sign In or Register to comment.