Mobile Single-Sign-On

From IIW

Session Topic: Mobile Single-Sign-On

Convener: Sascha Preibisch

Notes-taker(s): Sascha Preibisch

  • Topic: Mobile Single-Sign On (MSSO)
  • goal: users should only login to the first app using username/ password. This app will receive an access_token and an  id_token. The id_token will be shared with other apps. Other apps will reuse the earlier issued id_token to request their own access_token
  • target environment: enterprise apps, signed by the same developer key
  • what was discussed/ showed:
    • explanation how mobile single-sign on can be implemented using OAuth, OpenID Connect and JsonWebToken
    • client apps would keep their oauth access_token for them selves but they would share the id_toke
    • client apps would also share an app-generated private key which would be used for ssl with client authentication if it is required