| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Add Authentication on iOS with Azure Mobile Apps |
Learn how to use Azure Mobile Apps to authenticate users of your iOS app through a variety of identity providers, including AAD, Google, Facebook, Twitter, and Microsoft. |
app-service\mobile |
ios |
conceptdev |
crdun |
ef3d3cbe-e7ca-45f9-987f-80c44209dc06 |
app-service-mobile |
mobile |
mobile-ios |
dotnet |
article |
01/23/2017 |
crdun |
[!INCLUDE app-service-mobile-selector-get-started-users]
In this tutorial, you add authentication to the iOS quick start project using a supported identity provider. This tutorial is based on the iOS quick start tutorial, which you must complete first.
[!INCLUDE app-service-mobile-register-authentication]
Secure authentication requires that you define a new URL scheme for your app. This allows the authentication system to redirect back to your app once the authentication process is complete. In this tutorial, we use the URL scheme appname throughout. However, you can use any URL scheme you choose. It should be unique to your mobile application. To enable the redirection on th server side:
-
In the Azure portal, select your App Service.
-
Click the Authentication / Authorization menu option.
-
Click Azure Active Directory under the Authentication Providers section.
-
Set the Management mode to Advanced.
-
In the Allowed External Redirect URLs, enter
appname://easyauth.callback. The appname in this string is the URL Scheme for your mobile application. It should follow normal URL specification for a protocol (use letters and numbers only, and start with a letter). You should make a note of the string that you choose as you will need to adjust your mobile application code with the URL Scheme in several places. -
Click OK.
-
Click Save.
[!INCLUDE app-service-mobile-restrict-permissions-dotnet-backend]
In Xcode, press Run to start the app. An exception is raised because the app attempts to access the backend as an unauthenticated user, but the TodoItem table now requires authentication.
Objective-C:
-
On your Mac, open QSTodoListViewController.m in Xcode and add the following method:
- (void)loginAndGetData { QSAppDelegate *appDelegate = (QSAppDelegate *)[UIApplication sharedApplication].delegate; appDelegate.qsTodoService = self.todoService; [self.todoService.client loginWithProvider:@"google" urlScheme:@"appname" controller:self animated:YES completion:^(MSUser * _Nullable user, NSError * _Nullable error) { if (error) { NSLog(@"Login failed with error: %@, %@", error, [error userInfo]); } else { self.todoService.client.currentUser = user; NSLog(@"User logged in: %@", user.userId); [self refresh]; } }]; }
Change google to microsoftaccount, twitter, facebook, or windowsazureactivedirectory if you are not using Google as your identity provider. If you use Facebook, you must whitelist Facebook domains in your app.
Replace the urlScheme with a unique name for your application. The urlScheme should be the same as the URL Scheme protocol that you specified in the Allowed External Redirect URLs field in the Azure portal. The urlScheme is used by the authentication callback to switch back to your application after the authentication request is complete.
-
Replace
[self refresh]inviewDidLoadin QSTodoListViewController.m with the following code:[self loginAndGetData];
-
Open the
QSAppDelegate.hfile and add the following code:#import "QSTodoService.h" @property (strong, nonatomic) QSTodoService *qsTodoService;
-
Open the
QSAppDelegate.mfile and add the following code:- (BOOL)application:(UIApplication *)application openURL:(NSURL *)url options:(NSDictionary<UIApplicationOpenURLOptionsKey,id> *)options { if ([[url.scheme lowercaseString] isEqualToString:@"appname"]) { // Resume login flow return [self.qsTodoService.client resumeWithURL:url]; } else { return NO; } }
Add this code directly before the line reading
#pragma mark - Core Data stack. Replace the appname wih the urlScheme value that you used in step 1. -
Open the
AppName-Info.plistfile (replacing AppName with the name of your app), and add the following code:<key>CFBundleURLTypes</key> <array> <dict> <key>CFBundleURLName</key> <string>com.microsoft.azure.zumo</string> <key>CFBundleURLSchemes</key> <array> <string>appname</string> </array> </dict> </array>
This code should be placed inside the
<dict>element. Replace the appname string (within the array for CFBundleURLSchemes) with the app name you chose in step 1. You can also make these changes in the plist editor - click on theAppName-Info.plistfile in XCode to open the plist editor.Replace the
com.microsoft.azure.zumostring for CFBundleURLName with your Apple bundle identifier. -
Press Run to start the app, and then log in. When you are logged in, you should be able to view the Todo list and make updates.
Swift:
-
On your Mac, open ToDoTableViewController.swift in Xcode and add the following method:
func loginAndGetData() { guard let client = self.table?.client, client.currentUser == nil else { return } let appDelegate = UIApplication.shared.delegate as! AppDelegate appDelegate.todoTableViewController = self let loginBlock: MSClientLoginBlock = {(user, error) -> Void in if (error != nil) { print("Error: \(error?.localizedDescription)") } else { client.currentUser = user print("User logged in: \(user?.userId)") } } client.login(withProvider:"google", urlScheme: "appname", controller: self, animated: true, completion: loginBlock) }
Change google to microsoftaccount, twitter, facebook, or windowsazureactivedirectory if you are not using Google as your identity provider. If you use Facebook, you must whitelist Facebook domains in your app.
Replace the urlScheme with a unique name for your application. The urlScheme should be the same as the URL Scheme protocol that you specified in the Allowed External Redirect URLs field in the Azure portal. The urlScheme is used by the authentication callback to switch back to your application after the authentication request is complete.
-
Remove the lines
self.refreshControl?.beginRefreshing()andself.onRefresh(self.refreshControl)at the end ofviewDidLoad()in ToDoTableViewController.swift. Add a call tologinAndGetData()in their place:loginAndGetData()
-
Open the
AppDelegate.swiftfile and add the following line to theAppDelegateclass:var todoTableViewController: ToDoTableViewController? func application(_ application: UIApplication, openURL url: NSURL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool { if url.scheme?.lowercased() == "appname" { return (todoTableViewController!.table?.client.resume(with: url as URL))! } else { return false } }
Replace the appname wih the urlScheme value that you used in step 1.
-
Open the
AppName-Info.plistfile (replacing AppName with the name of your app), and add the following code:<key>CFBundleURLTypes</key> <array> <dict> <key>CFBundleURLName</key> <string>com.microsoft.azure.zumo</string> <key>CFBundleURLSchemes</key> <array> <string>appname</string> </array> </dict> </array>
This code should be placed inside the
<dict>element. Replace the appname string (within the array for CFBundleURLSchemes) with the app name you chose in step 1. You can also make these changes in the plist editor - click on theAppName-Info.plistfile in XCode to open the plist editor.Replace the
com.microsoft.azure.zumostring for CFBundleURLName with your Apple bundle identifier. -
Press Run to start the app, and then log in. When you are logged in, you should be able to view the Todo list and make updates.
App Service Authentication uses Apples Inter-App Communication. For more details on this subject, refer to the Apple Documentation