To enable Feide login to a mobile application (app), the app should use a web page to handle the authentication dialogue with Feide login service.
The user experience is shown step by step in the illustration below:
Step 1 | Step 2 | Step 3 |
Step 1: The user opens the app, and presses the "Login" button.
Step 2: A browser window is opened and the user is immediately redirected to the Feide login page, where the user enters username and password.
Step 3: After a successful login, the user is sent back to the app, now as an authenticated user.
This illustration shows the solution from a technical point of view:
The login flow between the app, the web page of the service provider and the Feide IdP is:
-
The user presses the login-button in the app
-
The app opens a web page hosted on the service providers domain in the web browser (e.g. https://www.someapp.no/login_app)
-
The web page creates a SAML 2.0 authentication request and sends it to the Feide IdP
-
The user logs in on the Feide IdP
-
The Feide IdP sends a SAML 2.0 authentication response back to the web page
-
The SP processes the authentication response, and then returns the user to the app. When returning the user to the app, a token identifying the user is incuded.
-
The app uses the token to validate the user against the SP web service