Authentication in mobile apps is often a critical step, but far more complicated than it really should be. .NET 6.0 Minimal APIs really helps us write less and produce exactly what we need. But the setup to get Microsoft, Google and yes just because we picked those 2 we are now forced (thanks a lot Apple) to use Sign in with Apple. Of course Apple being Apple couldn't be like everyone else so there are a few steps that you need to take in order to get setup. Even once we've got our Client Id & Client Secret for Microsoft & Google, plus our Service Id, Team Id, & Auth Key from Apple setting these up and having a token that you can use to now have Authenticated Endpoints, well it's a hot mess. We thought it was about time to make this easy, even if it's a bit opinionated. Introducing the AvantiPoint MobileAuth Library, now available on NuGet.org. With the MobileAuth Library we can easily stand up a new API with Microsoft, Google & Apple and expose a Login, Logout & User Profile endpoint to return the User Claims as a Dictionary all in only a few lines of code.
var builder = WebApplication.CreateBuilder(args);
builder.AddMobileAuth();
var app = builder.Build();
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapDefaultMobileAuthRoutes();
app.Run();
Why Use the MobileAuth Library
If you're looking at the MobileAuth Library the chances are that you want to stand up your own API for your Mobile App and you need to authenticate users, but you want to keep things as simple as possible so you can focus just on the code you need to write. Jumping through hoops to get authentication working so that you can use the WebAuthenticator from Xamarin.Essentials or Maui Essentials shouldn't be something you need to deal with. Of course there is no library that can eliminate the need for you to set up the Client Credentials with Microsoft, Google, Apple, etc, however we can try to make this easier. When using this library it requires minimal configuration on your part while ensuring that you can focus on writing API's that require an authenticated user.
How to Configure the MobileAuth Library
For brevity I'm going to leave out the details on specifically how to get the Client Id & Client Secret for Google & Microsoft, and how to get everything you need for Apple as there is already a lot of information on this in the Project Readme. Configuring the Library really is quite simple though.
{
"OAuth": {
"CallbackScheme": "mobile-demo",
"JwtKey": "DanSiegelMakesTheBestLibraries",
"Apple": {
"ServiceId": "com.company.app.sid",
"KeyId": "{your key id}",
"TeamId": "{your team id}"
},
"Google": {
"ClientId": "{your google client id}",
"ClientSecret": "{your google client secret}"
},
"Microsoft": {
"ClientId": "{your microsoft client id}",
"ClientSecret": "{your microsoft client secret}"
}
}
}
An important consideration here is that if you only want to start with a single provider you can easily do that. By Default any provider that is not properly configured will simply be ignored. The CallbackScheme must match what you set up in your mobile app for the WebAuthenticator. The JwtKey is technically optional as a default key will be provided for development purposes, however you really should provide some sort of key, and while the one shown may be a joke, it would work.
Next Steps
-
Check out the MAUI Demo App - This provide a full DI example using a Refit client to get the User Credentials
-
Consider adding an EntityFramework DbContext to manage tokens. This can help you to Validate technically valid tokens have not been invalidated by a user sign out.
Comments
Be the first to leave a comment
Leave a Comment