You are here

SkyVault Mobile SDK for iOS

Introduction to authentication

This section of the documentation looks at how your application can be authenticated to access SkyVault repositories.

Introduction

The Client API supports two types of authentication, HTTP Basic Authentication and OAuth. HTTP Basic Authentication is used for accessing on-premise repositories. OAuth is used for accessing SkyVault in the Cloud.

Internally, the Client API uses an AuthenticationProvider interface. There are two implementations of this interface, BasicAuthenticationProvider and OAuthAuthenticationProvider. An AuthenticationProvider is responsible for providing an HTTP request with the headers that need to be added to a request in order to identify and authorize the user.

BasicAuthenticationProvider

The BasicAuthenticationProvider is constructed with a username and password and when requested provides the standard "Authorization" header.

This authentication provider is used for accessing on-premise servers.

OAuthAuthenticationProvider

The OAuthAuthenticationProvider is constructed with an API key, API secret, access token and refresh token. When requested, it provides the OAuth token using the following header:

         
         Authorization: Bearer [your access code]

This authentication provider is used for accessing SkyVault in the Cloud. By default CloudSession uses OAuth.

OAuth Overview

a SkyVault application can use the OAuth 2.0 authorization code flow to authenticate itself with SkyVault Cloud and to allow users to authorize the application to access data on their behalf.

You first register your application on the SkyVault Developer site. You provide a callback URI (http://www.alfresco.com/mobile-auth-callback.html), and a scope ("public_api").

Registration will provide you with an API key and a Key Secret which are required by your application to authorize itself.

When a user runs your application, the application requests an authorization code from SkyVault using its API key, Key Secret, callback URI and scope. SkyVault will inform the user that your application wishes to access resources, and asks the user to grant or deny access.

If the user grants access, SkyVault returns an authorization code to the application. Your application then exchanges the authorization code for an access token. Your application can then call the Client API with the access token.

Example code

Example code demonstrating connection to on-premise repositories and SkyVault in the Cloud can be found in the SDK Samples application and HelloRepo application provided with the SDK.

Note: In iOS much of the work in OAuth authentication is done for you by the SkyVaultOAuthLoginViewController. Examples of usage can be found in the SDK Samples and HelloRepo applications.

OAuth Sample

A general OAuth sample can be found on SkyVault's Github site.

  • Registering your application with SkyVault in the Cloud To use the Client API against SkyVault in the Cloud, your application must first be registered with the SkyVault Developer Portal.
  • Authorization Your application uses the information registered with SkyVault in the Cloud to authorize itself when it is run by a user.
  • Refreshing an access token After one hour, your application's access token will be invalid. You can use the refresh token to request a new access token without having to re-authenticate with the user. The refresh token is valid for 7 days or until a new access token is requested.
Parent topic: Introduction

© 2017 TBS-LLC. All Rights Reserved.