Versions Compared

Old Version 10

changes.mady.by.user Victor Chupov

Saved on

compared with

New Version 11

changes.mady.by.user Victor Chupov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Below are the instructions for connecting an SSO authentication service to the Chemwatch mobile application: Your IDP service must support the OAuth 2.0 protocol for authentication and authorizationauthorisation

For integration with your service, we need the following information: 

...

When registering the Smarter Suite app in Azure, the optional redirect field must be selected as a public client/native(mobile & desktop) app for mobile apps. Mobile apps have a different redirect URL structure and always start with customScheme.://. It needs to be exactly net.chemwatch.walkabout://oauth2redirect Otherwise, the mobile app won't work with your AzureAD setup. Please see the below image for your reference.

...

If you didn’t specify the redirect URL when registering the app, please add the net.chemwatch.walkabout://oauth2redirect URL to the AzureAD console as an allowed redirect, or else our app will fail the AzureAD security check on login. This can be done in the "Authentication" section which should be second from the top under “Manage” in the left pane.
In the API permissions, you need to add "email" for Microsoft Graph because we use the user's email address for authentication purposes.

...

Specific to Google Workspace (TBD)

Please provide us with the following.

Google IDP requires that two different OAuth 2.0 client IDs be created for each of the platforms: Android and iOS. Google mobile clients do not have clientSecret and work differently. You need to create two clients: one for Android and another for iOS. This can be done in the "Credentials" section of "API & Services" (in GCP). Each of the clients has some properties that need to be filled in with the specified data.

Android client

Name — can be filled with any data

package name — net.chemwatch.walkabout

SHA-1 certificate fingerprint — 7F:49:D2:02:9B:A8:6D:54:24:C1:F7:01:83:5C:EF:3F:3B:21:B6:A4

iOS client

Name — can be filled with any data

bundle id — net.chemwatch.walkabout

app store id — 1547225480

team id — AD5M8U9NQL

This above is a very important step because Google has strict limits and each client is only eligible for one mobile app and mobile platform at a time.

After two clients are successfully created, please provide us with the below info from each of the clients separately. This data can be downloaded as a text file directly from the client's window in the GCP console (there is a special button for this called "download plist" for iOS and "download json" for Android). These files will contain info such as client_id, auth_uri, token_uri, reverse identifier ( for iOS), etc. We need this to set up our app to communicate with these specific clients.

In any case, we need the client id, auth uri, token uri from each of the clients, and the reverse client id from the iOS client. Please keep in mind that the client ID cannot be the same for different clients, each one will have a unique value.

Specific to Okta (TBD)