Versions Compared

Old Version 13

changes.mady.by.user Victor Chupov

Saved on

compared with

New Version 14

changes.mady.by.user Chemwatch IT

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In any case, we need the client id, auth uri, token uri from each of the clients, and the reverse client id from the iOS client. Please keep in mind that the client ID cannot be the same for different clients, each one will have a unique value.

Specific to Okta

If you don't already have the Okta mobile client, follow steps 1-5 to help set it up. Please note that the web client is not suitable for mobile apps, you have to create a native client.
App integration: You need to create a native client for the Smarter Suite mobile application in the Okta (TBD)console with the following parameters:

  1. Create a new app => OIDC => Native app

  2. Login redirect URI => net.chemwatch.walkabout://oauth2redirect

  3. Controlled access => one of two options has to be selected ("Allow access to everyone in your organization" or "Restrict access to selected groups" if such exist)

  4. Once the client is created, as an additional check, verify that the new client is configured to work with PKCE. This should be enabled by default and can be checked in the "client credentials" of the "General" section. PKCE must be enabled!

  5. If you decide to additionally request a client secret, this can be set up on the same page. "Public Key/Private Key" is not allowed, only "None" or "Client Secret" can be selected.

...

  1. In the end, We need the following data from Okta for mobile SSO:

6.1 Client ID: This can be found in the "General" section of the native Okta client.
6.2 Okta Issuer (can be found in the "Sign On" section, should be in the following format: "https://xxx-1234567.okta.com")
6.2.1 It's important to ensure that the client ID on the General tab matches the "Audience" token in the Sign On section. A parameter mismatch indicates an error while creating the client.
6.3. If you opted to use the client secret — the client secret from the "General" tab
6.4. Last but not least, the API of the authorisation server. Provided this is not a default configuration, but something else. It can be found by navigating to Security => API. By default, it looks similar to https://xxx-12345.okta.com/oauth2/default, but if it’s different, we need this information as well.

Chemwatch Web App Configuration for Smarter Suite Users

...