App To Web Single Sign-On

• App To Web Single Sign-On
• Example code

This topic describes how to use the App To Web Single Sign-On functionality

App To Web Single Sign-On

App to Web Single Sign-On allows you to take a session from your mobile application and extend it to a browser on the same device. This is useful for giving a seamless experience to your users when they transition from the mobile application to the website where more functionality likely exists. This functionality can only be used when using the Onegini CIM identity provider as it is a unique feature of the Onegini Consumer Identity Manager. This can be configured in the Onegini Token Server Admin.

The Onegini SDK allow you to specify a target URI where authentication is required. This URI must be configured in the Action Token configuration of the Onegini Consumer Identity Manager. It will then verify that your mobile application's session is valid and establish a session with the IDP before redirecting the user to the target URI with them automatically logged in.

To use the functionality, call the UserClient#getAppToWebSingleSignOn with the target URI and OneginiSingleSignOnHandler to get the result. In case of a success, the OneginiAppToWebSingleSignOn data object will be returned:

public interface OneginiAppToWebSingleSignOn {

  /**
   * This is a URL that is meant to be used by the browser to establish a session.
   *
   * @return Uri meant to be used by the browser
   */
  Uri getRedirectUrl();

  /**
   * The token param from the {@link #getRedirectUrl()} provided here as a convenience.
   *
   * @return String token
   */
  String getToken();
}

In order to continue, the redirect URI should be opened in a web browser. In case of failure, a OneginiSingleSignOnError will be returned. To read more about errors and how to handle them please read the Error handling chapter.

Example code

public void startSingleSignOn() {

    final Uri targetUri = Uri.parse("https://demo-cim.onegini.com/personal/dashboard");

    final OneginiClient oneginiClient = OneginiSDK.getOneginiClient(this);
    oneginiClient.getUserClient().getAppToWebSingleSignOn(targetUri, new OneginiSingleSignOnHandler() {
      @Override
      public void onSuccess(final OneginiAppToWebSingleSignOn oneginiAppToWebSingleSignOn) {
        final Intent intent = new Intent(Intent.ACTION_VIEW, oneginiAppToWebSingleSignOn.getRedirectUrl());
        intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
        intent.addFlags(Intent.FLAG_ACTIVITY_NO_HISTORY);
        startActivity(intent);
      }

      @Override
      public void onError(final OneginiSingleSignOnError oneginiSingleSignOnError) {
        @OneginiSingleSignOnError.SingleSignOnErrorType int errorType = oneginiSingleSignOnError.getErrorType();
        if (errorType == OneginiDeregistrationError.DEVICE_DEREGISTERED) {
          // Single Sign-On failed due to missing device credentials. Register app once again.
          new DeregistrationUtil(DashboardActivity.this).onDeviceDeregistered();
        }

        // other errors don't really require our reaction, but you might consider displaying some message to the user
        showToast("Single Sign-On error: " + oneginiSingleSignOnError.getMessage());
      }
    });
  }