This guide describes how to deploy Single Sign-On (SSO) for native IOS™ applications using the OpenID® Connect protocol, and includes the following information:
• |
Using the OpenID® Connect protocol, the IOS™ application authenticates the user against Dell™ One Identity Cloud Access Manager and retrieves a set of three security tokens, as shown in Figure 1. The security tokens are known as the ID Token, Refresh Token and Access Token.
This sample application consists of two components:
The sample IOS™ application contains a package called openidconnect which can be used in a standard IOS™ project to authenticate users using the OpenID® Connect Code Flow. The sample Web API contains a .NET Open Web Interface (OWIN) middleware called CAMBearerTokenAuthentication. This can be used in a standard .NET Web API project to authenticate the IOS™ application using the Access Tokens obtained from Dell™ One Identity Cloud Access Manager.
1 |
When the application starts it checks for an existing ID Token stored from a previous authentication. If an ID Token does not exist the application sends an authentication request using the system browser to start the OpenID® Connect Authorization Code Flow. However if an ID Token does exist, the application skips to Step 4. |
5 |
The Web API validates the Access Token by using it to call the Cloud Access Manager User Info Endpoint. The validation is performed using the provided OWIN middleware which will cache the User Info responses. The OWIN middleware will also verify that the Access Token was scoped for itself by checking that the User Info response contains at least one of its scopes. The claims returned from the User Info Endpoint are used by the Web API to identify the user and control their access. |
1 |
Make sure that the settings on the OpenID Connect / OAuth 2.0 Settings page are as follows: |
2 |
Make sure that the settings on the Token Settings page are as follows: |
3 |
Make sure that the settings on the Claim Mapping page are as follows: |
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center