Hi there !
I’ve been using Foundry / OSDK as a backend for a (native) mobile app and a web app.
Currently, the only way I’ve found to obtain a Foundry token to use the OSDK is using Foundry’s /authorize endpoint, which triggers an OAuth flow.
Due to our product’s context, we’d like to have an in-app authentication flow (By in-app I mean the app collects whatever information that is needed and then sends it somewhere in exchange for a token, without opening any links in a browser)
From what I understand, this is not currently possible.
Any insights on the matter ?
Thanks a lot !
I am not sure, I guess this depends on your OAuth library, if you have a library that does something like that with Multipass endpoint, then all that OSDK requires for Auth is a function which returns a promise to a string → the token.
Hi there, thanks for replying !
Yes the OSDK only requires a function that returns a promise with a token.
My issue is not really with the OSDK itself (as you said the OSDK only requires a function that returns a promise with a token).
It’s more to do with the fact that Foundry requires its own token instead of the identity provider’s that’s used underneath. Let me explain:
Let’s say we use Auth0 (or Cognito or whatever identity provider). If I use Auth0’s client SDK to fetch a token, then pass it to the OSDK, I’m unauthorised. That is because (I suspect) even though Auth0 is configured as an identity provider, Foundry only uses it to verify that the user was correctly authenticated, then Foundry produces its own token, which is the one that needs to be used with the OSDK, not Auth0’s token.
So if I use Auth0’s client SDK to implement in-app authentication, and get a token, well it’s not the right one, I need a Foundry token. Now the problem with Foundry tokens is that from what I’ve read, you can only get them through an Oauth flow, specifically an /authorize endpoint. (which redirects to your identity provider’s login page on a browser)
This endpoint doesn’t implement a password grant flow for example, so I can’t pass in a username and a password that I’d collect from the app.
For registration, I think it would still work if I use Auth0’s in-app registration, as creating a user shouldn’t be a problem, but then when trying to authenticate this user, same issue.
I hope the issue is clearer now, thanks in advance for any insights !