Wayne Douglas - 97 - May 20, 2014

How would I do social authentication in a mobile app? I want to have a xamarin client that can authenticate against my servicestack services - I can use xamarin.auth but to authenticate against Fb but have no idea how that would tie in with the SS client auth?

They don’t tie together in the same way as an Obj-C auth client and an external service auth would tie together. They’re just 2 separate clients authenticating with Facebook via OAuth individually. 

Although when authenticating with facebook after you’re already authenticated, facebook will auto-redirect back so the user doesn’t have to accept the app again. Given this there might be an opportunity to copy over the cookies from Xamarin.Auth Account.Cookies collection to a new Browser window (maybe hidden?) and point it to http://yourhost/auth/facebook and it should hopefully redirect to facebook then back again to SS which if authenticated will authenticate the user and set ServiceStack’s ss-id/ss-pid Session cookies. You could then use these cookies with the ServiceClient to make authenticated requests to SS.

This is basically hypothetical, but that’s the only way I can think of it working.

Another less secure way is to after authenticating with Xamarin.Auth grab the userId and call a backdoor service to auto-authenticate the user (i.e. populating an auth usersession) based on userId alone, obviously you want to protect any backdoors like this to ensure only your client can call this service to prevent anyone hijacking the account. 

Wayne Douglas:

is it even possible to copy cookies over to another browser session?

You can add Cookies on the server or client-side in the browser. If the WebBrowser control  or HTTP Request doesn’t offer an API to add cookies than you should just be able to add them in JS.

Checking out the Xamarin Docs they offer an EvaluateJavascript and LoadHtmlString APIs which looks like they should let you exec JS:
http://iosapi.xamarin.com/?link=T%3aMonoTouch.UIKit.UIWebView%2fM

The JS docs for editing cookies is at:
https://developer.mozilla.org/en-US/docs/Web/API/document.cookie

Wayne Douglas:

OK I have just tried this out and when I have authenticated the Account.Cookies collection is empty :confused:

I guess that wont work then. What do you need Xamarin.Auth for? Is it a pre-requisite for calling something else? If so what’s an example of an API. Just looking for a way if we can auth with SS and get around Xamarin.Auth.

Wayne Douglas:

People can register on our site using credentials auth or facebook, twitter, google. I am building iOS and Android apps so the user can get to their lineups etc while at a festival / event. Ideally we would allow them to sign in to the mobile apps using the social auth above - the credentials auth is in and working fine - it’s just not many of our users will have opted to register with credentials. I don’t particularly care about using xamarin.auth - it just provides a UI to authenticate.  

It doesn’t look like the OAuth session registered by a different client is going to be transferable so I’d recommend just bringing up a custom browser window to with links to the different OAuth providers here:
https://github.com/ServiceStack/HttpBenchmarks#authenticating-with-oauth
Then after the user authenticates, you’d want retrieve the ss-id/ss-pid cookies from the browser and add them to the JsonServiceClient.CookieContainer collection.