So after visiting the Microsoft Digital Crimes Unit earlier this week, I spent some time thinking about mobile security and authentication schemes. As a result, I decided to test how Titanium mobile could provide a cross-platform, native authentication experience against Azure backend mobile services.
One advantage of the Azure backend is that it accepts OAuth 2.0 authentication from Twitter, Facebook, Google, or Microsoft user accounts. Within a Titanium mobile app, Facebook has the advantage of a built-in module that eliminates the need for the developer to separately code a workflow for the exchange of network calls between the app, the identity provider, and the resource — also known as ”OAuth dance”. Facebook authentication provides for this interaction behind the scenes, already baked in to Titanium.
To share Titanium’s native Facebook module authentication for Azure backend access, you’ll need to wire together the following essential authentication steps:
- retrieve authentication token from Facebook
- present authentication token to Azure
- after confirming the Facebook token’s validity, Azure returns an Azure authentication token
- this token is then presented to Azure as the as the ‘X-ZUMO-AUTH’ header value for subsequent REST queries to the Azure backend database
Thanks to Titanium’s native Facebook module and HTTPClient API object, these steps are easy to implement.
For a simple test case, you can signup for your own Azure Free Trail. Here’s a tutorial that shows how to setup the backend app, you don’t have to do the “Create a New HTML App” section, as your iOS/Android Titanium app will provide the front end.
Next you’ll need to register your app through the Facebook Developers Portal (tutorial), then record the Facebook App ID and Consumer Secret within your Azure Management Portal's identity tab (tutorial).
Now on to the fun stuff — for this example, I created a new Titanium Alloy project. You’ll want include the appropriate references to the Facebook module and Facebook App ID in your tiapp.xml as outlined in the Titanium API docs.
The authAzure method is where the magic happens. Once you’ve successfully retrieved the Azure authentication token, you can then use this token against the backend to perform REST queries.
To perform those REST queries, you will need to set the ‘X-ZUMO-AUTH’ HTTP header with the Azure auth token provided in the above example. Mads Møller’s excellent RestAPI sync adapter would probably be a great start for building out proper models and collections within the Alloy framework. His adapter allows custom HTTP headers to be set, which would allow a developer to set the X-ZUMO-AUTH auth token value.
In theory, you could use Aaron Saunder’s social_plus.js or Kosuke Isobe’s TiPlatformConnect in Titanium as starting points to add similar shared authentication schemes for Azure using Twitter or Google as identity providers.