Auth Connect

Auth Connect makes it easy to add single sign-on and secure user authentication to your Ionic apps.

Using OpenID Connect authentication standards, Auth Connect provides all the infrastructure needed to set up login, logout, and token refresh in an Ionic app running on the web, iOS, and Android. For the best possible security and protection against data theft, it uses native system components, rather than an embedded browser. When used with Ionic Identity Vault, it provides a complete security solution for authentication and storage of logged-in credentials.

Auth Connect is built and supported by the Ionic team, and includes ongoing maintenance, security patches, and pre-built integrations with popular auth providers like Auth0, AWS Cognito, and Azure AD.

Why Auth Connect?#

Practically every app needs to provide an authenticated user experience, especially when those apps are used in enterprise environments by employees or customers. Typically, developers reach for single sign-on solutions, those that allow users to log in using a single ID and password into multiple independent software systems. This is the correct approach, but it's challenging to build secure cross-platform experiences that work across the web and mobile. Auth Connect's fully managed solution offers the following benefits:

Protect your users and data

Securing mobile apps these days is a must. Teams that do not properly authenticate users safely will expose themselves and their brand to the risks of a data breach or violation of customer privacy. Auth Connect prevents unauthorized access to usernames, passwords, and sensitive company data, by using best-in-class native authentication methods.

One API, any auth provider

Single sign-on has a lot of moving parts, and it takes just one misconfiguration to expose user data. Auth Connect's single connector API enables secure SSO by taking care of common authentication workflows for you and by integrating with many authentication providers like Auth0, AWS Cognito, or Azure AD.

Focus on your business

Although user authentication is a necessity in most apps, your team's time is better spent building features unique to your business. While you focus on delivering value to your users, you'll enjoy peace of mind knowing your auth workflows will remain up-to-date with the latest security best practices and platform requirements when using Auth Connect.

How It Works#

No need to become authentication security experts - Auth Connect takes care of all authentication technical details for your team, with the latest security best practices built-in. We provide a simple interface for login/logout, registration, and retrieving security tokens after a successful login. You fill in configuration details for your authentication service of choice such as client id & discovery URL, and we take care of the rest: the redirects, WebView presentation, and selecting the appropriate view controller based on the device’s operating system.

Here's the authentication workflow in action, using Auth0 as the auth provider. After tapping the Login button, the user is directed to the Auth0-powered login page (customizable by your company). After successfully signing in, the login page closes, and the user is automatically taken into the app's home screen (inaccessible unless they are logged in). Finally, after tapping the Log Out button, the user's authentication details are cleared from the app and the user is redirected back to the login page:

Ready to add single sign-on to your app? Install Auth Connect now.

Reference Apps#

While implementing Auth Connect, refer to these reference apps for examples showcasing individual auth providers, multiple providers, and all native solutions.

Addendum: Understanding OpenID Connect#

Auth Connect supports authentication providers that implement the popular OpenID Connect (OIDC) specification, an identity layer built on top of the OAuth 2.0 protocol. OpenID Connect extends OAuth 2.0 with a new signed id_token for the client and a UserInfo endpoint to fetch user attributes. Unlike SAML, OIDC provides a standard set of scopes and claims for identities, including profile, email, address, and phone.

An Open ID Connect flow involves the following steps (using the Ionifits demo app as an example):

  1. Discover the OIDC metadata using the Discovery URL. Via this Auth0 example here, all data necessary for the SSO process is available, including token endpoint, supported authorization scopes, and supported claims. Auth Connect accesses this metadata so it can perform SSO on your app's behalf.
  2. Perform an OAuth flow to obtain an id token and access token. Auth Connect begins this flow once the login method has been called in your app using the token endpoint and authorization endpoint. The user provides their username and password, and upon successful login, Auth Connect fires an onLoginSuccess event that notifies your app that the user has successfully authenticated. Auth Connect manages the user's access token (it's recommended to store this securely using Identity Vault).
  3. Get JWT signature keys and optionally dynamically register the Client application. Auth Connect does this automatically behind the scenes using the JWKS endpoint.
  4. Validate the JWT ID token locally based on built-in dates and the signature. Auth Connect does this automatically behind the scenes.
  5. Retrieve additional user attributes as needed with access token. This can include username, email, avatar picture, phone number, and more. Auth Connect obtains these details using the user info endpoint.

For further reading on OAuth and OpenID Connect, we recommend Okta's "What the Heck is OAuth?" article.