Mobile Native Application SSO

December 8, 2014

Entering a username and password on a mobile device, such as a smartphone or tablet, is more painful than when using a standard keyboard, and for the typical user, the number of applications requiring an account password seems to grow without bound.


Achieving Native Application Single Sign-On

In addition, for many reasons, the use of native applications on mobile devices is preferred over web applications. So, is there a way to use modern Federated Identity protocols to enable Mobile Native Application Single-Sign-On in addition to Web Application SSO?


Native Application SSO can be achieved in at least two different ways. First, the standard browser-based flows that are used in Web SSO (e.g., OpenID Connect) can be applied to mobile native applications, providing a direct, if minimalistic approach to enabling native app SSO. Alternatively, the use of a Token Agent to broker the authorization requests and manage the delivery of access tokens to the native applications may provide a set of features and benefits not available otherwise.


In this short video, we provide a high-level overview of browser-based SSO, describe how it might be used for Native Application SSO, and discuss the benefits of a Token Agent as proposed by the Native Application SSO (NAPPS) working group of the OpenID Foundation.