Forum Discussion

Scott_Dickerson's avatar
Scott_Dickerson
Icon for Nimbostratus rankNimbostratus
Oct 01, 2019

Authenticate user of native mobile app with OpenId Connect

Does F5 Big IP Access Manager support mobile apps authenticating over OpenId Connect with custom URI redirect_uri?

 

Our native mobile app (iOS and Android) authenticates the user using the Authorization Code Grant flow. How it Works.

 

Our redirect_uri (ie callback uri) is: com.mckesson.wfm.ansos2go://signin

 

We are a software vendor in the Healthcare domain. Our customer who uses F5 Big IP says that this URI is considered invalid by F5 when configuring the OpenId Connect Service Provider. Is that true? If so, how do native mobile app developers perform OIDC authentication with F5?

 

Thanks, Scott

 

UPDATE: I got word from my customer that they set up a rewrite policy, so they could enter the redirect_uri as https:/com.mckesson.wfm.ansos2go://signin. Then, they strip off the https:// in the response to the initial 'authorize' call. This is NUTS!

 

Why does F5 Big IP Access Manager require redirect_uri to be https://...? This totally breaks the OpenId Connect specification which says "The Redirection URI MAY use an alternate scheme, such as one that is intended to identify a callback into a native application."

 

https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint

 

 

application delivery
BIG-IP
code grant
mobile
native
oidc
openid connect
No RepliesBe the first to reply