This repository has been archived by the owner on Feb 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Integration with Zalando App
Daniel Bauke edited this page Feb 14, 2024
·
2 revisions
(Taken from #122)
Current state of findings:
How to share login credentials with iOS Fashion App?
All the following cases require to be fully implemented in the called app. However, they could be done in different ways (scenarios).
When a user is not logged in the app, and no credentials are stored.
- Handle login process in the app (to verify credentials inside the app)
- Go forward with “User logged” scenario
- Open the caller app back with an error to handle as “No credentials are available”.
Treat it as “User logged."
Treat it as “User not logged, not stored credentials."
- Grab any of credentials:
- Email + password from keychain
- OAuth token (with login and permission)
- Open back calling app with the acquired data
- App 1 opens App 2 with a request for a token
- App 2 uses credentials stored in the app to fill in the OAuth form.
- App 2 retrieves OAuth token
- App 2 passes OAuth token back to the App 1.
- 💚 Safe and correct way of handling sensitive data access
- 💚 Gives real OAuth token without additional operations
- 🚫 Requires extra 2 steps for a user inside Fashion App
- 🚫 Requires OAuth implementation in Fashion App
- 🚫 Requires injecting existing credentials into separated OAuth login form
- App 1 opens App 2 with a request for a token, and secret accessing token
- App 2 asks for login or directly passes credentials to the App 1 in encrypted form
- Needs to implement data encryption.
- Private/public key:
- 🚫 Requires adding public key to Fashion App and updating it for all the apps
- Symmetric-key
- 💚 Allows to encrypt response with a given password, and it could be random OTP
- 🚫 Requires adding access password/key to open Fashion App to avoid stealing user data
- Private/public key:
- Data transfer possibilities
- App-specific uri
- Save BMP file in Camera Roll
- 🚫 Named pasteboard (only same app group)
🚫 NO-GO. All applications that share keychain access must use the same app ID prefix, which is not possible for apps using SDK
Like 1password. To be confirmed.
Important to note: it's possible to share credentials with Safari.
In short it needs:
- specific app setup
- specific web setup (this case login page or Zalando page)
- user acceptance to do it
☎️ Questions, problems, new ideas? Please email us or create an issue.
© 2016-2017 Zalando SE