Demo mobile apps and SPA, to demonstrate the nonce authenticator pattern on a development computer.
This provides an additional Single Sign On (SSO) option between mobile and web apps, to prevent a double login.

The following components are called, from a mobile emulator or device.
The SPA and OAuth agent are hosted on the same domain, behind a Docker based reverse proxy.
This ensures that the HTTP-only cookies issued to the SPA are first-party:

Build and deploy the system with the following commands:

./build.sh
./deploy.sh

To enable a setup that works on a standalone computer, an ngrok base URL is used:

The internet base URL is: https://c7b9-2-26-158-168.eu.ngrok.io

Mobile and web apps running on devices or emulators then have full connectivity, over HTTPS URLs.
Backend components use URLs similar to the following values:

The Curity Identity Server Admin UI is available at https://localhost:6749/admin.
Sign in with credentials admin / Password1 to inspect the OAuth configuration.

Run the mobile client from Android Studio or Xcode, and an unauthenticated view will be shown:

Android	iOS

Click the login button and sign in as demouser / Password1.

Android	iOS

The authenticated view will then be presented, to enable navigation to the SPA:

Android	iOS

The mobile app posts its ID token to the nonce authenticator in order to get a one-time token.
It then passes the nonce in a query string parameter to the SPA, when loading it in a browser.
The SPA then runs an OpenID Connect redirect that authenticates the user automatically, using the nonce:

Android	iOS

See the following resources for further information:

• Mobile Web SSO Code Example
• Nonce Authenticator Pattern
• Nonce Authenticator Plugin

Please visit curity.io for more information about the Curity Identity Server.