Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is the "session_verifier" required and where should we create it? #9

Open
thphuccoder opened this issue Nov 3, 2023 · 0 comments
Open

Comments

@thphuccoder
Copy link

thphuccoder commented Nov 3, 2023

(Note: we are using Flutter framework, not native)
We are following exactly the flow you provided in your README.
We are at step 3: posting the authentication code to our backend. We're looking at your example below:

https://github.com/singpass/iOS-Singpass-in-app-browser-login-demo/blob/ff32306441cfbb9bd646e7f931279a0c526240bd/sample/ViewController.swift#L262C8-L262C8

var reqBody: [String: String] = [
	"code": authCode,
	"session_id": session_id,
	"session_verifier": sessionVerifier,
	"redirect_uri": kRedirectURI
]
  • authCode: we can pull from Singpass after user logged in
  • session_id: issued by the backend from step 1
  • session_verifier: in the code, we can see that it is generated locally on the app.
  1. Is this parameter required?
  2. Can the backend generate it and return in in step 1 along with session_id? Or it should be generated from mobile only?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant