iOS Okta Integration

Monkton, Inc.

With Rebar for iOS, MFAKit is required as well as Okta's OIDC. Once integrated and the directions below followed, Okta will automatically work for users. All that needs to occur is adding:

  • App Scheme in app PList
  • Add MFAKit
  • Add Okta OIDC Framework
  • TLS Pins to the app-config.json file
  • rebar.auth value in the app-config.json file
  • rebar.okta configuration settings to the app-config.json file

Detailed documentation on configuring Okta in the Rebar Hub can be found here

Okta iOS Integration Checklist

  • Add App Scheme to the plist file

    In the plist file, add the CFBundleURLTypes key and values

  • Add MFAKit to your project

    Ensure that MFAKit has been added to the project

  • Add Okta OIDC to your project

    Ensure that Okta OIDC has been added to the project

  • Configure TLS Pinning in the app-config.json file

    Ensure the rebar.tls.pinned values have been set

  • Configure Okta Auth Type in the app-config.json file

    Ensure the rebar.auth has been set to okta

  • Configure Okta Configuration in the app-config.json file

    Ensure the rebar.okta JSON dictionary has been configured

App Scheme

Within your app's plist file, add the CFBundleURLTypes key with the following values. We suggest using your app's bundle identifier. Be sure to add the CFBundleURLName and CFBundleURLSchemes values with your bundle identifier as the supplied value.

<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleURLName</key>
        <string>io.monkton.rebarapp</string>
        <key>CFBundleURLSchemes</key>
        <array>
            <string>io.monkton.rebarapp</string>
        </array>
    </dict>
</array>

TLS Pinning

Rebar will automate this process in the future, but for now apps should embed the Okta TLS pin value into the rebar.tls.pinned array in the app-config.json file.

Failure to do so will provide errors loading the OIDC configuration from Okta.

Okta Authentication Type

To enable the app to leverage Okta authentication, you should set the rebar.auth value to okta in the app-config.json file. Rebar will then force the user to authenticate with Okta

"rebar.auth": "okta"

Okta Configuration in App

To enable Okta to automatically pick up the configuration, in the app-config.json file you must add the following values:

  • clientId: this is the client ID you retrieve from Okta
  • redirectUri: when registering the app in Okta, you will register it as {your-app-bundle-identifier}:/callback
  • issuer: when registering the app in Okta, you will register it as https://{your-okta-domain}/oauth2/default
  • discoveryUri: when setting the app-config.json value, you will use: https://{your-okta-domain}

The sample JSON is here:

"rebar.okta": {
    "clientId": "{your-client-id-from-okta}",
    "issuer": "https://{your-okta-domain}/oauth2/default",
    "redirectUri": "{your-app-bundle-identifier}:/callback",
    "scopes": "openid profile offline_access",
    "discoveryUri": "https://{your-okta-domain}"
}

MFAKit Library

To use Rebar's Okta integration, you must first add the Rebar MFAKit library to your app target. In Xcode, find your desired app target and navigate to Frameworks, Libraries, and Embedded Content, tap the + button to begin adding the framework:

Adding Library Start

At the bottom of the modal, tap Add Other > Add Files button to find the MFAKit library:

Adding Library

In the rebar-sdk/Development folder you will find the MFAKit.framework select that framework and tap Open:

Selecting MFAKit

Okta OIDC Library

In your project, you must integrate the Okta OIDC library. This can be done by following directions on Okta's OIDC GitHub page.