TemplateStudio icon indicating copy to clipboard operation
TemplateStudio copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Adding in an authentication component

Open crutkas opened this issue 7 years ago • 14 comments

Auth is hard and tricky. It would be great if we had a ready made component that could do this.

crutkas avatar Apr 05 '17 04:04 crutkas

This is the type of component that should actually be developed and maintained in UWP Community Toolkit, and then repackaged (if necessary) in this Template Studio.

XamlBrewer avatar Apr 05 '17 05:04 XamlBrewer

Would this be a catch all for OAuth?

jamesmcroft avatar Apr 05 '17 11:04 jamesmcroft

And agree with @XamlBrewer on adding it in as a separate component. It would have to be a standalone package in the Toolkit though like notifications.

jamesmcroft avatar Apr 05 '17 11:04 jamesmcroft

I'd been thinking about something like this too. My thought was to add a page option which would include pages for 'login' 'forgot password' and 'signup' hooked into a stubbed out This is something that lots of apps add and so having something to act as a jumpstart (as couldn't do everything to integrate with custom backends or varying registration requirements) but would help people get going faster.

This seems like a good complement to a separate option for Azure Mobile Authentication (allowing common oauth providers.) X-Ref: https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-windows-store-dotnet-get-started-users

mrlacey avatar Apr 05 '17 21:04 mrlacey

@XamlBrewer the toolkit could be a great area for that to live. lets validate the complexity first and chat with . i think what @mrlacey pointed out is a solid spot. Lets sync with @deltakosh and @shenchauhan

crutkas avatar Apr 06 '17 23:04 crutkas

Leaving this to track if anything is added to the toolkit and is appropriate to add. Have added specific other issues for implementing as pages/features

mrlacey avatar May 11 '17 07:05 mrlacey

From #1245, Azure AD B2C authentication service to the app

crutkas avatar Oct 06 '17 20:10 crutkas

Point of discussion is also: how to deal with obligatory authentication vs authentication that gives added functionality?

First option should block the app after the splash screen, show login options + optional registration, while other option should be some option in the settings page maybe (to make it generic, I understand that there might be more beautiful ways showing a profile picture in one of the corners)?

Are these two different "features" in WTS that should be mutually exclusive, or should it be one "feature" that has a setting (obligatory vs optional)?

hansmbakker avatar Oct 04 '18 19:10 hansmbakker

@hansmbakker interesting, didn't think about that. So 2nd option would be like, hey, if you want to store your settings or something or have a high score but stuff works without it. Right?

crutkas avatar Oct 04 '18 21:10 crutkas

Yes, or a task list that you can use local-only or that synchronizes after authentication. Some apps work by letting you explore them first, while other apps demand authentication because of the nature of your application. E.g. an e-mail app or banking app without setting up your account first doesn't make much sense.

One exception could be that you want to put an app tour before obligatory authentication, so that the user knows what to expect. I believe OneNote does this.

hansmbakker avatar Oct 04 '18 21:10 hansmbakker

i think both are a good idea, i would make transition this into two distinct asks then. One for the 1st scenario and a new one for the 2nd.

crutkas avatar Oct 05 '18 18:10 crutkas

I would love it if it included options for 3rd party authenticators. Microsoft account, LinkedIn, Facebook , etc. With configuration flags to allow the developer to enable/disable each one. It seems this would be easier than trying to build a privately held database with all the complexities of that. A seamless default could use Microsoft accounts.

scharwood avatar Mar 04 '19 18:03 scharwood

Another nice feature would be to add multifactor authentication, and biometric authentication.

Is there an industry standard for this? For example: I have facial recognition enabled on my Windows device, or fingerprint on my iPhone, or iris scan on my HoloLens (grin). How would an app know that the capability exists on the device and allow/require it's use?

And if it is available how does a 3rd party authenticator notify the app if the user is set up for biometric authentication, or that the user requires multifactor authentication (assuming that is an option on some public authenticator platforms)?

scharwood avatar Mar 04 '19 18:03 scharwood

Another nice feature would be to add multifactor authentication, and biometric authentication.

Is there an industry standard for this? For example: I have facial recognition enabled on my Windows device, or fingerprint on my iPhone, or iris scan on my HoloLens (grin). How would an app know that the capability exists on the device and allow/require it's use?

And if it is available how does a 3rd party authenticator notify the app if the user is set up for biometric authentication, or that the user requires multifactor authentication (assuming that is an option on some public authenticator platforms)?

for 2FA, a lot of that is built into AAD. On my family's account, i force it on everyone :)

crutkas avatar Mar 04 '19 18:03 crutkas