Xamarin Forms + IdentityServer + External Providers (Facebook/Google)

Question

I have an ASP.NET Core Web App and ASP.NET Core Web API and am currently using IdentityServer4.

I am adding a Xamarin Forms application (Android + iOS) and I can't find any examples of a Xamarin Forms application that uses Facebook and/or Google along with IdentityServer.

A lot of the samples I've come across use WebViews, which I don't want to use and want to use either Native App (Facebook/Google) or Mobile Browser (Chrome/Safari) to authenticate (depending if the Facebook/Google app is installed on the users device).

I'm also confused as to what the user flow would be on a mobile, i.e.:

• User opens app
• User clicks Facebook login
• App redirects user, via IdentityServer, to Facebook mobile site (safari/chrome)
• User logs into Facebook / Allows access to my app
• User is then redirected back to Identity server
• Identity server logs in / registers user
• Identity server then re-opens my mobile app passing token
• My app then saves token and uses this for all api calls going forward

I've been using the information and basing my system on the eShopOnContainers enterprise reference app and using this micro-service type architecture and the only thing that's missing (for my purposes) is a social login, otherwise this architecture is precisely the type of thing we're building.

Answer 1

You need to use OAuth for this purpose. It is an open standard for access delegation.

Here is a sample: https://github.com/xamarin/xamarin-forms-samples/blob/master/WebServices/OAuthNativeFlow/OAuthNativeFlow/OAuthNativeFlowPage.xaml.cs

You have a full explanation in the Xamarin documentation: https://learn.microsoft.com/en-us/xamarin/xamarin-forms/data-cloud/authentication/oauth

Answer 2

If it's of any value our solution has everything go through our Identity server. Users have the option of signing in with Google or LinkedIn directly from the sign in page or can be directed to their employer's IDP via custom policies.

The beauty here is that your Xamarin app doesn't need to do anything special as the complexity of handling multiple different social sign in providers is handled by your identityserver4 implementation.

This is pretty much exactly what you've set out in your question so I guess my answer is - yes your thinking is along the right lines in my opinion.

Might be worth having a look at this sample too: https://github.com/IdentityModel/IdentityModel.OidcClient.Samples/tree/master/XamarinForms