What way is best to present the sign on: WebView Controller, Okta AppAuth SDK, or Okta Authentication SDK?
This article will help you make an educated decision when choosing your method to provide mobile application authentication. By properly setting up one of the following solutions, you reduce the risk of credentials being mined or stolen by a third party.
Option 1 - Use a WebView Controller to present the sign-on
For this option, the Okta Sign-On Widget is presented in a WebView controller in the mobile application. The widget must be hosted within your platform to manage the login flows and redirects.
Pros:
This option provides the most control over the branded look and feel of the Okta widget
This option provides the ability to insert additional content such as CMS or marketing notifications
Cons:
The client credentials may be exposed to the underlying mobile application during the login process
This option does not support mobile single sign on functionality
Option 2 - Use the Okta AppAuth SDK
The Okta AppAuth SDK is launched from a sign-in button in the mobile application. When the user clicks this button, a mobile browser window is opened with the Okta widget to provide the authentication flow.
Pros:
The AppAuth SDK is the most secure method of providing mobile application authentication via Okta
This is the only method that provides full authentication functionality (e.g. single sign on, multi-factor authentication, registration). This is the only method that provides single sign on to mobile applications
Cons:
The user experience is not as smooth with this option, as the authentication flow must open in a separate browser
Option 3 - Use the Okta Authentication SDK
The Okta Authentication SDK can be leveraged to provide a custom API-based authentication flow within the mobile application. However, this flow cannot handle single sign on. Other applications on the device cannot leverage the same login session with this option.
Pros
This provides the most authentication functionality, including password reset
This option supports multi-factor authentication if you use the Authentication SDK with the OktaAuth SDK
The user experience and branding can be completely customized with this option
Cons
This option does not support single sign on functionality
The client credentials may be exposed to the underlying mobile application during the login process
Recommendation
We recommend Option 2 - Use the Okta AppAuth SDK as this is the only method that provides single sign on for mobile users, and provides you with the most security.
Appendix
Option 1 - Use a WebView Controller to present the sign-on
Using a WebView to control application authentication is a very similar user experience to using AppAuth on Android. The user is presented with an embedded browser window for authentication.
Option 2 - Use the Okta AppAuth SDK - IOS Experience
Option 2 - Use the Okta AppAuth SDK - Android Experience
The AppAuth SDK on Android devices appears as a browser window that presents the Okta Sign-In Widget for authentication.
Option 3 - Use the Okta Authentication SDK
Using the Authentication SDK allows for a completely custom login experience. The experience between iOS and Android only differs in mobile OS layout and styling. The user experience is almost identical.