Using iOS11 SFAuthenticationSession with IdentityModel.OidcClient

Starting with iOS 11, there’s a special system service for browser-based authentication called SFAuthenticationSession. This is the recommended approach for OpenID Connect and OAuth 2 native iOS clients (see RFC8252).

If you are using our OidcClient library – this is how you would wrap that in an IBrowser:

using Foundation;
using System.Threading.Tasks;
using IdentityModel.OidcClient.Browser;
using SafariServices;
namespace iOS11Client
    public class SystemBrowser : IBrowser
        SFAuthenticationSession _sf;
        public Task InvokeAsync(BrowserOptions options)
            var wait = new TaskCompletionSource();
            _sf = new SFAuthenticationSession(
                new NSUrl(options.StartUrl),
                (callbackUrl, error) =>
                    if (error != null)
                        var errorResult = new BrowserResult
                            ResultType = BrowserResultType.UserCancel,
                            Error = error.ToString()
                        var result = new BrowserResult
                            ResultType = BrowserResultType.Success,
                            Response = callbackUrl.AbsoluteString
            return wait.Task;
This entry was posted in .NET Security, IdentityModel, OAuth, OpenID Connect, Uncategorized, WebAPI. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s