We have 3 apps (iOS, Android and node JS) interacting with a custom Ignition 8 module (there’s also a web service involved which is the one communicating directly with Ignition backend through custom module). Apps perform custom authentication against a custom database. Now idea would be to be able to perform authentication using OKTA. Specifically we are interested in OKTA authentication performed at gateway side (if that’s possible and makes sense). For that idea would be:
Configure a new Identity Provider for OKTA (using customer’s OKTA settings). For testing purposes we already downloaded Connect2id (https://connect2id.com/), registered Ignition 8.0 as a client and configured a new Identity Provider accordingly using test settings provided by Connect2id.
Update apps / custom module to perform user authentication making use somehow of SDK’s Identity Provider available methods (of course addressing the OKTA IDP created). Probably using com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterManager?
The ideal scenario (please let me know if it’s feasible) would be not needing to modify apps but only custom Ignition module: apps already ask for user credentials (username and password) and send those to custom module, so idea would be to update custom module to interact with SDK’s Identity provider methods somehow to validate credentials and determine whether authentication was successful or not and then let know authentication result to apps. Does this make sense? If so, what classes/methods should I look into in SDK for that? If this does not make sense, what should be the general flow instead? And again, what classes/methods should I look into in SDK for that in case a module/SDK approach can still apply?
Many thanks in advance for your advice