Challenge Overview
The Hercules client has asked us to develop a simple login system for iPads. The login functionality already exists, and we're just going to port it over from the Retail 360 app, but this code challenge is going to be more difficult because the flow the client wants to use is the guided access mode / API, which requires the iPad to be in "Supervised" mode through an MDM (Mobile Device Manager).
WARNING:
To review or develop this challenge, you will need an iPad that can be completely wiped and registered with an MDM. This is an unfortunate requirement, and I am unaware of a way around this. If you can figure out a way to do this in the simulator, feel free to document that in great detail as part of your README, but I have been unable to get it wo
Login
The app will launch and will do this flow:
* Put itself into Guided Access Mode (UIAccessibilityRequestGuidedAccessSession(true))
* Show the login form (OAuth prompt from Retail 360)
* Force the user to log in (no other apps can be launched since we're in Guided Acces Mode)
* Once the user logs in, remove Guided Access Mode (UIAccessibilityRequestGuidedAccessSession(false))
After the app has logged the user in, we will show a simple screen with:
* The user's name
* The date and time logged in
* The duration of the current session.
Anytime the app is launched, until the timeout, we will update the information on the screen so the duration of the current session is accurate.
Logout
In addition to the user details shown on the screen, we will show a "Logout" button. When the user clicks "Logout", we will do the following:
* Show a prompt that says "Are you sure you want to log out Yes / No". When the user clicks "Yes", we will:
* Clear all stored WKWebView cookies and local storage (see Retail 360's logout flow)
* Put the app back into Guided Access Mode
* Show the login prompt
The user won't be able to do anything more with the iPad until they log in.
Time out
There needs to be a configurable timeout in the app where the authenticator app will log itself out automatically and show the login prompt. I'm not 100% sure this is possible with the iOS SDK, but we need to document what was tried and whether or not this is possible.
Configuration
As with the Retail 360 app, all endpoints and values need to be configurable in the environment and through xcconfig files. Look at the Retail 360 app and the xcconfig files in the forum to get an idea of how that works.
MDM
There are two tested MDMs that have been shown to work and are free or cheap:
* Meraki (https://meraki.cisco.com/)
* Apple Profile Managed (part of macOS Server (http://www.apple.com/au/macos/server/))
You can use the Apple Configurator 2 app to wipe your development iPad: https://itunes.apple.com/au/app/apple-configurator-2/id1037126344?mt=12
Here are some helpful links for getting connected. Once you have a trust profile and an enrollment profile, you should be able to install those to your development iPad and it will connect to the MDM automatically.
* https://help.apple.com/serverapp/mac/5.2/#/apd05B9B761-D390-4A75-9251-E9AD29A61D0C
* https://help.apple.com/serverapp/mac/5.2/#/apd00B154DD-D0D6-48D0-A2ED-005D494E263F
* https://help.apple.com/profilemanager/mac/5.2/#/apdC8764F44-B9DB-4799-A694-BEDA42DABEBF
* https://www.manageengine.com/mobile-device-management/help/enrollment/enroll_ios_devices_using_apple_configurator.html
Documentation
A video is required for this challenge.
Make sure your README.md is very complete and detailed. The main complexity in this challenge is just the setup, so we need to make sure that piece is well documented.
WARNING:
To review or develop this challenge, you will need an iPad that can be completely wiped and registered with an MDM. This is an unfortunate requirement, and I am unaware of a way around this. If you can figure out a way to do this in the simulator, feel free to document that in great detail as part of your README, but I have been unable to get it wo
Login
The app will launch and will do this flow:
* Put itself into Guided Access Mode (UIAccessibilityRequestGuidedAccessSession(true))
* Show the login form (OAuth prompt from Retail 360)
* Force the user to log in (no other apps can be launched since we're in Guided Acces Mode)
* Once the user logs in, remove Guided Access Mode (UIAccessibilityRequestGuidedAccessSession(false))
After the app has logged the user in, we will show a simple screen with:
* The user's name
* The date and time logged in
* The duration of the current session.
Anytime the app is launched, until the timeout, we will update the information on the screen so the duration of the current session is accurate.
Logout
In addition to the user details shown on the screen, we will show a "Logout" button. When the user clicks "Logout", we will do the following:
* Show a prompt that says "Are you sure you want to log out Yes / No". When the user clicks "Yes", we will:
* Clear all stored WKWebView cookies and local storage (see Retail 360's logout flow)
* Put the app back into Guided Access Mode
* Show the login prompt
The user won't be able to do anything more with the iPad until they log in.
Time out
There needs to be a configurable timeout in the app where the authenticator app will log itself out automatically and show the login prompt. I'm not 100% sure this is possible with the iOS SDK, but we need to document what was tried and whether or not this is possible.
Configuration
As with the Retail 360 app, all endpoints and values need to be configurable in the environment and through xcconfig files. Look at the Retail 360 app and the xcconfig files in the forum to get an idea of how that works.
MDM
There are two tested MDMs that have been shown to work and are free or cheap:
* Meraki (https://meraki.cisco.com/)
* Apple Profile Managed (part of macOS Server (http://www.apple.com/au/macos/server/))
You can use the Apple Configurator 2 app to wipe your development iPad: https://itunes.apple.com/au/app/apple-configurator-2/id1037126344?mt=12
Here are some helpful links for getting connected. Once you have a trust profile and an enrollment profile, you should be able to install those to your development iPad and it will connect to the MDM automatically.
* https://help.apple.com/serverapp/mac/5.2/#/apd05B9B761-D390-4A75-9251-E9AD29A61D0C
* https://help.apple.com/serverapp/mac/5.2/#/apd00B154DD-D0D6-48D0-A2ED-005D494E263F
* https://help.apple.com/profilemanager/mac/5.2/#/apdC8764F44-B9DB-4799-A694-BEDA42DABEBF
* https://www.manageengine.com/mobile-device-management/help/enrollment/enroll_ios_devices_using_apple_configurator.html
Documentation
A video is required for this challenge.
Make sure your README.md is very complete and detailed. The main complexity in this challenge is just the setup, so we need to make sure that piece is well documented.