Challenge Overview
The Hercules client has asked us to develop a simple login system for iPads. The iPads will be in supervised / single app mode connected to an MDM.
This challenge will update the login flow to use the Resource Owner OAuth2 flow and will skin the UI and app icon with a new UI
WARNING:
To review or develop this challenge, you will need an iPad that can be completely wiped and registered with an MDM. This is an unfortunate requirement, and I am unaware of a way around this. If you can figure out a way to do this in the simulator, feel free to document that in great detail as part of your README, but I have been unable to get it wo
New UI
A new UI has been provided. This applies to:
* The app icon
* The login screen
* The summary screen that shows the logged in details
New login:
The new login UI will be native, instead of loading up the WebSec login form in a web view. We can strip out all the web view code that's in the codebase now - please don't leave any unused code laying around.
The new login will use the resource owner OAuth flow, and details and links to the playground for testing will be provided in the forum.
Device login screen:
On the device login screen, there's a new "Continue" button that should refresh the timeout when tapped. Logout will work like it does now - sending the app into single-app mode and showing the login prompt
Login (Existing functionality)
The app will launch and will do this flow:
* Put itself into Guided Access Mode (UIAccessibilityRequestGuidedAccessSession(true))
* Show the login form
* Force the user to log in (no other apps can be launched since we're in Guided Acces Mode)
* Once the user logs in, remove Guided Access Mode (UIAccessibilityRequestGuidedAccessSession(false))
After the app has logged the user in, we will show a simple screen with:
* The user's name
* The date and time logged in
* The duration of the current session.
Anytime the app is launched, until the timeout, we will update the information on the screen so the duration of the current session is accurate.
Logout (Existing functionality)
In addition to the user details shown on the screen, we will show a "Logout" button. When the user clicks "Logout", we will do the following:
* Show a prompt that says "Are you sure you want to log out Yes / No". When the user clicks "Yes", we will:
* Put the app back into Guided Access Mode
* Show the login prompt
The user won't be able to do anything more with the iPad until they log in.
Time out (Existing functionality)
There needs to be a configurable timeout in the app where the authenticator app will log itself out automatically and show the login prompt.
Configuration
All endpoints and values need to be configurable in the environment and through xcconfig files. Look at the Retail 360 app and the xcconfig files in the forum to get an idea of how that works.
MDM
There are two tested MDMs that have been shown to work and are free or cheap:
* Meraki (https://meraki.cisco.com/)
* Apple Profile Managed (part of macOS Server (http://www.apple.com/au/macos/server/))
You can use the Apple Configurator 2 app to wipe your development iPad: https://itunes.apple.com/au/app/apple-configurator-2/id1037126344?mt=12
Here are some helpful links for getting connected. Once you have a trust profile and an enrollment profile, you should be able to install those to your development iPad and it will connect to the MDM automatically.
* https://help.apple.com/serverapp/mac/5.2/#/apd05B9B761-D390-4A75-9251-E9AD29A61D0C
* https://help.apple.com/serverapp/mac/5.2/#/apd00B154DD-D0D6-48D0-A2ED-005D494E263F
* https://help.apple.com/profilemanager/mac/5.2/#/apdC8764F44-B9DB-4799-A694-BEDA42DABEBF
* https://www.manageengine.com/mobile-device-management/help/enrollment/enroll_ios_devices_using_apple_configurator.html
Documentation
A video is required for this challenge.
Make sure your README.md is very complete and detailed. The main complexity in this challenge is just the setup, so we need to make sure that piece is well documented.
Submission
For this challenge, please submit:
1. Patch files against the develop branch of the repo in the forum, commit hash 200c19f6245ce6b58cabdcb5d0d89e30dbd816c8
2. A video showing the new UI
3. A README documenting any setup that needs to be done
This challenge will update the login flow to use the Resource Owner OAuth2 flow and will skin the UI and app icon with a new UI
WARNING:
To review or develop this challenge, you will need an iPad that can be completely wiped and registered with an MDM. This is an unfortunate requirement, and I am unaware of a way around this. If you can figure out a way to do this in the simulator, feel free to document that in great detail as part of your README, but I have been unable to get it wo
New UI
A new UI has been provided. This applies to:
* The app icon
* The login screen
* The summary screen that shows the logged in details
New login:
The new login UI will be native, instead of loading up the WebSec login form in a web view. We can strip out all the web view code that's in the codebase now - please don't leave any unused code laying around.
The new login will use the resource owner OAuth flow, and details and links to the playground for testing will be provided in the forum.
Device login screen:
On the device login screen, there's a new "Continue" button that should refresh the timeout when tapped. Logout will work like it does now - sending the app into single-app mode and showing the login prompt
Login (Existing functionality)
The app will launch and will do this flow:
* Put itself into Guided Access Mode (UIAccessibilityRequestGuidedAccessSession(true))
* Show the login form
* Force the user to log in (no other apps can be launched since we're in Guided Acces Mode)
* Once the user logs in, remove Guided Access Mode (UIAccessibilityRequestGuidedAccessSession(false))
After the app has logged the user in, we will show a simple screen with:
* The user's name
* The date and time logged in
* The duration of the current session.
Anytime the app is launched, until the timeout, we will update the information on the screen so the duration of the current session is accurate.
Logout (Existing functionality)
In addition to the user details shown on the screen, we will show a "Logout" button. When the user clicks "Logout", we will do the following:
* Show a prompt that says "Are you sure you want to log out Yes / No". When the user clicks "Yes", we will:
* Put the app back into Guided Access Mode
* Show the login prompt
The user won't be able to do anything more with the iPad until they log in.
Time out (Existing functionality)
There needs to be a configurable timeout in the app where the authenticator app will log itself out automatically and show the login prompt.
Configuration
All endpoints and values need to be configurable in the environment and through xcconfig files. Look at the Retail 360 app and the xcconfig files in the forum to get an idea of how that works.
MDM
There are two tested MDMs that have been shown to work and are free or cheap:
* Meraki (https://meraki.cisco.com/)
* Apple Profile Managed (part of macOS Server (http://www.apple.com/au/macos/server/))
You can use the Apple Configurator 2 app to wipe your development iPad: https://itunes.apple.com/au/app/apple-configurator-2/id1037126344?mt=12
Here are some helpful links for getting connected. Once you have a trust profile and an enrollment profile, you should be able to install those to your development iPad and it will connect to the MDM automatically.
* https://help.apple.com/serverapp/mac/5.2/#/apd05B9B761-D390-4A75-9251-E9AD29A61D0C
* https://help.apple.com/serverapp/mac/5.2/#/apd00B154DD-D0D6-48D0-A2ED-005D494E263F
* https://help.apple.com/profilemanager/mac/5.2/#/apdC8764F44-B9DB-4799-A694-BEDA42DABEBF
* https://www.manageengine.com/mobile-device-management/help/enrollment/enroll_ios_devices_using_apple_configurator.html
Documentation
A video is required for this challenge.
Make sure your README.md is very complete and detailed. The main complexity in this challenge is just the setup, so we need to make sure that piece is well documented.
Submission
For this challenge, please submit:
1. Patch files against the develop branch of the repo in the forum, commit hash 200c19f6245ce6b58cabdcb5d0d89e30dbd816c8
2. A video showing the new UI
3. A README documenting any setup that needs to be done