iosoauth-2.0ibm-mobilefirstmobilefirst-servermfp

objective c - preauthorize request body with device_id


There is an extra device_id since im upgrade IBM Framework to latest. May i know is there anyway to remove it from my request body? Because it cause 400 bad request.

{ "client_id": "84q113475-ffac-4a17-bf1b-be666369e097", "scope": "Authenticate", "device_id": "esBoCz0yTHEa87iQIrSdMqWJoVRsVc-XHqhf3tOCBXsTOoojcWgiASfaUeFYsxgMnTmGhW3M8EMiDM5Z7WvhpXw==", "challengeResponse": { "Authenticate": { "username": "USER1", "password": "WuPydyRBXUQ6pbNKhhoe2EklOruf2BcB4E8=", "deviceId": "0C35D8C7-763B-45AC-B229-DF01AEAD519B" } } }


Solution

  • This happens when the mobile application is trying to connect with the older version of MobileFirst Foundation Server(versions prior to 8.0.2020101311). There were some security strengthening done(PH30473 STRENGTHENING PRE-AUTH ENDPOINT) with the latest iFix of MobileFirst. This requires the server and client application to be at the same level. However, to ensure compatibility , the SDK can set a flag to continue working with an older server If you are unable to upgrade the server, as a compatibility measure, you can choose to use the newer SDKs (version 8.0.2020101412 or higher) with an older version of the Mobile Foundation server (versions prior to 8.0.2020101311) by adding the following configuration:

    Native Android apps

    Native iOS apps

    Cordova apps

    Note: The recommended approach is to upgrade your MobileFirst Server version to latest and add a new version of an app in MFP Console and not use the compatibility configuration mentioned above.