9.0

WorkflowGen Plus v2

Overview

Mobile applications must use an approach similar to that of regular web applications, which is called Authorization Code Flow with Proof Key for Code Exchange (PKCE). The main difference between this and the classic Authorization Code Flow is that the mobile application doesn't get a client secret, but instead exchanges a pair of codes to prove the origin of the authentication attempt. The issue is that a mobile application can't be trusted with a client secret because it's distributed directly to users and is therefore no longer under the developer's control, and the sources can be decompiled and analyzed to find secrets like this.

This section provides instructions on how to configure Auth0 for the WorkflowGen Plus mobile application so that your mobile users can benefit from delegated authentication as well.

Prerequisites

  • Make sure to have a licensed copy of WorkflowGen installed and running on a server.

  • Make sure to have administrative access to Auth0 to be able to configure it properly.

  • Make sure to have provisioned an existing Auth0 user with which you can authenticate to WorkflowGen so that you can use the application afterwards.

  • Make sure to have the WorkflowGen Plus mobile application installed on a device that you have access to.

  • Make sure to have the latest WorkflowGen Plus version installed on your device and that your device is supported.

  • Make sure to have successfully configured delegated authentication to Auth0 on your WorkflowGen instance following the instructions in the Auth0 authentication section.

Auth0 configuration

This configuration is done in several steps. First, you have to register a new native application in Auth0. Then, you have to give the application the necessary permissions to access the WorkflowGen GraphQL API. Finally, you have to register the correct callback URLs that will redirect within the native application.

Step 1: Register a new native application

  1. In the Auth0 portal, click Create Application in the Applications section.

  2. Fill in the form:

    • Name: WorkflowGen Plus

    • Type: Native

  3. Click Create at the bottom of the page.

You've now registered a new native application in Auth0.

Step 2: Add callback URLs

  1. On the Settings tab, scroll down to the Allowed Callback URLs and add the URL workflowgenplus://oidc.

  2. Scroll down further to the Allowed Logout URLs section and add the URL workflowgenplus://oidc.

Review the registration

You don't need to give the application access to the GraphQL API since all applications (except for machine-to-machine applications) have access to all registered APIs within a domain. Here's a review of the information you need:

  • A client ID, which can be found on the native application page's Settings tab.

  • An Auth0 domain name, which can be found directly to the left of your profile picture on the top right corner of the page.

All of this information must be given to the users who will be using the mobile application; they'll need to copy them directly into the app.

PreviousUser ProvisioningNextServer-Side Scripts