cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP MDK Apps + Allow Anonymous Access

itsumerfarooq
Participant

on ‎2023 Sep 06 9:11 PM

0 Kudos
592

Hi Experts,

We are creating an SAP MDK app that will be published on iOS and Android app stores.

We have our oData V4 service that is configured in BTP and mobile services and our app communicates to that.

There is a custom login/signup process that is embedded in the app that uses our oData V4 service.

We see that in in MDK app in mobile services -> Security section, it is using OAuth based security

Requirement: We do not want the app to ask for the BTP credentials at the start rather it should land to our page straight away. I see the support for "API Key only" in Security but not sure how to use that.

Can any one help on this?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (3)

Answers (3)

SolGarciaLinfozzi
Discoverer
‎2024 Sep 20 5:46 PM

Hi! Hope you're doing well! 😀

We’re facing a challenge similar to what you described. Our goal is to bypass the BTP login prompt and land directly on our app or on our custom login page. We saw the “API Key only” option in the security settings of mobile services, but we’re unsure how to implement it.

Did you find a way to allow users to access the app without BTP credentials, but still authenticate for specific functionalities later? Additionally, we’re unclear about how to deploy the app to the app stores and whether users will need to use the “Mobile Services” app, or if they can download it directly from the store like any regular app.

I’d really appreciate any guidance or information you can share based on your experience.

Thanks so much in advance!

Best regards, Sol

Show replies
Show replies
itsumerfarooq
Participant
‎2023 Sep 16 7:09 PM
0 Kudos

bill.froelich jitendrakumar.kansal can we follow the following route with certificate based authentication and by pass the user login page?
https://developers.sap.com/tutorials/cp-mobile-dev-kit-cert-auth.html

Show replies
Show replies
bill_froelich
Product and Topic Expert
Product and Topic Expert
‎2023 Sep 18 4:02 PM
0 Kudos

Allowing certs doesn't bypass the login page, but rather the IdP login page detects and gets the certificate and if valid does not prompt the user for entering credentials. So in effect yes the login is bypassed but it still requires there to be an IdP configured to look for the certificates.

itsumerfarooq
Participant
‎2023 Sep 19 10:52 AM
0 Kudos

Thank you for the feedback Bill.

I have implemented the above tutorial but it still asks for the login credentials on both iOS and Android. The missing piece is the certificate part. How can we configure our IdP to look for the certificates? It was not mentioned in the tutorial. Any help or pointers on that part is highly appreciated.

bill_froelich
Product and Topic Expert
Product and Topic Expert
‎2023 Sep 21 3:34 PM
0 Kudos

Sorry but that would be a question for your IdP team and is specific to each IdP so I am unable to provide guidance here.

bill_froelich
Product and Topic Expert
Product and Topic Expert
‎2023 Sep 06 10:01 PM
0 Kudos

MDK only supports OAuth security. All other security types are not supported by MDK at this time. Users will need to authenticate through Mobile Services.

Show replies
Show replies
itsumerfarooq
Participant
‎2023 Sep 15 9:45 PM
0 Kudos

Hi Bill,

The apps will be deployed on App stores and will be a public apps. So all the users cannot authenticate through BTP, I suppose?

What is the workaround for such Mobile apps? Should we build them through different technology like SAP Build Apps or SAP Fiori for iOS and Android?

What are our options here?

When I tried with API Key only, It shows me this error at app start. Not sure if I can pass Api Key some where that i generated in Security -> Allow Anonymous access.

SolGarciaLinfozzi
Discoverer
‎2024 Sep 20 5:52 PM
0 Kudos
Hi Bill, I hope you're doing well! We are currently working on a project where we are using OData V4 services configured in SAP BTP MDK, and we're encountering a challenge similar to what itsumerfarooq described. Our goal is to bypass the BTP login prompt and directly land on either the app or our custom login page. We've come across the “API Key only” option in the security settings of Mobile Services but are unsure how to properly implement it. Have you found any way to allow users to access the app without BTP credentials upfront but still authenticate for specific functionalities when needed? Also, we're unsure whether we can deploy the app directly to the app stores and let users download it like a regular app, or if they’ll still need to access it via the “Mobile Services” app. I'd appreciate any guidance or insights you could offer based on your experience. Thanks so much in advance! Best regards, Sol
Ask a Question