What I am trying to do: Create protected Kitura endpoint and access it from iOS app, using App ID.
I managed to configure App ID on the Kitura server so that I can login and then access protected endpoint successfully.
I can login to the iOS demo app using same TenantId as Kitura server and get the tokens. That is, I can successfully login, but when I use raw auth token I can't access the protected endpoint on the server from the iOS app.
I have tried, using postman to set the header to:
Authorization = [sessionToken]
I have tried:
Authorization = Bearer [sessionToken]
I have tried this in the demo app after I get the tokens:
BMSClient.sharedInstance.initialize(bluemixRegion: AppID.REGION_UK)
BMSClient.sharedInstance.authorizationManager = AppIDAuthorizationManager(appid:AppID.sharedInstance)
var request:Request = Request(url: "<your protected resource url>")
request.send(completionHandler: {(response:Response?, error:Error?) in
//code handling the response here
})
hoping that maybe I set the token wrong in Postman and it will do the proper request.
But no matter what I do, every time I request the protected API from the iOS app, I get the login HTML in response.
What am I missing? Why can't I access private endpoint using iOS app session token?
Unfortunately, the current version of Server Swift SDK for the IBM Cloud App ID service does not support API Strategy. That means that you can't protect individual REST APIs. You can protect Web applications only.