Implemented PKCE in the authentication flow in the Xamarin client. Fixes #214

7 years ago · 666a9c8735
--- a/eShopOnContainers-MobileApps.sln
+++ b/eShopOnContainers-MobileApps.sln
@ -1,7 +1,7 @@

 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
 VisualStudioVersion = 15.0.26228.9
 VisualStudioVersion = 15.0.26430.16
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{932D8224-11F6-4D07-B109-DA28AD288A63}"
 EndProject
@ -473,6 +473,8 @@ Global
 		{A7337243-33B8-463A-87AD-944B75EFD820}.AppStore|x86.Build.0 = Release|x86
 		{A7337243-33B8-463A-87AD-944B75EFD820}.AppStore|x86.Deploy.0 = Release|x86
 		{A7337243-33B8-463A-87AD-944B75EFD820}.Debug|Any CPU.ActiveCfg = Debug|x86
 		{A7337243-33B8-463A-87AD-944B75EFD820}.Debug|Any CPU.Build.0 = Debug|x86
 		{A7337243-33B8-463A-87AD-944B75EFD820}.Debug|Any CPU.Deploy.0 = Debug|x86
 		{A7337243-33B8-463A-87AD-944B75EFD820}.Debug|ARM.ActiveCfg = Debug|ARM
 		{A7337243-33B8-463A-87AD-944B75EFD820}.Debug|ARM.Build.0 = Debug|ARM
 		{A7337243-33B8-463A-87AD-944B75EFD820}.Debug|ARM.Deploy.0 = Debug|ARM
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.Core/Services/Identity/IdentityService.cs
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.Core/Services/Identity/IdentityService.cs
@ -1,16 +1,19 @@
 using IdentityModel.Client;
 using System;
 using System;
 using System.Collections.Generic;
 using System.Net;
 using System.Text;
 using System.Threading.Tasks;
 using eShopOnContainers.Core.Services.RequestProvider;
 using eShopOnContainers.Core.Models.Token;
 using IdentityModel.Client;
 using PCLCrypto;

 namespace eShopOnContainers.Core.Services.Identity
 {
    public class IdentityService : IIdentityService
    {
 		private readonly IRequestProvider _requestProvider;
        private string _codeVerifier;

 		public IdentityService(IRequestProvider requestProvider)
 		{
@ -22,6 +25,9 @@ namespace eShopOnContainers.Core.Services.Identity
            // Create URI to authorization endpoint
            var authorizeRequest = new AuthorizeRequest(GlobalSetting.Instance.IdentityEndpoint);

            // Create code verifier for PKCE
            _codeVerifier = RandomDataBase64Url(32);

            // Dictionary with values for the authorize request
            var dic = new Dictionary<string, string>();
            dic.Add("client_id", GlobalSetting.Instance.ClientId);
@ -30,6 +36,8 @@ namespace eShopOnContainers.Core.Services.Identity
            dic.Add("scope", "openid profile basket orders locations marketing offline_access");
            dic.Add("redirect_uri", GlobalSetting.Instance.IdentityCallback);
            dic.Add("nonce", Guid.NewGuid().ToString("N"));
            dic.Add("code_challenge", Base64UrlEncodeNoPadding(Sha256(_codeVerifier)));
            dic.Add("code_challenge_method", "S256");

            // Add CSRF token to protect against cross-site request forgery attacks.
            var currentCSRFToken = Guid.NewGuid().ToString("N");
@ -54,9 +62,31 @@ namespace eShopOnContainers.Core.Services.Identity

 		public async Task<UserToken> GetTokenAsync(string code)
 		{
 			string data = string.Format("grant_type=authorization_code&code={0}&redirect_uri={1}", code, WebUtility.UrlEncode(GlobalSetting.Instance.IdentityCallback));
 			string data = string.Format("grant_type=authorization_code&code={0}&redirect_uri={1}&code_verifier={2}", code, WebUtility.UrlEncode(GlobalSetting.Instance.IdentityCallback), _codeVerifier);
 			var token = await _requestProvider.PostAsync<UserToken>(GlobalSetting.Instance.TokenEndpoint, data, GlobalSetting.Instance.ClientId, GlobalSetting.Instance.ClientSecret);
 			return token;
 		}

        private string RandomDataBase64Url(int length)
        {
            byte[] bytes = WinRTCrypto.CryptographicBuffer.GenerateRandom(length);
            return Base64UrlEncodeNoPadding(bytes);
        }

        private byte[] Sha256(string input)
        {
            byte[] bytes = Encoding.UTF8.GetBytes(input);
            var sha256 = WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Sha256);
            return sha256.HashData(bytes);
        }

        private string Base64UrlEncodeNoPadding(byte[] buffer)
        {
            string base64 = Convert.ToBase64String(buffer);
            base64 = base64.Replace("+", "-");
            base64 = base64.Replace("/", "_");
            base64 = base64.Replace("=", string.Empty);
            return base64;
        }
    }
 }
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.Core/ViewModels/SettingsViewModel.cs
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.Core/ViewModels/SettingsViewModel.cs
@ -281,13 +281,13 @@ namespace eShopOnContainers.Core.ViewModels
            if (!UseFakeLocation)
            {
                TitleUseFakeLocation = "Use Real Location";
                DescriptionUseFakeLocation = "When enabling the use of real location, the app will attempt to use real location from the device.";
                DescriptionUseFakeLocation = "When enabling location, the app will attempt to use the location from the device.";

            }
            else
            {
                TitleUseFakeLocation = "Use Fake Location";
                DescriptionUseFakeLocation = "Fake Location are added for marketing campaign testing.";
                DescriptionUseFakeLocation = "Fake Location data is added for marketing campaign testing.";
            }
        }

@ -295,13 +295,13 @@ namespace eShopOnContainers.Core.ViewModels
        {
            if (!AllowGpsLocation)
            {
                TitleAllowGpsLocation = "GPS location Denied";
                DescriptionAllowGpsLocation = "When denying the use of device gps you won't get the location campaigns through your real location.";
                TitleAllowGpsLocation = "GPS Location Disabled";
                DescriptionAllowGpsLocation = "When disabling location, you won't receive location campaigns based upon your location.";
            }
            else
            {
                TitleAllowGpsLocation = "GPS location Allowed";
                DescriptionAllowGpsLocation = "When allowing the use of device gps you will get the location campaigns through your real location.";
                TitleAllowGpsLocation = "GPS Location Enabled";
                DescriptionAllowGpsLocation = "When enabling location, you'll receive location campaigns based upon your location.";

            }
        }
@ -344,7 +344,7 @@ namespace eShopOnContainers.Core.ViewModels
                if (!locator.IsGeolocationEnabled)
                {
                    _allowGpsLocation = false;
                    GpsWarningMessage = "Enable your GPS system in your device";
                    GpsWarningMessage = "Enable the GPS sensor on your device";
                }
                else
                {
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.Core/project.json
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.Core/project.json
@ -8,6 +8,7 @@
    "Microsoft.Net.Http": "2.2.29",
    "modernhttpclient": "2.4.2",
    "Newtonsoft.Json": "9.0.1",
    "PCLCrypto": "2.0.147",
    "SlideOverKit": "2.1.4",
    "Splat": "1.6.2",
    "System.ComponentModel.Annotations": "4.3.0",
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.Droid/eShopOnContainers.Droid.csproj
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.Droid/eShopOnContainers.Droid.csproj
@ -100,6 +100,21 @@
      <HintPath>..\..\..\..\packages\modernhttpclient.2.4.2\lib\MonoAndroid\OkHttp.dll</HintPath>
      <Private>True</Private>
    </Reference>
    <Reference Include="PCLCrypto, Version=2.0.0.0, Culture=neutral, PublicKeyToken=d4421c8a4786956c, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PCLCrypto.2.0.147\lib\MonoAndroid23\PCLCrypto.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.BCrypt, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.BCrypt.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.BCrypt.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.Kernel32, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.Kernel32.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.Kernel32.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.NCrypt, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.NCrypt.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.NCrypt.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.Windows.Core, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.Windows.Core.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.Windows.Core.dll</HintPath>
    </Reference>
    <Reference Include="Plugin.CurrentActivity, Version=1.0.1.0, Culture=neutral, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Plugin.CurrentActivity.1.0.1\lib\MonoAndroid10\Plugin.CurrentActivity.dll</HintPath>
    </Reference>
@ -149,6 +164,9 @@
    <Reference Include="System.ObjectModel" />
    <Reference Include="System.Xml.Linq" />
    <Reference Include="System.Xml" />
    <Reference Include="Validation, Version=2.2.0.0, Culture=neutral, PublicKeyToken=2fc06f0d701809a7, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Validation.2.2.8\lib\dotnet\Validation.dll</HintPath>
    </Reference>
    <Reference Include="Xamarin.Android.Support.Animated.Vector.Drawable, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Xamarin.Android.Support.Animated.Vector.Drawable.23.3.0\lib\MonoAndroid403\Xamarin.Android.Support.Animated.Vector.Drawable.dll</HintPath>
      <Private>True</Private>
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.Droid/packages.config
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.Droid/packages.config
@ -14,6 +14,11 @@
  <package id="modernhttpclient" version="2.4.2" targetFramework="monoandroid70" />
  <package id="NETStandard.Library" version="1.6.0" targetFramework="monoandroid60" />
  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="monoandroid60" />
  <package id="PCLCrypto" version="2.0.147" targetFramework="monoandroid60" />
  <package id="PInvoke.BCrypt" version="0.3.2" targetFramework="monoandroid60" />
  <package id="PInvoke.Kernel32" version="0.3.2" targetFramework="monoandroid60" />
  <package id="PInvoke.NCrypt" version="0.3.2" targetFramework="monoandroid60" />
  <package id="PInvoke.Windows.Core" version="0.3.2" targetFramework="monoandroid60" />
  <package id="Plugin.CurrentActivity" version="1.0.1" targetFramework="monoandroid60" />
  <package id="Plugin.Permissions" version="1.1.7" targetFramework="monoandroid60" />
  <package id="SlideOverKit" version="2.1.4" targetFramework="monoandroid70" />
@ -63,6 +68,7 @@
  <package id="System.Threading.Timer" version="4.0.1" targetFramework="monoandroid60" />
  <package id="System.Xml.ReaderWriter" version="4.0.11" targetFramework="monoandroid70" />
  <package id="System.Xml.XDocument" version="4.0.11" targetFramework="monoandroid70" />
  <package id="Validation" version="2.2.8" targetFramework="monoandroid60" />
  <package id="Xam.Plugin.Geolocator" version="3.0.4" targetFramework="monoandroid60" />
  <package id="Xam.Plugins.Settings" version="2.6.0.12-beta" targetFramework="monoandroid70" />
  <package id="Xamarin.Android.Support.Animated.Vector.Drawable" version="23.3.0" targetFramework="monoandroid70" />
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.Droid/Resources/Resource.Designer.cs
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.Droid/Resources/Resource.Designer.cs
@ -64,6 +64,8 @@ namespace eShopOnContainers.TestRunner.Droid
 			global::AndroidHUD.Resource.Styleable.ProgressWheel_ahTextColor = global::eShopOnContainers.TestRunner.Droid.Resource.Styleable.ProgressWheel_ahTextColor;
 			global::AndroidHUD.Resource.Styleable.ProgressWheel_ahTextSize = global::eShopOnContainers.TestRunner.Droid.Resource.Styleable.ProgressWheel_ahTextSize;
 			global::ModernHttpClient.Resource.String.library_name = global::eShopOnContainers.TestRunner.Droid.Resource.String.library_name;
 			global::PCLCrypto.Resource.String.ApplicationName = global::eShopOnContainers.TestRunner.Droid.Resource.String.ApplicationName;
 			global::PCLCrypto.Resource.String.Hello = global::eShopOnContainers.TestRunner.Droid.Resource.String.Hello;
 			global::Splat.Resource.String.library_name = global::eShopOnContainers.TestRunner.Droid.Resource.String.library_name;
 			global::Xamarin.Forms.Platform.Android.Resource.Attribute.actionBarSize = global::eShopOnContainers.TestRunner.Droid.Resource.Attribute.actionBarSize;
 		}
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.Droid/eShopOnContainers.TestRunner.Droid.csproj
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.Droid/eShopOnContainers.TestRunner.Droid.csproj
@ -51,6 +51,21 @@
    </Reference>
    <Reference Include="Mono.Android" />
    <Reference Include="mscorlib" />
    <Reference Include="PCLCrypto, Version=2.0.0.0, Culture=neutral, PublicKeyToken=d4421c8a4786956c, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PCLCrypto.2.0.147\lib\MonoAndroid23\PCLCrypto.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.BCrypt, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.BCrypt.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.BCrypt.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.Kernel32, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.Kernel32.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.Kernel32.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.NCrypt, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.NCrypt.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.NCrypt.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.Windows.Core, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.Windows.Core.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.Windows.Core.dll</HintPath>
    </Reference>
    <Reference Include="Plugin.CurrentActivity, Version=1.0.1.0, Culture=neutral, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Plugin.CurrentActivity.1.0.1\lib\MonoAndroid10\Plugin.CurrentActivity.dll</HintPath>
    </Reference>
@ -76,6 +91,9 @@
    </Reference>
    <Reference Include="System.Xml.Linq" />
    <Reference Include="System.Xml" />
    <Reference Include="Validation, Version=2.2.0.0, Culture=neutral, PublicKeyToken=2fc06f0d701809a7, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Validation.2.2.8\lib\dotnet\Validation.dll</HintPath>
    </Reference>
    <Reference Include="Xamarin.Android.Support.Animated.Vector.Drawable, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Xamarin.Android.Support.Animated.Vector.Drawable.23.3.0\lib\MonoAndroid403\Xamarin.Android.Support.Animated.Vector.Drawable.dll</HintPath>
      <Private>True</Private>
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.Droid/packages.config
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.Droid/packages.config
@ -13,6 +13,11 @@
  <package id="modernhttpclient" version="2.4.2" targetFramework="monoandroid60" />
  <package id="NETStandard.Library" version="1.6.0" targetFramework="monoandroid60" />
  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="monoandroid60" />
  <package id="PCLCrypto" version="2.0.147" targetFramework="monoandroid60" />
  <package id="PInvoke.BCrypt" version="0.3.2" targetFramework="monoandroid60" />
  <package id="PInvoke.Kernel32" version="0.3.2" targetFramework="monoandroid60" />
  <package id="PInvoke.NCrypt" version="0.3.2" targetFramework="monoandroid60" />
  <package id="PInvoke.Windows.Core" version="0.3.2" targetFramework="monoandroid60" />
  <package id="Plugin.CurrentActivity" version="1.0.1" targetFramework="monoandroid60" />
  <package id="Plugin.Permissions" version="1.1.7" targetFramework="monoandroid60" />
  <package id="SlideOverKit" version="2.1.4" targetFramework="monoandroid60" />
@ -60,6 +65,7 @@
  <package id="System.Threading.Timer" version="4.0.1" targetFramework="monoandroid60" />
  <package id="System.Xml.ReaderWriter" version="4.0.11" targetFramework="monoandroid60" />
  <package id="System.Xml.XDocument" version="4.0.11" targetFramework="monoandroid60" />
  <package id="Validation" version="2.2.8" targetFramework="monoandroid60" />
  <package id="Xam.Plugin.Geolocator" version="3.0.4" targetFramework="monoandroid60" />
  <package id="Xam.Plugins.Settings" version="2.6.0.12-beta" targetFramework="monoandroid60" />
  <package id="Xamarin.Android.Support.Animated.Vector.Drawable" version="23.3.0" targetFramework="monoandroid70" />
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.iOS/eShopOnContainers.TestRunner.iOS.csproj
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.iOS/eShopOnContainers.TestRunner.iOS.csproj
@ -24,7 +24,8 @@
    <MtouchArch>x86_64</MtouchArch>
    <MtouchLink>None</MtouchLink>
    <MtouchDebug>True</MtouchDebug>
    <MtouchSdkVersion></MtouchSdkVersion>
    <MtouchSdkVersion>
    </MtouchSdkVersion>
    <MtouchProfiling>False</MtouchProfiling>
    <MtouchFastDev>False</MtouchFastDev>
    <MtouchUseLlvm>False</MtouchUseLlvm>
@ -58,7 +59,8 @@
    <CodesignEntitlements>Entitlements.plist</CodesignEntitlements>
    <CodesignKey>iPhone Developer</CodesignKey>
    <MtouchDebug>true</MtouchDebug>
    <MtouchSdkVersion></MtouchSdkVersion>
    <MtouchSdkVersion>
    </MtouchSdkVersion>
    <MtouchLink>None</MtouchLink>
  </PropertyGroup>
  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|iPhone' ">
@ -107,6 +109,21 @@
    <None Include="packages.config" />
  </ItemGroup>
  <ItemGroup>
    <Reference Include="PCLCrypto, Version=2.0.0.0, Culture=neutral, PublicKeyToken=d4421c8a4786956c, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PCLCrypto.2.0.147\lib\xamarinios10\PCLCrypto.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.BCrypt, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.BCrypt.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.BCrypt.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.Kernel32, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.Kernel32.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.Kernel32.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.NCrypt, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.NCrypt.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.NCrypt.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.Windows.Core, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.Windows.Core.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.Windows.Core.dll</HintPath>
    </Reference>
    <Reference Include="System" />
    <Reference Include="System.Net.Http.Extensions, Version=2.2.29.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Microsoft.Net.Http.2.2.29\lib\Xamarin.iOS10\System.Net.Http.Extensions.dll</HintPath>
@ -116,6 +133,9 @@
    </Reference>
    <Reference Include="System.Xml" />
    <Reference Include="System.Core" />
    <Reference Include="Validation, Version=2.2.0.0, Culture=neutral, PublicKeyToken=2fc06f0d701809a7, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Validation.2.2.8\lib\dotnet\Validation.dll</HintPath>
    </Reference>
    <Reference Include="Xamarin.Forms.Core, Version=2.0.0.0, Culture=neutral, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Xamarin.Forms.2.3.4.231\lib\Xamarin.iOS10\Xamarin.Forms.Core.dll</HintPath>
    </Reference>
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.iOS/packages.config
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.TestRunner.iOS/packages.config
@ -12,6 +12,11 @@
  <package id="modernhttpclient" version="2.4.2" targetFramework="xamarinios10" />
  <package id="NETStandard.Library" version="1.6.0" targetFramework="xamarinios10" />
  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="xamarinios10" />
  <package id="PCLCrypto" version="2.0.147" targetFramework="xamarinios10" />
  <package id="PInvoke.BCrypt" version="0.3.2" targetFramework="xamarinios10" />
  <package id="PInvoke.Kernel32" version="0.3.2" targetFramework="xamarinios10" />
  <package id="PInvoke.NCrypt" version="0.3.2" targetFramework="xamarinios10" />
  <package id="PInvoke.Windows.Core" version="0.3.2" targetFramework="xamarinios10" />
  <package id="SlideOverKit" version="2.1.4" targetFramework="xamarinios10" />
  <package id="Splat" version="1.6.2" targetFramework="xamarinios10" />
  <package id="System.AppContext" version="4.1.0" targetFramework="xamarinios10" />
@ -57,6 +62,7 @@
  <package id="System.Threading.Timer" version="4.0.1" targetFramework="xamarinios10" />
  <package id="System.Xml.ReaderWriter" version="4.0.11" targetFramework="xamarinios10" />
  <package id="System.Xml.XDocument" version="4.0.11" targetFramework="xamarinios10" />
  <package id="Validation" version="2.2.8" targetFramework="xamarinios10" />
  <package id="WebP.Touch" version="1.0.3" targetFramework="xamarinios10" />
  <package id="Xam.Plugin.Geolocator" version="3.0.4" targetFramework="xamarinios10" />
  <package id="Xam.Plugins.Settings" version="2.6.0.12-beta" targetFramework="xamarinios10" />
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.Windows/project.json
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.Windows/project.json
@ -4,6 +4,7 @@
    "IdentityModel": "1.3.1",
    "Microsoft.NETCore.UniversalWindowsPlatform": "5.3.3",
    "Newtonsoft.Json": "9.0.1",
    "PCLCrypto": "2.0.147",
    "SlideOverKit": "2.1.4",
    "Xam.Plugin.Geolocator": "3.0.4",
    "Xam.Plugins.Settings": "2.6.0.12-beta",
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.iOS/eShopOnContainers.iOS.csproj
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.iOS/eShopOnContainers.iOS.csproj
@ -27,7 +27,8 @@
    <MtouchArch>i386, x86_64</MtouchArch>
    <MtouchLink>None</MtouchLink>
    <MtouchDebug>True</MtouchDebug>
    <MtouchSdkVersion></MtouchSdkVersion>
    <MtouchSdkVersion>
    </MtouchSdkVersion>
    <MtouchProfiling>False</MtouchProfiling>
    <MtouchFastDev>False</MtouchFastDev>
    <MtouchUseLlvm>False</MtouchUseLlvm>
@ -166,6 +167,21 @@
      <HintPath>..\..\..\..\packages\Newtonsoft.Json.9.0.1\lib\portable-net45+wp80+win8+wpa81\Newtonsoft.Json.dll</HintPath>
      <Private>True</Private>
    </Reference>
    <Reference Include="PCLCrypto, Version=2.0.0.0, Culture=neutral, PublicKeyToken=d4421c8a4786956c, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PCLCrypto.2.0.147\lib\xamarinios10\PCLCrypto.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.BCrypt, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.BCrypt.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.BCrypt.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.Kernel32, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.Kernel32.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.Kernel32.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.NCrypt, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.NCrypt.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.NCrypt.dll</HintPath>
    </Reference>
    <Reference Include="PInvoke.Windows.Core, Version=0.3.0.0, Culture=neutral, PublicKeyToken=9e300f9f87f04a7a, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\PInvoke.Windows.Core.0.3.2\lib\portable-net45+win+wpa81+MonoAndroid10+xamarinios10+MonoTouch10\PInvoke.Windows.Core.dll</HintPath>
    </Reference>
    <Reference Include="Plugin.Settings, Version=2.6.0.12, Culture=neutral, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Xam.Plugins.Settings.2.6.0.12-beta\lib\Xamarin.iOS10\Plugin.Settings.dll</HintPath>
      <Private>True</Private>
@ -197,6 +213,9 @@
    </Reference>
    <Reference Include="System.Xml" />
    <Reference Include="System.Core" />
    <Reference Include="Validation, Version=2.2.0.0, Culture=neutral, PublicKeyToken=2fc06f0d701809a7, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\Validation.2.2.8\lib\dotnet\Validation.dll</HintPath>
    </Reference>
    <Reference Include="WebP.Touch, Version=1.0.6230.37678, Culture=neutral, processorArchitecture=MSIL">
      <HintPath>..\..\..\..\packages\WebP.Touch.1.0.3\lib\Xamarin.iOS10\WebP.Touch.dll</HintPath>
    </Reference>
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.iOS/packages.config
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.iOS/packages.config
@ -12,6 +12,11 @@
  <package id="modernhttpclient" version="2.4.2" targetFramework="xamarinios10" />
  <package id="NETStandard.Library" version="1.6.0" targetFramework="xamarinios10" />
  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="xamarinios10" />
  <package id="PCLCrypto" version="2.0.147" targetFramework="xamarinios10" />
  <package id="PInvoke.BCrypt" version="0.3.2" targetFramework="xamarinios10" />
  <package id="PInvoke.Kernel32" version="0.3.2" targetFramework="xamarinios10" />
  <package id="PInvoke.NCrypt" version="0.3.2" targetFramework="xamarinios10" />
  <package id="PInvoke.Windows.Core" version="0.3.2" targetFramework="xamarinios10" />
  <package id="SlideOverKit" version="2.1.4" targetFramework="xamarinios10" />
  <package id="Splat" version="1.6.2" targetFramework="xamarinios10" />
  <package id="System.AppContext" version="4.1.0" targetFramework="xamarinios10" />
@ -57,6 +62,7 @@
  <package id="System.Threading.Timer" version="4.0.1" targetFramework="xamarinios10" />
  <package id="System.Xml.ReaderWriter" version="4.0.11" targetFramework="xamarinios10" />
  <package id="System.Xml.XDocument" version="4.0.11" targetFramework="xamarinios10" />
  <package id="Validation" version="2.2.8" targetFramework="xamarinios10" />
  <package id="WebP.Touch" version="1.0.3" targetFramework="xamarinios10" />
  <package id="Xam.Plugin.Geolocator" version="3.0.4" targetFramework="xamarinios10" />
  <package id="Xam.Plugins.Settings" version="2.6.0.12-beta" targetFramework="xamarinios10" />
--- a/src/Services/Identity/Identity.API/Configuration/Config.cs
+++ b/src/Services/Identity/Identity.API/Configuration/Config.cs
@ -67,6 +67,7 @@ namespace Identity.API.Configuration
                    },
                    RedirectUris = { clientsUrl["Xamarin"] },
                    RequireConsent = false,
                    RequirePkce = true,
                    PostLogoutRedirectUris = { $"{clientsUrl["Xamarin"]}/Account/Redirecting" },
                    AllowedCorsOrigins = { "http://eshopxamarin" },
                    AllowedScopes = new List<string>