What I have come up with till now is to manually override methods like window.open, window.postMessage and window.onmessage to internally create a bridge within Dart.
Is there a standard approach to solve this?
I found the answer on a medium post under the heading: How to manage popup windows opened with target=”_blank” or “window.open”.
The key is to implement the onCreateWindow method and create another InAppWebView instance with the windowId received from CreateWindowAction.
Most API providers prohibit the use of webviews for Oauth because of security concerns. Providers require the use of an external browser to execute authorization of username and password. With Android, you must register a Callback activity in your manifest for the provider to direct the user to after authorization is complete and the browser closes.
You can look at oauth2_flutter to see how the author of that library handled the callback and how to configure it.
Related
I have built an application that uses local auth, I want if a user does not use the software for a long time (whether web or mobile app) I can detect it and take it to the password login page.
I try to use RouteObserver and I write a custom observer but is not good for navigation, it good for log and track.
medium
I know it's possible to add conditions before all my Navigator.push(), but I'm looking for a way to add middleware to all my routes.
use onGenerateRoute named parameter of 'MaterialApp` Widget.
I want to develop an extension for VS code.
It gonna save and store the highlighted commands to the extension state store.
This part is ready :)
What I want to do now is try to understand whether I can store these commands on top of VS code state in my existing backend
So, I need to somehow build some authentication logic
Is there a way to build the authentication process into an extension?
Here is my scenario used in the extension Docs-validation:
We provide a sign-in button inside the VS CODE, when the user clicks that button, we will redirect the user to a browser to do the auth, after that, an auth token will be sent back to the extension, which will be used to call our backend API.
The main logic can be found in this file
Actually, this is inspired by the built-in sign-in experience of the VS Code and some extension with a sign-in experience like azure-cli, you can see from here:
I can't find a way to select which screen is to be shown when the Auth0 dialog comes up.
The lock SDK has a withOptions method with a initialScreen option for this specific use case https://auth0.com/docs/libraries/lock-ios/v2/configuration#initialscreen, but there doesn't seem anything for the WebAuth variant.
Parameters looked promising, https://auth0.com/docs/libraries/lock-ios/v1/sending-authentication-parameters, but none of that is actually related to the UI.
Code is fairly straightforward:
Auth0
.webAuth(clientId: clientId, domain: domain)
.scope("openid offline_access")
.audience(audienceURL)
.start { result in
// react on the result...
}
Using Swift 4.2, Auth0 1.0
I have used Auth0 in web projects only so far, however, it is very important that you don't mix up the concepts of Auth0's Lock, SDK and API here.
While Lock uses the already implemented and hardly customizable default views of Auth0, the SDK including WebAuth provides the possibility to customize views extensively via defining options in your Auth0 account and sending them alongside with your http requests. See Auth0 - Choose Technology for more information.
I would recommend you to follow the Auth0 Universal Login approach. Create your custom templates with custom options and send those options alongside with your request using WebAuth. As a guideline you could follow this Tutorial - Auth0 QuickStart iOS Login.
So, I've setup an auth system using djoser and rest-social-auth ( https://github.com/st4lk/django-rest-social-auth )
but it seems it requires the client to open a pop-up or modal to login with facebook, which our frontend dev says is a bad idea, we should use server-side redirects instead.
So - assuming this is sensible - how do I go about the serverside setup to skip the facebook modal on client side? I'm happy to swap out the current social auth lib with something else if it makes things easier.
FWIW - we are using angular on frontend, but are also planning on other frontends in the future
The client side authorization with the JavaScript SDK is the easiest one, and it is perfectly safe. It´s also the best one for the user, because you do not need to redirect to a login page. Not sure why your frontend dev says it´s a bad idea, it´s actually the best and recommended way. The popup is ok in that case, because it is initiated by the user. Here´s an example: http://www.devils-heaven.com/facebook-javascript-sdk-login/
After authorization, you can send the Access Token to the server, in case you need it there. Make sure you read this though, and use appsecret_proof: https://developers.facebook.com/docs/graph-api/securing-requests
You can easily put the code in an Angular service, for example.
I'm a bit confused about the making of a login service: I've seen plenty of tutorials, but still can't manage how to make a simple login service.
I don't know what tools I need to remember the navigation, and how to use them.
I could use:
public interface LoginServiceAsync {
boolean isAuthenticated(AsyncCallback<UserDTO> callback);
UserDTO authenticate(String email, String password, AsyncCallback<UserDTO> callback);
void logout(AsyncCallback<UserDTO> callback);
}
But where do I manage Cookies?
Pro Tip: if you don't fully understand how authentication should work, don't try to do it yourself.
IMO, the best way to do authentication is to just redirect to a login form and thus assume that when your app is loaded the user is authenticated (then you can use a JSP for example to pass user-specific values to your GWT app; see the guice-rf-activity archetype for an example). If your app has to be accessible to anonymous users, login would still just redirect to the login page. For a real-life example, have a look at how Google Groups behaves.
That way, you can delegate authentication to either some library that knows how to do it (e.g. Spring Security), or to some tool (e.g. standard servlets authentication, AppEngine-specific authentication)
GWT is just a tool that converts Java code into HTML and JavaScript. There is nothing special about authenticating users in GWT.
One option is to remember that a user is authenticated in a session, and then check the session every time a client makes an RPC call. The implementation depends on your web server. Google your web server and "sessions", and you will find plenty of details on how to do it.
I have also the same problem trying to find a login service. Finally we are using CAS Single Sign Out because we are working with Tomcat. In this case, users are directly logged in Tomcat server and not in GWT. Each user is configured to allow open a URL (GWT application) or not. For example, if the GWT application is hosted in htpp://myhost/GWTapp, it is possible to configure if a user can access to "/GWTapp" or not.
For me, the best benefit, it's that doesn't need to change a lot the GWT application with calls to server and so on. There is a GWT CAS client that makes all for you.