I have an ionic app using authentication with openId using authorization code. When the token expires and the user needs to log-in the app calls into my identity server (Identity Server) by opening an inAppBrowser using the App plug-in from capacitor/core and performing the “appUrlOpen” addListener operation.
All works fine however I don’t really know how to handle the scenario where the user closes the browser within the app (pressing the X/Done option from the browser embedded.
I have read the docs https://capacitorjs.com/docs/apis/app but I can’t find a way to add a listener or a handler for such event. In my case I’d like to just close the app if the user does that action. At the moment I’m not able to differentiate between that and for example, the callback of the authentication process.
Related
Instagram API requires redirect uris to have an SSL certificate (HTTPS connection).
I use Instagram API for my mobile app, and OAuth response should first invoke procedure in the app.
I am able to create a server to catch this call locally (on 127.0.0.1), but for the certificate, I can only create a self-signed one. The problem is that the browsers don't trust it and initially warn the user about the potential hazards, which is unacceptable for the user experience.
I saw a few similar questions on Stackoverflow, but unfortunately, I couldn't understand if they solve my issue.
How to avoid this warning?
Basically, even if they warns about https you can use api's. I had the same issue but I just tried to run the application on https port instead of http on localhost and it worked. So, Answer is you just need to run your application on https.
I have a solution for my specific case; I use Flutter for the mobile application. But overall you can find something similar for other cases as well.
Initially, I was launching the Instagram authorization window with url_launcher package. Basically, for iOS it launches the url in-app, but in a Safari Web View. In this way I am unable to control the flow in this web view. So, what I wanted to do is to catch a request to 127.0.0.1 when authorization is completed by running a local server in the app. It does work but throws a warning about security hazard due to a self-signed certificate, since Instagram requires https being used and 127.0.0.1 cannot have a trusted certificate.
Instead, now I launch the Instagram authorization window in-app with custom WebView using webview_flutter. It provides more flexibility, but most importantly I can track navigation. So now, Instagram redirects my user to the non-existing page on my website, which has a trusted certificate (but it doesn't really matter), but the aforementioned WebView can detect this redirect, parse the URL to retrieve the wanted code and prevent actual redirection by closing this web view. So, eventually, I get the wanted code in the app, so I can send it to my backend with extra user id reference.
So, basically, the workflow looks like this:
User clicks a button in the app to connect Instagram account;
The app launches a custom web view and opens Instagram authorization page;
After authorization, Instagram redirects the user to a dummy URL with the wanted code as a query parameter;
The custom web view detects this redirection;
Retrieves the code from the URL;
Closes web view (returns to the main app screen).
I'm working on authentication for an Ionic 4 app. I'm using the in app browser plugin to login. After successful login an access token is sent back to the client. I can't figure out how to get the token from the In-App Browser to the app.
You can use an event listener such as :
this.browser.on('loadstart').subscribe(event => { this.checkForToken(event); })
Where checkForToken can look at your "event.url" and parse the token to be stored to localStorage or some other method to be used to login with once the in-app browser is closed.
Using events to listen for load start and stop was an awesome idea. I was, however, facing another issue. Google doesn't allow sign in using the In-App Browser and I really needed that. After asking around and looking at similar past issues I came across a Cordova plugin called BrowserTab. This was awesome as it's an instance/Custom Tab from chrome so it worked fine with google sign in. Another problem came up. You can't inject Javascript into BrowserTab and there was no way to programmatically close it once done. I looked around some more and that's when Deeplinks came to mind. I used the Deeplinks plugin and passed my access token as a parameter. When the user logs in, the BrowserTab redirects to a Custom URL scheme link for my app with the access token in the URL. Now it works perfectly. I've read somewhere that IOS is getting rid of Custom URL Scheme links. Luckily, it still has support for Universal App Links
I am building an iOS app with a web component. The web component will simply be a website that will allow users without accounts to perform a basic action like sending text to another user. I am using firebase as my backend so for the web component I'm anonymously authenticating the visitor. Once the user completes the action, I log their action in a database (hence the need for authentication) and give them the option of downloading the app, where they will make an account. My plan is to then convert their anonymous account into a permanent account on firebase.
The problem lies in the following:
I want to somehow "know" the user's authUID/web session once they leave the site and download the app in order to either a) pass their anonymous session and convert it to a permanent account once the user completes the sign up (email, password), or b) have their authUID so I can match them to their anonymous session and transfer their logs to the account they create upon sign up.
I feel like I'm overcomplicating this; the premise is: web visitor does something, downloads the app, i match the app user to the web visitor to sync their data.
I have tried using cookies but from what I've read, it is not possible to view cookies in safari since iOS 11. Is there any other way to transfer information between safari and an app?
I'm making a twitter app on iOS using their api. But they just recently upgraded everything dealing with authentication. Therefore breaking The Swifter library that I am using. My app was working fine before this update. In my apps.twitter.com In the setting section, the first callback url I have is http://MyTweeter ...It wants to me to add another callback, idk why/what so I just added http://google.com. In my app when I call the authentication function, it starts to authenticate and goes to the twitter login page and right after I click the login button it shows me the error in the pic attached below "Safari cannot open the page because the server cannot be found". Does any one have a solution?
So i found the solution. In you app, in the authentication function, your callback url should be something like MyTwitter://success but in apps.twitter.com you have to make it MyTwitter:// without the second part
Question:
I am actively looking in the source code on Github's facebook-ios-sdk project myself but I was wondering if anyone already knows how to relaunch an app that sent an iPhone user to Safari, such that the user can come back after some work has been finished?
Example:
When using facebook to login, the original app is relaunched after the facebook login page has authenticated the user.
Motivation:
I would like to be able to do the same for youtube videos without having to completely lose the user. I don't want to use the standard webview approach because I don't want to provide extra space to first let the video load for the user and then have the user click the play button. I want to skip the play button and its associated click entirely! Instead I want the user to be able to click on just an everyday regular iPhone button and be shown the video with the navigation for coming back to the app via relaunch.
You need your app to register a "custom URL scheme". Then get the callback in the remote web service to return a URL with that scheme. iOS will then launch your application.
More (somewhat old) info available here.
A list of common custom URL schems on iOS can be found here.
Generally, as part of the OAuth login process, you supply a callback URL as one of the paramaters. What this does, is tell the remote server (YouTube), that on successful authentication, redirect the user to the supplied URL. If YouTube supports this (does it support OAuth?) then on successful user login within safari, youtube will tell users safari to redirect to the supplied url. If this url is a "custom URL scheme" it will cause your app to relaunch and you can handle the situation from there.