I have a hybrid app which uses Ionic and IBM's Mobilefirst platform. During login we get a cookie from the authentication service. I have to remove this cookie on logout or next time the user can log in even with incorrect credentials.
So during logout I call WL.Client.reloadApp() before going back to login screen. This clears the cookies and then login works correctly in Android and browsers. But in iOS cookies aren't cleared on reload and having searched I came across a solution to clear cookies using native code.
But my confusion is where do I add this native code? There are a few initialization methods in my application's default .m file. I have tried adding the code to clear cookies in -(void)wlInitDidCompleteSuccessfully. But this block doesn't seem to be executed on reloading.
Any suggestion on what I should try to fix this problem.
Two options:
Use the WL.Client.deleteCookie(name) API to clear the cookie.
Write a simple Cordova plugin (https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/adding-native-functionality/) to clear the cookies or google for 'cordova clear cookies' to find such plugins in the market.
Related
I am struggling to utlise the angular-auth-oidc-client to add OIDC workflows into my Ionic app (android), although I feel the issues are more Capacitor so not sure that the library is the issue. There are numerous (old) posts on Google of people who have had similar problems, so I'm trying to ascertain the current state of play. I can:
By utilising a custom android scheme in my AndroidManifest, and an 'appUrlOpen' listener in app.component my OIDC login page loads in the Chrome browser on the device, and then returns to the Ionic app and opens the correct app page. Unfortunately because I've opened the login in Chrome it hangs around in the background with the username and password populated. I've no handle to it to close it, and the Capacitor plugins don't help me here.
Alternatively, I can add my ID Provider domain into 'AllowNavigation' in capacitor.config.json. This opens my login page in the app's webview, begins the redirect on successful login but fails (hangs) because Capacitor is not loaded when it attempts Window.Capacitor.triggerevent calls.
This is probably classed as a poor question, and I appreciate that it is light on code, but I'm interested in whether anyone has actually managed to do this successfully, as there are so many dead ends on google and github of people who've given up!
Yes it is possible to complete an Open ID Flow on ionic with capacitor.
You need a capacitor plugin to do so, ionic provides an own payed plugin (https://ionic.io/docs/auth-connect), other alternatives exist.
angular-auth-oidc-client out of the box works only on browser, not on iOS or Android. It seems that some adoption can be made, see https://github.com/damienbod/angular-auth-oidc-client/issues/807.
I just created a new Ionic app and using Auth0 for user login and registrations. I have .net core backend.
I am following the Ionic quick start guide https://auth0.com/docs/quickstart/native/ionic4/01-login and everything is working ok. I use new Universal login.
The issue I have is users get logged out after the access_token has expired. I previously used Silent Authentication and refresh tokens in two different apps, however I am unable to find a sample code like quick start guide for either. I have an angular website too. Hence my users can either use mobile app or Angular website to login. I would appreciate any help to keep my users loggedin, in both website and ionic mobile app please.
Many thanks
Last I checked, Auth0 doesn't have many samples for acquiring refresh tokens from application frontends, which is typically what I would consider ionic/angular to be used for. Obviously, you could be building a "native" style application with either of those, but frontend auth is sometimes a little messy and insecure because the client has your code and you usually need to implement some kind of middleware.
It looks like the ionic quickstart uses auth0-js which defaults to an implicit flow, which would confirm my hunch above.
I personally pass the refresh token logic off to my backend, and let the backend function as my "middleware". You can find some basic code samples for backends/native apps here. I use the code-grant flow typically, but you could use PKCS.
The long and short is, I don't think you're going to find sample code on that, but you could hack something together with something like axios if you wanted to go the middleware route, or you could go backend with your auth.
I'm working on authentication for an Ionic 4 app. I'm using the in app browser plugin to login. After successful login an access token is sent back to the client. I can't figure out how to get the token from the In-App Browser to the app.
You can use an event listener such as :
this.browser.on('loadstart').subscribe(event => { this.checkForToken(event); })
Where checkForToken can look at your "event.url" and parse the token to be stored to localStorage or some other method to be used to login with once the in-app browser is closed.
Using events to listen for load start and stop was an awesome idea. I was, however, facing another issue. Google doesn't allow sign in using the In-App Browser and I really needed that. After asking around and looking at similar past issues I came across a Cordova plugin called BrowserTab. This was awesome as it's an instance/Custom Tab from chrome so it worked fine with google sign in. Another problem came up. You can't inject Javascript into BrowserTab and there was no way to programmatically close it once done. I looked around some more and that's when Deeplinks came to mind. I used the Deeplinks plugin and passed my access token as a parameter. When the user logs in, the BrowserTab redirects to a Custom URL scheme link for my app with the access token in the URL. Now it works perfectly. I've read somewhere that IOS is getting rid of Custom URL Scheme links. Luckily, it still has support for Universal App Links
a little background:
I have an hotspot page wich integrate with facebook login oatuh. The app runs on facebook api v.2.4 and uses node/express/passport to handle the login process
The only option i pass to the oauth fb page is display: touch, so the login page works fine without cookie support
the issue:
since a few days , only on osx 10.11/cna the login can't be processed because of no cookie support in CNA (this should mean that fb ignores the display option, in this case only)
the same request made from a ios device from within the cna works fine
I've already confirmed the display option is actually send, so my best guess is that fb started overwriting/ignoring this option. Also I can't find any reference in the fb api docs anymore (except for display=popup in the manual login page)
Any hint about this ?
thanks
g
Not sure if you still have this issue, but I can confirm facebook login definitely works end to end inside the CNA on 10.11. The CNA does allow cookies, what it doesn't allow is access to existing cookies in safari or access to localStorage and sessionStorage.
If you have your FB sdk configured with cookies=false, this may well be your issue. When set to false I believe the sdk is then attempting to use local storage.
The other thing to check would be what you have in the walled garden list. We have just got to the bottom of this issue after a lot of frustration. Allowing certain CDN networks actually causes iOS to complete it's internet check and no longer think it's behind a captive portal. I added an answer here https://stackoverflow.com/a/41273984/4427589.
As I said, I can confirm it definitely works end to end inside the popup.
Cheers
Paul
I have an application that may access authenticated content. I know that the webview can't handle authentication so I do some NSConnection magic to make it work (something similar to this)
The thing is that there is some content that can be accessible using this web view, but there is some other content that event after a sucessfull authentication, the web view is not able to load.
BUT.. if I enter the same url with mobile safari, enter the needed credentials and then I go back to my app, the WebView seems to load the content fine.
I tried reviewing the cookies before and after the auth in Safari is done using this code
[[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies];
and the cookies are the same.
As far as I understand that code will retrieve the cookies my app generates and not the ones available in iOS, so apparently this is not the way to look for a hint...
Any ideas?
Recently, i've lurked for the same question over the internet, and the answer is "no" =(.
Objects of UIWebView class and Safari or other browsers live apart and are sandboxed.
Here is official position about cookies.
TO the best of my understanding, Cookies can not be sent with the first request from a Webview, but can be sent with subsequent requests to the same URL, if and only if, the first request was successful.
This causes problems with authentication services that require cookies to authenticate on the first request to the URL.
Possibly user credentials are stored via keychain api. Keychain is shared between apps, so stored login/pass in Safari can appear in your app UIWebView.Can you elaborate this as i also need this.