I am developing a MobileFirst based Mobile-Web app using Angularjs. In case, a user refreshes the page then all files get reloaded again as per standard browser behavior. This causes the user session invalid, how should we handle this ? disabling the refresh button is not good option.
Environment:
MobileFirst v7.0
Angularjs 1.4.3
any browser
The Mobile Web environment has support for cache manifest, which allows caching files so that even though you reload/refresh the web app it will know to not reload all resources from the server. You can attempt implementing it to see if it alleviates your issue.
See more here: http://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.dev.doc/devref/c_optimizing_apps_appcache_procedure.html?lang=en
Related
The Capacitor Browser is having issues with web redirects - with different behaviors in iOS and Android. I think this is a very buggy plugin, but maybe I'm missing something...
My Ionic app uses the Capacitor Browser plugin to present a Federation Login page. There is an "authentication URL" returned upon successful SSO login - or if the user is already logged in then there is an immediate "authentication URL" redirect.
Here's what I am seeing...
iOS: for a first time login, the web redirect works and deep links back into my app -- no problem here. However, if SSO is active, then there is an immediate redirect which the Browser ignores. I can see the URL change, and it works if I open it in a separate mobile web browser.
Android: for a first time login, the web redirect is ignored and the user is left stuck in the browser. Again, if I copy the URL to a separate web browser then it deep links back into the app.
Has anyone done this successfully or have any workarounds? I've tried the "Cordova" and "Awesome" InAppBrowser versions of this plugin, and they don't redirect at all (although they have a bit more control over closing the browser, etc.).
I encountered a problem like this on Android lately,
The in app redirection was down on Android 12, users where locked on a white screen where we normally get the token in the url and redirect in app.
In my case it was related to this :
https://developer.android.com/training/app-links/verify-site-associations?authuser=2
The chrome browser was trying to check this file to verify the hash of the app to perform the redirection but it was unavailable due to internal network configuration, so it was locked.
This check seems to append on Android 12 only, and needed a re-install of the app on users devices (cache on in app browser ?).
Hope this can help.
(Ionic 6 Capacitor)
I am struggling to utlise the angular-auth-oidc-client to add OIDC workflows into my Ionic app (android), although I feel the issues are more Capacitor so not sure that the library is the issue. There are numerous (old) posts on Google of people who have had similar problems, so I'm trying to ascertain the current state of play. I can:
By utilising a custom android scheme in my AndroidManifest, and an 'appUrlOpen' listener in app.component my OIDC login page loads in the Chrome browser on the device, and then returns to the Ionic app and opens the correct app page. Unfortunately because I've opened the login in Chrome it hangs around in the background with the username and password populated. I've no handle to it to close it, and the Capacitor plugins don't help me here.
Alternatively, I can add my ID Provider domain into 'AllowNavigation' in capacitor.config.json. This opens my login page in the app's webview, begins the redirect on successful login but fails (hangs) because Capacitor is not loaded when it attempts Window.Capacitor.triggerevent calls.
This is probably classed as a poor question, and I appreciate that it is light on code, but I'm interested in whether anyone has actually managed to do this successfully, as there are so many dead ends on google and github of people who've given up!
Yes it is possible to complete an Open ID Flow on ionic with capacitor.
You need a capacitor plugin to do so, ionic provides an own payed plugin (https://ionic.io/docs/auth-connect), other alternatives exist.
angular-auth-oidc-client out of the box works only on browser, not on iOS or Android. It seems that some adoption can be made, see https://github.com/damienbod/angular-auth-oidc-client/issues/807.
I'm working on a PWA in conjunction with an enterprise application server.
The application server serves a responsive web view for a standalone browser, and customize the view on PWA with the help of PWA cookie which is set on PWA start url for the first time.
The problem is that the session between PWA and a standalone browser ( e.g Chrome on Android ) is being shared and once the user has installed the PWA, the consequent visits to the site with the standalone browser will show the PWA customized view.
Is there any way to separate sessions in PWA and standalone browser in device?I.e. to treat PWA as a private tab?
Or any other way?
I am in a similar situation and believe the solution is to differentiate the names of your cookies and/or sessions. So for example - my logged in user has a SESSION['Key'] but for my App I'll have to create one SESSION['AppKey']. It will (as in my case) require a bit of reworking of your code but I don't believe there is any alternative.
It is worth noting though that IOS appears to separate Cookies from the browser and PWA so you may find testing your scenario with an IOS based device may work as you expect.
I built a native Windows app (non Windows-Store) that uses the Facebook API.
I wanted to make it public which means going through their review process which means (among other things) selecting the app's platform.
Sadly a native Windows app is not one of the choices: Facebook app platform selection screenshot
I found 2 unanswered questions on SO on the same topic:
one
two
How should this be done in a proper way?
Thanks in advance.
PS:
I found a post a few days ago where the poster said he registered such an app by setting the platform to "web site" (I didn't keep the link).
This does not look like a good long term solution and also I don't have a domain to provide.
In short, you must set your platform to Web.
The reason for this can be found in the official documentation on building your native logon flow. There is no secure way of creating a logon flow without a server, as this would imply storing your App Secret inside your binary or app config file.
So the recommended (and only supported) way is to create a server which stores the App Secret and handles authentication for you. And use this server from the WebBrowser/WebView control which you embed into your native application.
This means you use the logon flow from a web browser via a custom server and you should have a domain for it (a domain is quite cheap nowdays, it should not be a problem). So you are building a web app embedded into a native app.
For a successful login review do the following:
Choose Web as your platform
On the Settings page in the Advanced tab choose Native App.
Create a screencast (Start your app, logon, use all the requested permissions and that's it. Do not edit it!) and upload it to the web (YouTube/Vimeo/...)
When submitting provide a link to your screencast.
I'm creating a Hybrid iPhone App that contains a lot of separate UIWebViews that point to specific pages on a website. These pages are secured, so I show a page with a standard .NET login form first. This login succeeds.
However, if I load the subsequent pages in other webviews it still redirects me to the login page. I requested all the cookies that are set for the URL and it contains a .NET session ID and everything. Is there some other reason that these kind of sessions wouldn't be shared between UIWebViews?
Can you control the server side? I suspect that new instances of Safari are triggering new server sessions, perhaps you need to create some kind of recover session function and call it via a web service for each UIWebView.