I have an authorisation flow that at the end redirects to our API endpoint not to the app universal link like https://api.example.com/redirect not the app://redirect
For now I am able to use WKWebView to detect that redirect was done by comparing urls and if match to close WebView.
The problem is that in this approach I cannot use google login (WebView is rejected) during this flow.
I tried to use ASWebAuthenticationSession but after redirect I am not able to detect that this redirect was done (as it hits API not the app) to close AuthenticationSession view automatically.
Is it possible at all in such case or the only way to close AS is to redirect to app universal link app:// not to the https://?
Any help really appreciated
You need to use the ASWebAuthenticationSession window with the AppAuth pattern, as described in RFC8252. This is a form of the system browser so will not be blocked by providers such as Sign in with Google.
This form of login can be used with either custom URI schemes, such as com.mycompany.myapp:/callback or with HTTPS callback URIs that require iOS universal links to be configured. You are then notified when login conpletes, or is cancelled, or fails.
A sample app of mine does logins with universal links via this code, which adapts AppAuth classes to more of a [Swift async await style. If you are new to AppAuth libraries, see also my introductory blog post.
func login(viewController: UIViewController) async throws {
try await self.authenticator.getMetadata()
try await MainActor.run {
try self.authenticator.startLoginRedirect(viewController: viewController)
}
let response = try await self.authenticator.handleLoginResponse()
try await self.authenticator.finishLogin(authResponse: response)
}
Related
I am using MICROSOFT AUTHENTICATION LIBRARY in our angular 10 project. I have used MSAL loginPopup() function to login the user in our active directory. But sometimes When I click the login function msal login pop appear and when I close the parent window it does not redirect in the next page stuck there and on the browser debugger console window it shows this error
(ERROR BrowserAuthError: hash_empty_error: Hash value cannot be processed because it is empty. Please verify that your redirect URI is not clearing the hash. Given Url:)
What worked for me in my ReactJS application was to set the redirectUri to a blank page or a page that does not implement MSAL. If your application is only using popup and silent APIs you can set this on the PublicClientApplication config like below:
export const msalConfig = {
auth: {
clientId: process.env.REACT_APP_CLIENTID,
authority: `https://login.microsoftonline.com/${process.env.REACT_APP_TENANTID}`,
redirectUri: 'http://localhost:3000/blank.html'
},
cache: {
cacheLocation: "localStorage"
}
}
If your application also needs to support redirect APIs you can set the redirectUri on a per request basis:
msalInstance.loginPopup({
redirectUri: "http://localhost:3000/blank.html"
})
After some research I found out that the problem was related to the redirect Uri, and most resources pointed to adding a blank page as the redirect Uri in a popup flow. However most of the answers were related to React. I tried a few options for adding a blank html page but it was not so simple. I did not want to waste much time on this issue, because the app is new and we might go with the redirect flow in the future.
Then I remembered that the problems started when we configured the home page, which is the redirect target, to be authenticated with MSAL Guard.
Since I couldn`t easily add a blank html page, I added a blank-page component configured in the Router with blank-page path. The component had no functionality and was not related to MSAL, MSAL Guard or MSAL Interceptor.
This solved it for me. I hope this helps.
In Twitter's Developer Documentation we can read the following:
Mobile apps with app-specific protocols must use just the protocol
Example:
You want to use example://authorize as your callback URL
Add this to both your Twitter app dashboard and your call to oauth/request_token: example://
However; in the Developer's Dashboard I am not able to enter a protocol only URL, or any URL beginning with other than http or https.
My reason for wanting a protocol only URL is so that I can use in an iOS app that uses OAuthSwift to access web APIs.
Any ideas anybody?
I haven't found the answer to the original question but I do have an excellent work around. So, for anyone else who might land here:
The web app at https://oauthswift.herokuapp.com/callback
will perform redirections. If you access that web site with the url https://oauthswift.herokuapp.com/callback/target then it will redirect to oauth-swift://oauth-callback/target.
So:
In the Twitter Dashboard enter https://oauthswift.herokuapp.com/callback/SomeName for your app's callback URL
Register oauth-swift as a URL scheme in your iOS app's URL Types
In your iOS app, use https://oauthswift.herokuapp.com/callback/SomeName as the callback URL for the OAuth authorization request.
Voila. Twitter will redirect to https://oauthswift.herokuapp.com/callback/SomeName which will in turn redirect to oauth-swift://oauth-callback/SomeName, allowing your iOS app to regain control of the flow.
If you find any of this confusing then this might help: http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html
My application built upon spring-social-twitter that enables users to sign in with Twitter has stopped working recently.
I've got an error message as below:
Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings
Note: I'm using Spring Social Twitter version 1.1.2.RELEASE. And if you use Spring Social Twitter version 1.1.0.RELEASE, you might get a slightly different error message as below:
POST request for "https://api.twitter.com/oauth/request_token" resulted in 403 (Forbidden); invoking error handler
Twitter recently (in May 2018) enforced that sign-in-with-Twitter users must whitelist callback URLs for security reasons (see the announcement).
This means callback URLs have to be explicitly and identically set up for all supported third-party applications. You can setup the callback URLs in your Twitter's application setup page: https://apps.twitter.com
For example, if your callback URL is http://localhost:8080/myApp/signin/twitter, you must add it to the list of Callback URLs in your Twitter's application setup page exactly as it is: http://localhost:8080/myApp/signin/twitter
See also the documentation on Twitter callback URLs.
I struggled with this since Twitter made the changes to increase security. My android app would use a callback URL and the same URL in the Intent Filter. But since the change, the URL I was using had to be registered in the Twitter developer portal. I was using ouath://myapp, but Twitter does not accept that as a valid URL (website).
After a bit of digging, I found that for apps you can specify any scheme but only as a scheme. For example I used myapp:// as the callback URL.
In my app, my callback URL was myapp://whatever, and in the Intent filter, I used :
<data android:scheme="myapp" android:host="whatever">
Twitter accepted the callback URL and it correctly redirected back to my app after the user authenticated with their Twitter credentials.
I has originally used just a normal website, and that worked too, but after validation by Twitter, it asked if I wanted to redirect to My App, or to a Chrome browser. Using the above approach it will simply return to your app.
After I did all this, I realized that I could have just added Oauth:// as a call back URL and my app would have worked without change.
I fixed it by adding those callback URLs to Twitter's whitelist.
twitterkit-{Twitter API Key}:// for iOS.
twittersdk:// for Android.
I am trying to build a Flutter app that uses OAuth to connect to a user's account on another website. This requires navigating to the site's OAuth page where the user can enter their credentials, and then parsing the code that's sent back to the app when the user returns.
So my questions are:
How can I navigate to the OAuth web page?
I have figured out that I can navigate to an internal route like this:
Navigator.of(context).pushNamed('/some_page');
But what if I want to go to an external page like https://coolsite.com/oauth/authorize?
How can I do this (a) by opening the URL in the local web browser, and (b) with an in-app web view?
What URL should I redirect the user to after authenticating so that they go back to the app, and how do I parse the response?
It seems there are 2 ways:
(a) Let the user be redirected to a blank page with the authorization code in the URL and title of the page. If this method - how do I parse the page or URL?
(b) Redirect the user to some kind of scheme, like my-dart-app://coolsite-oauth?code=xyz. If this method - how do I register the scheme, and would cool site-OAuth map to a route that I specify when calling new MaterialApp, or somewhere else? And how would I parse the query param?
You can trigger a navigation using the activity service:
import 'package:flutter/services.dart';
void launchUrl(String url) {
Intent intent = new Intent()
..action = 'android.intent.action.VIEW'
..url = url;
activity.startActivity(intent);
}
There isn't currently a way to receive a navigation in Flutter, but that's something we'd like to add. I've created this issue to track this feature request: https://github.com/flutter/flutter/issues/357
I'm trying to implement ShareKit in my app; in the SHKConfig.h file, in the section where the Twitter applications settings are required, there is a line where I'm supposed to set the Callback URL:
I have opened a Twitter application on Twitter and filled all the fields there, but I'm not clear regarding to what data should be inserted in the Callback URL field:
Can anyone explain?
The callback parameter you write in your application settings in Twitter is ignored, you can write anything, example: http://www.google.com (anything will do since it is ignored).
When you add a callback url in the #define, its value will be sent to twitter in the owner authorization step, and will override the value that you previously wrote in the Twitter website. Weird, I know. It's related to this security vulnerability.
The callback parameter is the URL Twitter is going to send the user after authentication. When running in websites instead applications, the URL callback is used to recover control of the OAuth flow.
On Applications, you can set it to a custom scheme like myapplication://twitter and then register the scheme myapplication in your app. This way, after authentication, the Twitter website running in UIWebView or Safari launches that URL, which iOS knows is assigned to your app, and that's how you recover control of the OAuth flow.
That's the theory, I don't know exactly how ShareKit works. It may be that it runs the authentication on a UIWebView and detects the activity of the user to recover control manually, which is another way to do it.
I'm using new version of ShareKit and in sources there is this comment about callback for twitter:
Callback URL' should match whatever you enter in
SHKTwitterCallbackUrl. The callback url doesn't have to be an actual
existing url. The user will never get to it because ShareKit
intercepts it before the user is redirected. It just needs to match.
I set in twitter settings callback url as http://somecallbackurl.com, set this same in sources and it works like a charm! :]. Hope this help.
You can use this
func application(_ application:UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey: Any]) -> Bool {
print("called")
let directedByTWTR = Twitter.sharedInstance().application(application, open: url, options: options)
return directedByTWTR
}