Not able to share cookies between MSAL library to WkWebview.
I have used MSALlibrary for authentication in the iOS app, In the app, there are few functionalities that were not implemented in iOS so, we are navigating to the web application(using WKWebview) where it asks every time login prompt.
Can I send access token/cookies or do something so will not ask for authentication the second time when I open WKWebView?
For iOS ASWebAuthenticationSession, SFAuthenticationSession, and SFSafariViewController are considered system browsers. For macOS only ASWebAuthenticationSession is available. In general, system browsers share cookies and other website data with the Safari browser application.
By default, MSAL will dynamically detect iOS version and select the recommended system browser available on that version. On iOS 12+ it will be ASWebAuthenticationSession.
When you verify user via API, you must get the token from response. Pass this token as a query parameter in your url and redirect to Safari.
URL - https://www.example.com/page1
URL with token - https://www.example.com/page1?token=asdfv12324fvfropfc23as
You can store the token in localStorage/Cookies.
Read more here.
Related
I know that SFSafariViewController has private cookie storage and other implementations. However, I know that we may write an extension for every (every native system) Swift class.
I need either to share cookies with native Safari, or to open Safari from my app with some header request. At least, how to create an API for getting/setting cookies?
Cookie sharing between SFSafariVC and native Safari has been disabled in iOS >= 11.
At WWDC, Apple announced a change in the behavior of Safari View Controller with iOS 11 in that stored data (cookies, local storage, etc.) will no longer be shared between instances of Safari View Controller. We've confirmed this in-house with a beta version, and this seems to be independently confirmed by the folks at Branch.
From AppAuth-iOS' repo: user whitehatguy
The only API for SFSafariVC is to create a new instance for a given URL. You can't set or modify cookies.
If you need to execute custom code, have a look at WKWebView (iOS >= 8) / UIWebView (iOS < 8). Useful answers: Getting cookies in WKWebView
SFAuthenticationSession was created to allow SSO/OAuth authentication flows, which shares cookies with native Safari but developers have no direct access.
A class that manages sharing a one-time web service login, along with cookies and website data, between Safari and an app, which can also be used for automatic login for other associated apps.
The two cases where you would use SFAuthenticationSession are:
Logging in to a third party's service using an authentication protocol (e.g. OAuth). This option works well for social network applications.
Providing a single sign-on (SSO) experience for applications. This option works well for enterprise companies that have many applications installed on the same device.
SFAuthenticationSession's documentation by Apple
"On April 20, 2017, we will start blocking OAuth requests using web-views for all OAuth clients on platforms where viable alternatives exist."
We received this notice. In our iOS app using the Google drive, but google drive sdk no updated. google drive sdk still uses the old way. We need to modify the authorization method?
If you are using the WebView for Google OAuth authentication (i.e. if the user has to type the Gmail address and password in a WebView), yes, you have to update it.
You have two options.
SFSafariViewController: Load the Google login URL in the SFSafariViewController instead of the WebView. If you are accessing any cookies in the WebView, you cannot do that in the SFSafariViewController. For iOS 8 and below, which does not support SFSafariViewController, you can fallback by opening the Safari browser to authenticate.
Google Sign In SDK: Use Google Sign In for iOS SDK. You put a Google Sign In button in your app and use the Google APIs to authenticate.
For more information, refer this presentation from Google devs: https://docs.google.com/presentation/d/1z7bgAqYcEt7EHRmwe3T-vF_iMw9e8Wyxr10wPudypEo/present?slide=id.g135ae23358_0_71
I have an iOS application which allows the user to use Apple's built in Accounts/Social frameworks to login via Facebook.
One question I have is, is there a way to pass user auth cookie from ACAccountStore to a UIWebView?
This will mean that, if a user clicks on a link and the built in web view page is shown, they will be able to comment/like/etc without having to login in the web view too.
Thanks,
Dan
I think it won't be possible if you don't control the service you want to be authenticated with in said webviews.
Injecting arbitrary cookies into a UIWebView is possible, as described e.g. here: Is it possible to set a cookie manually using sharedHTTPCookieStorage for a UIWebView?.
Cached auth tokens can be retrieved from ACAccountCredential. But OAuth tokens are not session-authenticating cookies.
Facebook does that. Whenever a webview is opened in their iOS client, the user will be automatically authenticated with Facebook in that webview. But they have control over their own service, so they created a mechanism for their iOS client to request session-authenticating cookies (that they then inject into webviews).
In general, though, being a 3rd party developer, you won't be able to reproduce that behavior. Unless of course given service has such mechanism for their own needs and you do some reverse-engineering.
I was going through Facebook's authentication mechanism.
and understood the client side, server side and desktop app processes.
But I couldn't understand the iOS tutorial.
https://developers.facebook.com/docs/mobile/ios/build/
Where it talks about How Facebook SDK for iOS gracefully falls back to diff ways of authentication depending upon whats installed on users phone.
From the tutorial I understood that,
The API checks if facebook app is installed or not and if its
there..it opens it and entire login process n pemission giving is
done there and then the app redirects back to our app passing the
authorization token, expiration, and any other parameters the
Facebook OAuth server may return.
If FB app is not installed, Safari is opened and process happens
there and access token is taken out of its cookies once it redirects
back to the app.
And if iOS doesnt support multitasking, we cant open safari or any
other app along with it,then it opens a UIWebView and carry on and
access the token from its urlbar's fragment area after #.
I got the third way which is what we do with a desktop app in .NET or air.
Can anyone explain the first n second ways ?
How can one app redirect the control to the other and how it can pass data to it.
and regarding the second way, how can the app read Safari's cookies ?
It does it by opening a URL using UIApplication – openURL: and that URL will check if the facebook app is installed by using their custom URL ( http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html ). When that happens facebook then redirects back to your app using the same mechanism.
Read the documentation under //// private here: https://github.com/facebook/facebook-ios-sdk/blob/master/src/Facebook.m
This is the link for Facebook's iOS tutorial.
https://developers.facebook.com/docs/mobile/ios/build/
Can any one please explain what does this mean :
"If the device is running in a version of iOS that supports multitasking, but it doesn't have the Facebook app of version 3.2.3 or greater installed, the SDK will open the authorization dialog in Safari. After the user grants or revokes the authorization, Safari redirects back to the calling app. Similar to the Facebook app based authorization, this allows multiple apps to share the same Facebook user access_token through the Safari cookie."
Most of the posts say,like this one:
https://stackoverflow.com/questions/531712/reading-cookies-using-xcode-on-the-iphone
because of the sandbox environment of iOS one cannot access safari cookies, then how is this possible ?
and if its possible, How can multiple apps use the same access token. According to me different apps might have different permissions.
Your app does not read the cookie in that case. I think it just opens up a URL in Safari. Then some Facebook code which is run in Safari checks whether a valid Facebook session exists and then calls a callback function in your app. Of course all the access tokens and with them the different permissions for all the different apps on the device are saved separately in the facebook session so that the apps do not share the permissions. Only the user is saved in the session (most likely there is only one user who uses the mobile device), so that he doesn't have to login over and over again. He instead just clicks on 'login' or 'no, I'm not So and So'.