Our user experience team does not like the consent popup every time login page is opened. Also, we are looking to customize the look of the browser window presented when OAuth is implemented using ASWebAuthenticationSession/SFAuthenticationSession.
For the reasons above, I am thinking to change the implementation and use SFSafariViewController directly for Authentication.
Although I did not find any reference for this, but I am worried if using SFSafariViewController for OAuth would give problem in Appstore submission as Apple has already provided a way for it in form of ASWebAuthenticationSession/SFAuthenticationSession? Does anyone has a view on it?
Since iOS 11 SFSafariViewController no longer shares cookies so I'm afraid that's not possible.
Related
I'm using SFSfariViewController for OAuth process. Using this I'm getting a quite well response. Whenever redirecting happens, it's opening my app. But when the request fails, I'm not able to show any alert to the user to indicate authentication failed. At this point, I can't customize SFSafariViewController as it won't allow customizations. So that's why I want to move to WKWebview which allows customization.
Even though WKWebView allows customization, From this article it's saying that Web views are not good to use for OAuth process and using SFSafariViewController is the best in this situation.
My Question:
Which one has to use WKWebview? or SFSafariViewController?
If so, Why?
Thanks in advance!
SFSafariViewController.
It's better for:
user security
credentials protected from app developer
ease of use for users
use of stored Safari credentials
Safari shared cookies/authentication maintain login across apps
I think it's fairly safe to say Apple will start enforcing the use of SFSafariViewController for the OAuth flow for the sake of customer privacy and security.
I just want to know if you think it's possible to get credentials from safari cookie to log someone directly in web view in my app.
I have a "linkedin connect" way to connect into my app.
For the moment, if you have the Linkedin application installed on your device, you could connect in one click. But if you don't have it locally, I opened a webview on linkedin to ask you if you are ok to give us access to your information to create your profile. But currently the user has to re-enter their email and password manually since they don't benefit from the browser's login data.
I would like to fill the field or connect directly the user if he was connected in safari, Do you think it's possible, if yes, what can I used to do this?
Thank you!
NO, thats not possible. Safari is different app than your app and hence web view is safari don't share anything with web view with your app until it has extension to share.bjects of UIWebView class and Safari or other browsers are different and sandboxed. You can check here (official documentation.)
What you want with Linked in is possible with Facebook -- because face book login authentication method provides way to share data between apps -- But in Linkedin there is no similar way.
As given in the answer here, Safari and UIWebview don't seem to share cookies as they are sand boxed from one another.
I have an iOS application which allows the user to use Apple's built in Accounts/Social frameworks to login via Facebook.
One question I have is, is there a way to pass user auth cookie from ACAccountStore to a UIWebView?
This will mean that, if a user clicks on a link and the built in web view page is shown, they will be able to comment/like/etc without having to login in the web view too.
Thanks,
Dan
I think it won't be possible if you don't control the service you want to be authenticated with in said webviews.
Injecting arbitrary cookies into a UIWebView is possible, as described e.g. here: Is it possible to set a cookie manually using sharedHTTPCookieStorage for a UIWebView?.
Cached auth tokens can be retrieved from ACAccountCredential. But OAuth tokens are not session-authenticating cookies.
Facebook does that. Whenever a webview is opened in their iOS client, the user will be automatically authenticated with Facebook in that webview. But they have control over their own service, so they created a mechanism for their iOS client to request session-authenticating cookies (that they then inject into webviews).
In general, though, being a 3rd party developer, you won't be able to reproduce that behavior. Unless of course given service has such mechanism for their own needs and you do some reverse-engineering.
I have to provide Facebook integration to an app that is mostly hybrid in its design ... i.e, most of the code is written as html5 pages (bundled with the app). I would prefer using the webview method of login to Facebook, but it appears that if I do use the webview method as opposed to using Facebook SDK for iOS, the user will have to enter a password every-time.
Can someone verify if my understanding is correct. This is what is I could gather from https://developers.facebook.com/docs/ios/login-tutorial:
Embedded WebView Login Dialog
...
Advantages:
...
Disadvantages:
Web-based dialogs tend to be slower.
People have to fill in their login credentials every time they go through the login flow.
Special considerations:
...
I created a sample app embedded with Facebook login awhile ago too. Yes, web-based dialogs tend to be slower. However, the user don't have to login their credential every time they go through it. As I tested, the user will just need to enter their info for the first time login only. Nevertheless, the user will need to login when his/her session finish. Please refer to Facebook API docs about how long is the session.
I hope this answer your question somehow. Cheer.
There are three different login methods in iOS:
Login via web pop-up
Login via Safari
Login via Native App
and one more in iOS 6 - login via native pop-up controller using iOS 6 Facebook credentials.
In my case, I'm using FB comments plugin inside UIWebView and I'd like to allow user to leave comments there. For that I'm using FB login via web pop-up. Using other methods lead to the two different results:
FB comments plugin not loading at all
FB comments plugin loaded, but user is still unauthorized (login via Safari)
Whereas I have no idea, how to deal with the first one, the second one happens I think because cookies (or FB credentials) are stored in safari, but not in my App, which is required for comments plugin to understand that the user has logged in.
In this case, I'm wondering - when and where should we use each of the FB login approaches?
And what should I use in my case?
I recommend using Parse to handle social account management. It's super easy to integrate with your code and free for your purposes. Take a look. Just sign up to Parse, Create an App and follow the easy quickstart guide. They also have great documentation and forums to help you out.