I'm trying to implement an OAuth2 authorization code flow as part of my iOS app. I open the third party's OAuth2 login page in an SFSafariViewController, and the url that I pass to the Safari controller includes an https redirect uri that is a universal link. When the user hasn't done an OAuth2 login recently, the Safari controller displays the login page, the user presses the "log in" button, and then the redirect uri is followed as a universal link, bringing control back to the app, as expected. (The user doesn't enter credentials on the third party's page because Safari has already cached them.)
The problem is that, if I immediately try to repeat that process, the Safari controller does not appear to open the third party's login page, and, judging by the hostname displayed at the top of the screen, it tries to go straight to the redirect uri, which doesn't get treated as a universal link this time. The Safari controller just shows a 403 error because the uri doesn't correspond to any real webpage.
Does anyone know the cause of and/or the solution to this problem? I suspect that it may have to do with this behavior documented by Apple (https://developer.apple.com/library/content/documentation/General/Conceptual/AppSearch/UniversalLinks.html):
If you instantiate a SFSafariViewController, WKWebView, or UIWebView object to handle a universal link, iOS opens your website in Safari instead of opening your app. However, if the user taps a universal link from within an embedded SFSafariViewController, WKWebView, or UIWebView object, iOS opens your app.
That doesn't entirely explain why it works in the first case but not in the second, and it doesn't explain how I might prevent the second case from happening.
Related
My current scenario is:
Running an iPhone on the latest iOS
LinkedIn App is installed and logged in
Web browser is NOT logged into LinkedIn (because I have the app)
Developing a web app with "log in with LinkedIn" functionality
On the iPhone, clicking the "log in with LinkedIn" button redirects me straight the the LinkedIn App, which subsequently does nothing - just shows me my feed. I have verified this same behaviour occurs on a third-party site as well as my own. Note that Android exhibits similar behaviour, though I haven't tested as extensively there.
I've found several workarounds:
If I open the web site in Private Browsing mode clicking the login button asks me if I want to open the App or stay in the browser.
If I long-press and "Open in background tab" the login button it'll open (in the background, of course) instead of redirecting to the app, allowing me to log in.
If I manually type "linkedin.com" into the browser and log in then it seems to work too.
None of these are even vaguely practical for end users, essentially forcing us to remove the option entirely.
I'm fairly sure this is a problem at LinkedIn's end and the solution is either:
Don't redirect to the App for OAuth Authorize requests, or
Make the App correctly handle OAuth Authorize requests.
If I'm incorrect and there's some way we can stop this redirect from the client side I'd be happy to hear, otherwise I hope LinkedIn engineers actually see this...
See the comments in Issues with Linkedin Social connection
LinkedIn already confirmed that it is a problem on their side.
I'm building a native application. The app has an embedded webview (UIWebView) pointing to a social website. To be able to use the website inside the app, user has to log in by the webview (username/password) and then he can continue use the site with saved cookies. Normally, the cookies expire after two days. After that, the user has to re-login by the webview.
Now suppose I know username and password of the user and I would like to make the user login automatically with this account when the cookie expires. How can I do that?
I tried to simulate the Login action when I click on Login button on web page, but not successful.By using "Inspect Element" of Chrome, I can see Chrome makes a "Post" request to an URL with some parameters. However, the request doesn't get successful (I use REST client for testing).
Finally I found out the solution. I didn't build requests anymore. I used javascript to set text fields and make "click" action on the webview. Done.
I am using oauth to authenticate my iPhone-app's users. They click the login button and Safari opens to display the password entry page. Afterwards they are redirected using a custom url scheme, e.g. myapp://somethingsomething, which opens the application again (sending Safari into the background).
Can I close the browser tap during that redirect? Or directly afterwards via Javascript?
I ask because if my user imports a bording pass to his Passbook, Safari opens and logs my user in again, since the tab was still there.
Ok fixed by doing a setTimeout() call in JS before issuing the redirect. In the setTimeout() another redirect is executed: To a harmless page.
I have a RoR / JQuery Mobile app that uses Facebook OAuth for authentication. It all works fine when accessing it via any normal browser on desktop and mobile with one exception.
If a user clicks a link to the app within the Twitter iOS app the home page loads within an internal webview. If the user then clicks 'Sign In with Facebook' the authentication seems to be successful but when Facebook redirects the user back to the app the page never loads. It just displays a blank page and the network indicator at the top of the screen just keeps spinning. If I close the web view and click the link again the page loads fine because the user has already authenticated.
Has any one else had problems with Facebook Auth inside the twitter app on iOS? Any suggestions on how I can resolve this problem? Is it possible this is just a bug with the Twitter app on iOS?
Thanks
I believe I found the solution. The facebook authentication process used a lot of redirects which I thought could be causing the problem (5 in total). After reviewing the process I realised I could remove one of the redirects and take the user directly to the page I wanted once they were authenticated.
www.example.com (link from the tweet)
www.example.com/auth/facebook (use clicks 'Login with Facebook')
1 - Redirect to: graph.facebook.com/oauth/authorize
2 - Redirect to: www.facebook.com/dialog/oauth
3 - Redirect to: www.example.com/auth/callback
4 - Redirect to: www.example.com/entry_path (This has now been removed)
5 - Redirect to: www.example.com/final_logged_in_path
The login process now works from within the Twitter iOS App.
I have an app that shows up as an iframe on a Page. (Here's an example.)
If you view the app tab as a Facebook user, whether you have the app installed or not, everything works correctly.
If you view the app tab as a Facebook Page that has not installed the app, everything works correctly.
If you view the app tab as a Facebook Page that has installed the app, nothing displays. In fact, when sniffing the HTTP headers, it looks like no attempt is ever made to load the app URL.
Any idea what needs to happen on the Facebook side of the equation in order to have the tab at least make an attempt to load the app's page?
Thanks!
This is now a desired behavior, once you trying to visit Application Tab by being logged in as Page you'll be prompted to use Facebook as regular user:
To access this page, you'll need to switch from using Facebook as your page to using Facebook as yourself.
BTW, this was described in bug Blank app page which is marked as fixed (and the described behavior sadly was a way to fix this)...