I developed a hybrid mobile app using the ionic framework (AngularJS, Apache Cordova, Nodejs, etc). When I deploy or run the hybrid app in a mobile device (android or iOS) via ionic view and I do Facebook aggregation, everything works on the backend but the app (front-end) does not send referer attribute in the HTTP Header.
The front-end after successfully doing Facebook Login and getting OAuth2 toke displays a white page that says:
Whitelable Error Page
This application has no explicit mapping for /error, so you are receiving this as a fall back.
There is some security around that, not sure what yet, but that is the reason the Facebook Spring Social code in my backend (a java .jar file running on Spring Boot) does not redirect back to AngularJS API in mobile device (front end) is failing.
I was reading here https://spring.io/guides/tutorials/spring-boot-oauth2/ but this is for a Web App using Spring Social. I am using Spring Social in a hybrid app. Any idea on how I can resolved this issue? To make the referer attribute dynamic and to be send in the HTTP Header?
Related
I am working on a MVC web app that requires authentication(Cookie) and a web api that uses token based authentication(Bearer). I also have an IOS app that communicates with the Web Api. So far everything is working fine.
Now I have to implement a new functionality on the IOS app that basically needs to show a web view and load a specific part of the web app, but that page requires authentication. The user was previously already authenticated on the IOS app, so what can I do to avoid that the user has to authenticate twice, one for the Ios app and also in the web view?
Please advice,
Thanks.
This is the solution:
If you set the Authorization header in the same way we do it for Web Api requests (Bearer + Token) then it works. It seems that the Mvc.Authorize attribute not only check for the cookie but also for the token(in the same way the Http.Authorize does it).
We are building an app using the cordova in-app browser as part of our authentication flow. We are seeing a problem with cookies not being passed by cordova on iOS 9.2 and later. We are using the Ionic platform for the app. Here is a detailed description:
We login users to the app by opening a login url (OKTA SSO login for the company) in the Cordova in-app browser plugin.
This renders the OKTA SAML template and allows the user to enter the credentials.
Upon do-login action, the in-app browser follows all the redirects and eventually on a successful Authentication renders the Drupal site from which we get content for the app.
At this point, we have the required cookie attached to the response to move forward and make direct API calls from the ionic application to the Drupal Resource API ( we do close the in-app browser once we load the Drupal site in the in-app browser).
This solution works perfectly on android and pre ios 9.2 devices.
With ios 9.2, there is a delayed hand-off of the cookies to the ionic webview once we close the in-app browser. I tried leaving the in-app browser open and i can access all the authenticated resources properly within the in-app browser right away without any delay, once the authentication is complete. So there is no issue withe the OKTA SSO flow or the cookie. There seems to be an issue with the cookie getting attached to the ionic webview from the in-app browser plugin.
On a average, it takes about a minute for the cookie to show up and we can then make API calls to Drupal. ( We keep calling Drupal API and on getting 403, we redirect to this same login flow and this continues for a while, until the cookie is available and the API call goes through successfully.)
Is there a way to get the cookie attached to the ionic webview from the in-app browser plugin without encountering this delay?
I'm trying to access authenticated data from Mobile apps via Asp.Net MVC5.
The backend is .NET (not Node.JS) and I'm using the C# SDK (not Javascript). Since custom auth (user\pwd) is not yet available for Mobile Apps I'm trying to connect with Facebook.
I've found this post but is very outdated now.
If you are trying to do both a mobile app clients AND the MVC client, then you might need to specify a list of OAuth URLS that are valid per:
https://developers.facebook.com/docs/facebook-login/security#surfacearea
You can set the list of valid callback URLs on the settings -> Advanced tab in the facebook app management.
I'm currently having some issues using the Venmo API in the context of an app built on the Ionic framework. I'm currently building an Ionic app, which uses the Venmo OAuth API, and trying to test it out on my iPhone. My Venmo authentication flow currently goes like this: I use the Cordova "In App Browser" plugin to open the Venmo OAuth sign-in page in-app, which redirects the user back to my app with a query parameter specifying an access token, allowing me to make requests to Venmo's API endpoints on the user's behalf. When I run my Ionic app on my Mac (via ionic serve) and access it via a web browser, I'm able to use the OAuth API (as you would expect). However, when I run my app on my iPhone, I can't get the app to work with OAuth API because the Venmo authorization page, opened with the In App Browser plugin, can't redirect back to my app. Again, this flow works in browser, but it fails on my iPhone.
To my knowledge, it looks like the OAuth API is the only way I can interact with Venmo through an Ionic app. This is presenting a problem because the "In App Browser" plugin doesn't allow Venmo's authorization page to redirect back to my app when testing on an iPhone. I'm open to trying this process any other way. I see in the Venmo docs that there's an iOS SDK but I don't think I can use that in any way in an Ionic app. If someone has an example of authenticating with other OAuth services in an Ionic app, that would also be helpful. Thanks in advance.
I have an angular app that painlessly integrates with Firebase's SimpleLogin service for Facebook on the web, however, it relies on opening a pop-up to do so.
Although iOS 7.0.3 seems to have fixed some severe bugs where alerts and popups were not functional in fullscreen web apps (i.e. after 'Add to Homescreen'-ing a website via Safari), the Facebook login fails after redirecting to Facebook and granting approval, landing back on a blank page (which requires an app restart to remove).
I suspect this has something to do with the was Facebook is redirecting back, but AFAIK I don't have control over that, nor would hacks like these fix this.
Are there any workaround that exist for this problem?
[Engineer at Firebase] Support for redirect-based OAuth has been added to the Firebase Simple Login Web Client as of v1.3.0, available from the Firebase CDN or via Bower using bower install firebase-simple-login.
This update enables the Firebase Simple Login client to detect iOS "standalone" applications and handle the redirect-based OAuth automatically in your application.