feat: added support for webview as a provider for webauth

App/ViewController.swift

@@ -27,13 +27,15 @@ class ViewController: UIViewController {
     @IBAction func login(_ sender: Any) {
         Auth0
             .webAuth()
+            .useWebViewProvider()
             .logging(enabled: true)
             .start(onAuth)
     }
 
     @IBAction func logout(_ sender: Any) {
         Auth0
             .webAuth()
+            .useWebViewProvider()
             .logging(enabled: true)
             .clearSession(federated: false) { result in
                 switch result {

Auth0.xcodeproj/project.pbxproj

@@ -321,6 +321,8 @@
 		A7DDDF6D2BC9A81E0077B067 /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = A7DDDF6B2BC9A81E0077B067 /* PrivacyInfo.xcprivacy */; };
 		A7DDDF6E2BC9A81E0077B067 /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = A7DDDF6B2BC9A81E0077B067 /* PrivacyInfo.xcprivacy */; };
 		A7DDDF702BC9A93F0077B067 /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = A7DDDF6B2BC9A81E0077B067 /* PrivacyInfo.xcprivacy */; };
+		C107B51D2C9AC4D8006B6BEA /* WebViewProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = C107B51B2C9AC4D3006B6BEA /* WebViewProvider.swift */; };
+		C107B5222CA27F7C006B6BEA /* WebViewProviderSpec.swift in Sources */ = {isa = PBXBuildFile; fileRef = C107B5202CA27F76006B6BEA /* WebViewProviderSpec.swift */; };
 		C12BFE432C352DD400D1CC00 /* NetworkStub.swift in Sources */ = {isa = PBXBuildFile; fileRef = C177D76F2C2BDFE40094C657 /* NetworkStub.swift */; };
 		C12BFE442C352DD700D1CC00 /* StubURLProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = C177D7742C2BE00D0094C657 /* StubURLProtocol.swift */; };
 		C177D6C32C2ADDEB0094C657 /* Auth0.plist in Resources */ = {isa = PBXBuildFile; fileRef = C177D6C22C2ADDEB0094C657 /* Auth0.plist */; };
@@ -746,6 +748,8 @@
 		5FF465BB1CE2AC4500F7ED8C /* Management.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = Management.swift; path = Auth0/Management.swift; sourceTree = SOURCE_ROOT; };
 		970BC36A25C27095007A7745 /* Challenge.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Challenge.swift; sourceTree = "<group>"; };
 		A7DDDF6B2BC9A81E0077B067 /* PrivacyInfo.xcprivacy */ = {isa = PBXFileReference; lastKnownFileType = text.xml; path = PrivacyInfo.xcprivacy; sourceTree = "<group>"; };
+		C107B51B2C9AC4D3006B6BEA /* WebViewProvider.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WebViewProvider.swift; sourceTree = "<group>"; };
+		C107B5202CA27F76006B6BEA /* WebViewProviderSpec.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WebViewProviderSpec.swift; sourceTree = "<group>"; };
 		C177D6C22C2ADDEB0094C657 /* Auth0.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Auth0.plist; sourceTree = "<group>"; };
 		C177D76F2C2BDFE40094C657 /* NetworkStub.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NetworkStub.swift; sourceTree = "<group>"; };
 		C177D7742C2BE00D0094C657 /* StubURLProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StubURLProtocol.swift; sourceTree = "<group>"; };
@@ -928,6 +932,7 @@
 		5C0AF09828330CA000162044 /* Providers */ = {
 			isa = PBXGroup;
 			children = (
+				C107B51B2C9AC4D3006B6BEA /* WebViewProvider.swift */,
 				5B16D88C1F7141A0009476A5 /* ASProvider.swift */,
 				5C0AF09928330CBA00162044 /* SafariProvider.swift */,
 			);
@@ -977,6 +982,7 @@
 		5CF539222836DC360073F623 /* Providers */ = {
 			isa = PBXGroup;
 			children = (
+				C107B5202CA27F76006B6BEA /* WebViewProviderSpec.swift */,
 				5CF5392A283835460073F623 /* ASProviderSpec.swift */,
 				5CF539232836DCC10073F623 /* SafariProviderSpec.swift */,
 			);
@@ -2046,6 +2052,7 @@
 				5F3965C21CF67CF000CDE7C0 /* WebAuth.swift in Sources */,
 				5FCAB1761D0900CF00331C84 /* TransactionStore.swift in Sources */,
 				5FDE87471D8A422300EA27DC /* Telemetry.swift in Sources */,
+				C107B51D2C9AC4D8006B6BEA /* WebViewProvider.swift in Sources */,
 				5FAE9C911D8878D400A871CE /* Auth0WebAuth.swift in Sources */,
 				5B5E93F91EC45C22002A37F9 /* CredentialsManagerError.swift in Sources */,
 				5CA541CD2B1A81A700E4284D /* Documentation.docc in Sources */,
@@ -2151,6 +2158,7 @@
 				5FADB6091CED500900D4BB50 /* ManagementSpec.swift in Sources */,
 				5FCAB16D1D07AC3500331C84 /* WebAuthSpec.swift in Sources */,
 				5F28B4671D8300D50000EB23 /* LoggerSpec.swift in Sources */,
+				C107B5222CA27F7C006B6BEA /* WebViewProviderSpec.swift in Sources */,
 				5FBBF0431CCA90300024D2AF /* AuthenticationSpec.swift in Sources */,
 				5B2860D61EEF210A00C75D54 /* UserInfoSpec.swift in Sources */,
 				5C809D9A275FA3EF00F15A67 /* ManagementErrorSpec.swift in Sources */,

Auth0.xcodeproj/xcshareddata/xcschemes/Auth0.iOS.xcscheme

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
    LastUpgradeVersion = "1400"
-   version = "1.3">
+   version = "1.7">
    <BuildAction
       parallelizeBuildables = "YES"
       buildImplicitDependencies = "YES">
@@ -47,6 +47,10 @@
                BlueprintName = "Auth0Tests.iOS"
                ReferencedContainer = "container:Auth0.xcodeproj">
             </BuildableReference>
+            <LocationScenarioReference
+               identifier = "com.apple.dt.IDEFoundation.CurrentLocationScenarioIdentifier"
+               referenceType = "1">
+            </LocationScenarioReference>
          </TestableReference>
       </Testables>
    </TestAction>

Auth0/Auth0WebAuth.swift

@@ -1,6 +1,9 @@
 #if WEB_AUTH_PLATFORM
 import Foundation
 import Combine
+#if os(iOS)
+import UIKit
+#endif
 
 final class Auth0WebAuth: WebAuth {
 
@@ -33,6 +36,11 @@
     private(set) var overrideAuthorizeURL: URL?
     private(set) var provider: WebAuthProvider?
     private(set) var onCloseCallback: (() -> Void)?
+
+    #if os(iOS)
+    private(set) var useWebViewProvider = false
+    private(set) var webViewProviderPresentationStyle: UIModalPresentationStyle = .fullScreen
+    #endif
 
     var state: String {
         return self.parameters["state"] ?? self.generateDefaultState()
@@ -144,6 +152,14 @@
         self.ephemeralSession = true
         return self
     }
+
+    #if os(iOS)
+    func useWebViewProvider(style: UIModalPresentationStyle = .fullScreen) -> Self {
+        self.useWebViewProvider = true
+        self.webViewProviderPresentationStyle = style
+        return self
+    }
+    #endif
 
     func invitationURL(_ invitationURL: URL) -> Self {
         self.invitationURL = invitationURL
@@ -196,8 +212,12 @@
                                                   state: state,
                                                   organization: organization,
                                                   invitation: invitation)
-        let provider = self.provider ?? WebAuthentication.asProvider(redirectURL: redirectURL,
-                                                                     ephemeralSession: ephemeralSession)
+
+        #if os(iOS)
+        let provider = useWebViewProvider ? WebAuthentication.webViewProvider(redirectionURL: redirectURL, style: webViewProviderPresentationStyle) : (self.provider ?? WebAuthentication.asProvider(redirectURL: redirectURL, ephemeralSession: ephemeralSession))
+        #else
+        let provider = self.provider ?? WebAuthentication.asProvider(redirectURL: redirectURL, ephemeralSession: ephemeralSession)
+        #endif
         let userAgent = provider(authorizeURL) { [storage, onCloseCallback] result in
             storage.clear()
 
@@ -238,7 +258,11 @@
             return callback(.failure(WebAuthError(code: .noBundleIdentifier)))
         }
 
+        #if os(iOS)
+        let provider = useWebViewProvider ? WebAuthentication.webViewProvider(redirectionURL: redirectURL, style: webViewProviderPresentationStyle) : (self.provider ?? WebAuthentication.asProvider(redirectURL: redirectURL))
+        #else
         let provider = self.provider ?? WebAuthentication.asProvider(redirectURL: redirectURL)
+        #endif
         let userAgent = provider(logoutURL) { [storage] result in
             storage.clear()
             callback(result)

Auth0/SafariProvider.swift

@@ -125,7 +125,6 @@ extension SafariUserAgent: SFSafariViewControllerDelegate {
         // If you are developing a custom Web Auth provider, call WebAuthentication.cancel() instead
         // TransactionStore is internal
         TransactionStore.shared.cancel()
-
     }
 
 }

Auth0/WebAuth.swift

@@ -4,6 +4,10 @@
 import Foundation
 import Combine
 
+#if os(iOS)
+import UIKit
+#endif
+
 /// Callback invoked by the ``WebAuthUserAgent`` when the web-based operation concludes.
 public typealias WebAuthProviderCallback = (WebAuthResult<Void>) -> Void
 
@@ -164,6 +168,10 @@
     /// - [FAQ](https://github.com/auth0/Auth0.swift/blob/master/FAQ.md)
     /// - [prefersEphemeralWebBrowserSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/3237231-prefersephemeralwebbrowsersessio)
     func useEphemeralSession() -> Self
+
+#if os(iOS)
+    func useWebViewProvider(style: UIModalPresentationStyle) -> Self
+#endif
 
     /// Specify an invitation URL to join an organization.
     ///
@@ -413,6 +421,11 @@
         return try await self.clearSession(federated: federated)
     }
     #endif
-
+
+    #if os(iOS)
+    func useWebViewProvider(style: UIModalPresentationStyle = .fullScreen) -> Self {
+        return self.useWebViewProvider(style: style)
+    }
+    #endif
 }
 #endif

Auth0/WebAuthError.swift

@@ -5,6 +5,10 @@
 public struct WebAuthError: Auth0Error {
 
     enum Code: Equatable {
+        case webViewNavigationFailed
+        case webViewProvisionalNavigationFailed
+        case webViewContentProcessTerminated
+        case webViewResourceLoadingStopped
         case noBundleIdentifier
         case transactionActiveAlready
         case invalidInvitationURL(String)
@@ -39,7 +43,7 @@
     /// build a valid URL.
     /// This error does not include a ``Auth0Error/cause-9wuyi``.
     public static let noBundleIdentifier: WebAuthError = .init(code: .noBundleIdentifier)
 
     /// There is already an active transaction at the moment; therefore, this newly initiated transaction is canceled.
     /// This error does not include a ``Auth0Error/cause-9wuyi``.
     public static let transactionActiveAlready: WebAuthError = .init(code: .transactionActiveAlready)
@@ -82,6 +86,10 @@
 
     var message: String {
         switch self.code {
+        case .webViewNavigationFailed: return "An error occured during a committed main frame navigation of WebView"
+        case .webViewProvisionalNavigationFailed: return "An error occured while starting to load data for the main frame of WebView"
+        case .webViewContentProcessTerminated: return "WebView's content process is terminated."
+        case .webViewResourceLoadingStopped: return "WebView's resource loading has been stopped"
         case .noBundleIdentifier: return "Unable to retrieve the bundle identifier from Bundle.main.bundleIdentifier,"
             + " or it could not be used to build a valid URL."
         case .transactionActiveAlready: return "Failed to start this transaction, as there is an active transaction at the"

Auth0/WebViewProvider.swift

@@ -0,0 +1,163 @@
+//
+//  WebViewProvider.swift
+//  Auth0
+//
+//  Created by Desu Sai Venkat on 18/09/24.
+//  Copyright © 2024 Auth0. All rights reserved.
+//
+
+#if os(iOS)
+
+@preconcurrency import WebKit
+
+
+extension WebAuthentication {
+    static func webViewProvider(redirectionURL: URL, style: UIModalPresentationStyle = .fullScreen) -> WebAuthProvider {
+        return { url, callback  in
+            WebViewUserAgent(authorizeURL: url, redirectURL: redirectionURL, modalPresentationStyle: style, callback: callback)
+        }
+    }
+}
+
+extension WebViewUserAgent {
+    var topViewController: UIViewController? {
+        guard let root = UIApplication.shared()?.windows.last(where: \.isKeyWindow)?.rootViewController else {
+            return nil
+        }
+        return self.findTopViewController(from: root)
+    }
+
+    private func findTopViewController(from root: UIViewController) -> UIViewController? {
+        if let presented = root.presentedViewController { return self.findTopViewController(from: presented) }
+
+        switch root {
+        case let split as UISplitViewController:
+            guard let last = split.viewControllers.last else { return split }
+            return self.findTopViewController(from: last)
+        case let navigation as UINavigationController:
+            guard let top = navigation.topViewController else { return navigation }
+            return self.findTopViewController(from: top)
+        case let tab as UITabBarController:
+            guard let selected = tab.selectedViewController else { return tab }
+            return self.findTopViewController(from: selected)
+        default:
+            return root
+        }
+    }
+}
+
+class WebViewUserAgent: NSObject, WebAuthUserAgent {
+
+    static let customSchemeRedirectionSuccessMessage = "com.auth0.webview.redirection_success"
+    static let customSchemeRedirectionFailureMessage = "com.auth0.webview.redirection_failure"
+    let defaultSchemesSupportedByWKWebview = ["http", "https"]
+
+    let request: URLRequest
+    var webview: WKWebView!
+    let viewController: UIViewController
+    let redirectURL: URL
+    let callback: WebAuthProviderCallback
+
+
+    init(authorizeURL: URL, redirectURL: URL, viewController: UIViewController = UIViewController(), modalPresentationStyle: UIModalPresentationStyle = .fullScreen, callback: @escaping WebAuthProviderCallback) {
+        self.request = URLRequest(url: authorizeURL)
+        self.redirectURL = redirectURL
+        self.callback = callback
+        self.viewController = viewController
+        self.viewController.modalPresentationStyle = modalPresentationStyle
+
+        super.init()
+        if !defaultSchemesSupportedByWKWebview.contains(redirectURL.scheme!) {
+            self.setupWebViewWithCustomScheme()
+        } else {
+            self.setupWebViewWithHTTPS()
+        }
+    }
+
+    private func setupWebViewWithCustomScheme() {
+        let configuration = WKWebViewConfiguration()
+        configuration.setURLSchemeHandler(self, forURLScheme: redirectURL.scheme!)
+        self.webview = WKWebView(frame: .zero, configuration: configuration)
+        self.viewController.view = webview
+        webview.navigationDelegate = self
+    }
+
+    private func setupWebViewWithHTTPS() {
+        self.webview = WKWebView(frame: .zero)
+        self.viewController.view = webview
+        webview.navigationDelegate = self
+    }
+
+    func start() {
+        self.webview.load(self.request)
+        self.topViewController?.present(self.viewController, animated: true)
+    }
+
+    func finish(with result: WebAuthResult<Void>) {
+        DispatchQueue.main.async { [weak webview, weak viewController, callback] in
+            webview?.removeFromSuperview()
+            guard let presenting = viewController?.presentingViewController else {
+                let error = WebAuthError(code: .unknown("Cannot dismiss WKWebView"))
+                return callback(.failure(error))
+            }
+            presenting.dismiss(animated: true) {
+                callback(result)
+            }
+        }
+    }
+
+    public override var description: String {
+        return String(describing: WKWebView.self)
+    }
+}
+
+/// Handling Custom Scheme Callbacks
+extension WebViewUserAgent: WKURLSchemeHandler {
+    func webView(_ webView: WKWebView, start urlSchemeTask: any WKURLSchemeTask) {
+        _ = TransactionStore.shared.resume(urlSchemeTask.request.url!)
+        let error = NSError(domain: WebViewUserAgent.customSchemeRedirectionSuccessMessage, code: 200, userInfo: [
+            NSLocalizedDescriptionKey: "WebViewProvider: WKURLSchemeHandler: Succesfully redirected back to the app"
+        ])
+        urlSchemeTask.didFailWithError(error)
+    }
+
+    func webView(_ webView: WKWebView, stop urlSchemeTask: any WKURLSchemeTask) {
+        let error = NSError(domain: WebViewUserAgent.customSchemeRedirectionFailureMessage, code: 400, userInfo: [
+            NSLocalizedDescriptionKey: "WebViewProvider: WKURLSchemeHandler: Webview Resource Loading has been stopped"
+        ])
+        urlSchemeTask.didFailWithError(error)
+        self.finish(with: .failure(WebAuthError(code: .webViewResourceLoadingStopped)))
+    }
+}
+
+/// Handling HTTPS Callbacks
+extension WebViewUserAgent: WKNavigationDelegate {
+    func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
+        if let callbackUrl = navigationAction.request.url, callbackUrl.absoluteString.starts(with: redirectURL.absoluteString) {
+            _ = TransactionStore.shared.resume(callbackUrl)
+            decisionHandler(.cancel)
+        } else {
+            decisionHandler(.allow)
+        }
+    }
+
+    func webView(_ webView: WKWebView, didFail navigation: WKNavigation!, withError error: any Error) {
+        if (error as NSError).domain == WebViewUserAgent.customSchemeRedirectionSuccessMessage {
+            return
+        }
+        self.finish(with: .failure(WebAuthError(code: .webViewNavigationFailed, cause: error)))
+    }
+
+    func webView(_ webView: WKWebView, didFailProvisionalNavigation navigation: WKNavigation!, withError error: any Error) {
+        if (error as NSError).domain == WebViewUserAgent.customSchemeRedirectionSuccessMessage {
+            return
+        }
+        self.finish(with: .failure(WebAuthError(code: .webViewProvisionalNavigationFailed, cause: error)))
+    }
+
+    func webViewWebContentProcessDidTerminate(_ webView: WKWebView) {
+        self.finish(with: .failure(WebAuthError(code: .webViewContentProcessTerminated)))
+    }
+}
+
+#endif

Auth0Tests/CredentialsManagerSpec.swift

@@ -451,7 +451,7 @@ class CredentialsManagerSpec: QuickSpec {
                     credentials = Credentials(accessToken: AccessToken, tokenType: TokenType, idToken: IdToken, refreshToken: RefreshToken, expiresIn: Date(timeIntervalSinceNow: -ExpiresIn))
                     _ = credentialsManager.store(credentials: credentials)
 
-                    waitUntil(timeout: Timeout) { done in
+                    waitUntil(timeout: .seconds(5)) { done in
                         credentialsManager.credentials { result in
                             expect(result).to(haveCredentialsManagerError(expectedError))
                             done()