Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Universal link support #367

Open
galsc-tr opened this issue Mar 15, 2019 · 16 comments
Open

Universal link support #367

galsc-tr opened this issue Mar 15, 2019 · 16 comments
Labels
question

Comments

@galsc-tr
Copy link

Hi,

Using SFSafariViewController to login and assuming I've setup Universal Link support for my iOS app on my domain, how do I leverage and redirect to my domain using universal login from within SFSafariViewController?
@WilliamDenniss
Copy link
Member

You need to call [_currentAuthorizationFlow resumeExternalUserAgentFlowWithURL:url] from the method in your delegate that receives the universal link.

E.g. like this, but in the universal link method:

AppAuth-iOS/Examples/Example-iOS_ObjC/Source/AppDelegate.m

Lines 50 to 55 in 0c82267

// Sends the URL to the current authorization flow (if any) which will process it if it relates to
// an authorization response.
if ([_currentAuthorizationFlow resumeExternalUserAgentFlowWithURL:url]) {
_currentAuthorizationFlow = nil;
return YES;
}

@galsc-tr
Copy link
Author

How do I redirect from inside the HTML's WebView? (asking for both Android & iOS).

@grEvenX
Copy link

grEvenX commented Mar 25, 2019

Is anyone using universal links in production for native apps, I haven't been able to find any examples and I'm struggling a lot with it myself. It works fine the first time (when I don't currently have an auth session and I'm not logged in on the provider) probably because the redirect then happens after a button click and not due to automatic redirection.

See other user with the same problem here:
https://stackoverflow.com/questions/45239215/universal-link-fails-when-oauth2-login-page-redirects-immediately

To describe the issue I'm having:

  1. I open the app and it creates an OIDAuthorizationRequest
  2. I haven't authorised the app before, so after logging in at the OAuth Provider I see the "consent screen" where I can tap "authorize". The page is then redirected to the redirect URL, and the embedded browser/auth-view is automatically dismissed and I get the access/refresh tokens.
  3. The next time I try to create an OIDAuthorizationRequest I have already authorised the app and I am already logged in at the OAuth Provider, so it automatically redirects be to the redirect URL. When this happens I just see the page for the redirect URL in the embedded browser/auth-view. This is because the OS never forwards the request to the app, thus application(_ application: UIApplication, continue userActivity: NSUserActivity, restorationHandler: @escaping ([UIUserActivityRestoring]?) -> Void
    is never called.

(Btw, the README and the examples doesn't support Universal Links, because they rely on AppDelegate's application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool instead of the continue userActivity as mentioned above).

@grEvenX grEvenX mentioned this issue Mar 25, 2019
Open
@lapinek
Copy link

lapinek commented May 29, 2019

@grEvenX, as you are aware, this is not really an AppAuth-iOS specific issue. My (non-production) experience, which I described in #396, was that the authorization endpoint needs to be visited from an intermediate screen in order for Universal Links to be redirected to the app. In the case of the in-app browser tabs, the user needs to navigate to the authorization endpoint. With Safari, it appears, navigation/redirection to the authorization endpoint may occur automatically. Like I said in the other issue, I am not entirely sure why this has to apply to the authentication classes, which AppAuth uses in iOS 11 and 12. Looks like something overlooked by Apple and to be fixed by them.

@diptiy
Copy link

diptiy commented Aug 19, 2020

@WilliamDenniss, same issue is happening in my case as well. I am testing app on iOS simulator, and not on device. is there some dependency for this?

@appdev-exaring
Copy link

In my case, I don't even get a callback. None of the options open url or user activity. When I dump the request URL and paste it into the notes app and click the link there, everything works just fine. Any idea, what could have gone wrong?

@DanCananau
Copy link

I have the same issue as above. Universal link works fine from Notes, but is not triggered on a redirect from the identity provider. During the flow there is user interaction. Is there any response to this?

@kunwar231
Copy link

Has anyone found an issue to this? On My app, a blank page opens on SFSafariViewController which says 0kb. but it doesn't redirects to the app. But the universal links are correctly implemented as I have checked by using the redirect url in the notes.

@PankovSerge
Copy link

PankovSerge commented Jan 22, 2022
edited
Loading

Same here. I have implemented applinks with wildcard, but didn't get callback even for custom scheme. In case if wildcard not exist in entitlements, everything works as expected.

@shobhitpuri
Copy link

shobhitpuri commented Feb 7, 2022
edited
Loading

I'm having the same issue as everyone above. Has anyone been able to solve this?
@PankovSerge Do universal link OAuth work from you if opened from a SFSafariViewController or ASWebAuthenticationSession within the app? iOS 15.2

@Joren-Thijs-KasparSolutions
Copy link

I am suffering the same issue today. The in-app browser opens. goes to IDP login screen. I login, and then i'm sent to a blank page (since my redirect uri points to a non existingwebpage) and get stuck there instead of closing the browser and returning to the app. Has anyone been able to get this working with universal links yet?

@XiangloongChen
Copy link

@Joren-Thijs-KasparSolutions Did you use ASWebAuthenticationSession? I've suffered the same issue for 3 days, and finally find out universal link is not supported as redirect URL when using ASWebAuthenticationSession.

So the workaround could be:

  • Using a custom scheme URL as the redirect URL
  • Using a non-universal link(of your app) and implement redirecting to a deeplink of your app in this webpage(opened through your non-universal link)

@shobhitpuri
Copy link

shobhitpuri commented Jun 14, 2024
edited
Loading

@XiangloongChen I ended up with custom schema, since it is safe to use custom schema with ASWebAuthenticationSession, which was made by Apple specifically for authentication purpose. The session information is not shared with Safari or any other apps, so the custom schema would only redirect within the specific app, even if any malicious app registers for it. The official documentation says:

ASWebAuthenticationSession ensures that only the calling app’s session receives the authentication callback, even when more than one app registers the same callback URL scheme.

@matjua17 matjua17 mentioned this issue Jun 14, 2024
Open
@Joren-Thijs-KasparSolutions
Copy link

@XiangloongChen we ended up doing the same as @shobhitpuri and just used ASWebAuthenticationSession.

@krishnaprasadkuchur
Copy link

krishnaprasadkuchur commented Aug 21, 2024
edited
Loading

We've been running into the same issue for years now, and decided to stick around with custom schemes. (Given that another app cannot hijack a session initiated by our app). We did file a RADAR a couple of years ago with Apple, since we are not getting the callback once the universal link is loaded in some scenarios such as autofilled passwords from keychain. Yet to get a proper response from them.

I do see a new issue raised: #847 , about switching over to a new init API. has anyone gotten a chance to verify if using this API: https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/init(url:callback:completionhandler:)-6nut7?language=objc makes any difference?

@Moriya-Taichi
Copy link

I am facing the same issue.
To investigate whether the problem lies with AppAuth or ASWebAuthenticationSession, I wrote some simple code. I obtained the request URL from OIDAuthorizationRequest and set it as the URL for ASWebAuthenticationSession. I then compared two scenarios: setting the callbackURLScheme to the scheme of the redirect URL (in this case, https) similar to how it's done in AppAuth, and using the callback: ASWebAuthenticationSession.Callback with the universal link's host and path, which is available from iOS 17.4 onwards.

The results of the tests showed that using the current callbackURLScheme specification for ASWebAuthenticationSession did not trigger the completionHandler and did not work. However, when using the callback: ASWebAuthenticationSession.Callback specification available from iOS 17.4 onwards, the completionHandler was called, and it functioned correctly.

From these findings, I understand that AppAuth, which relies on ASWebAuthenticationSession, only works with custom URL schemes.

I verified with the following code.

let authRequest = OIDAuthorizationRequest(...)
let session = ASWebAuthenticationSession(
    url: authRequest.authorizationRequestURL(),
    callback: ASWebAuthenticationSession.Callback.https(
        host: <host>,
        path: <path>
    )
) { url, error in
    // working
}
session.presentationContextProvider = contextProvider
session.start()

let authRequest = OIDAuthorizationRequest(...)
let session = ASWebAuthenticationSession(
    url: authRequest.authorizationRequestURL(),
    callbackURLScheme: "https"
) { url, error in
    // not working
}
session.presentationContextProvider = contextProvider
session.start()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests