IdentityModel / oidc-token-manager

Apache License 2.0
51 stars 36 forks source link

RedirectURL on Cordova Phonegap apps #27

Closed MishaTornes closed 8 years ago

MishaTornes commented 9 years ago

After completing my setup and using the oidc-token-manager without issues on the web I moved forward to build a Phonegap app. For the last week I have been stuck trying to make the app respond to the IdentityServer redirect command. For instance:

w3wp.exe Information: 0 : 2015-10-30 16:39:36.819 -04:00 [Information] Redirecting to: file:///android_asset/www/index.html

The view will just stand still on the scopes authorization page.

After looking for a solution from the Phonegap side I run into this Facebook OAuth .js client that specifies:

9.In the OAuth Settings section, add the following URLs in the Valid OAuth redirect URIs field: ◦http://localhost:8100/oauthcallback.html (for access using ionic serve) ◦https://www.facebook.com/connect/login_success.html (for access from Cordova)

I browsed around the code and the library is aware of being used by a browser or a Cordova app. Once there is a token it closes the browser to retrieve the response: https://github.com/ccoenraets/OpenFB/blob/master/openfb.js#L125

This could be a nice improvement if there isn't a workaround. What would be IdServer's redirectURL under this approach?

brockallen commented 9 years ago

You can use something like "oob://yourapp/callback". For mobile/desktop apps you just use a dummy URI like this to provide a flag to the client app to "wake up" and accept the token.

When working with Cordova I think you need the in-app browser plug-in -- are you using that?

MishaTornes commented 9 years ago

Hi Brock,

I'm using the new Cordova Template shipped with VS2015.

Using "Get Token" from the Samples repository I get the same mentioned results: I get stuck in the redirect action and in the Javascript Console: Not allowed to load local resource: file:///callback.html#id_token=XXXXXXX authorize (0,0)

Using InAppBrowser I'm not able to trigger the popup pages, they open and close so fast the attached event can't pick up the error. At the same time I can redirect to it manually using the same parameters from the console. window.open("popup.html", "_blank", "location=yes")

I rolled back to the Simple java-script implicit client example from your repository and using the in-app browser plug-in with the suggested "oob:" i get net::ERR_UNKNOWN_URL_SCHEME and the token comes over on the url.

I think I'll have no option but to use the same logic mentioned on [https://github.com/ccoenraets/OpenFB/blob/master/openfb.js#L125] to get the token and close the browser.

MishaTornes commented 9 years ago

I can confirm the suggested approach works starting from the Simple java-script implicit client: https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/JavaScriptImplicitClient-Simple/index.html#L43

I can open an overlay-ed InAppBrowser instance and get the access token from IdServer on my Android and iOS devices.

I'm unable to start InAppBrowser instances from oidc-token-manager.

brockallen commented 9 years ago

Did you ever get it sorted out?

MishaTornes commented 9 years ago

Hi Brock,

I can't get in-app-browser to open from oidc-token-manager. I'm getting the token "manually" watching changes to the in-app-browser URL. Seems to be the approach followed by most plugins.

brockallen commented 9 years ago

Oh, because the token manager tries to call window.open? So that doesn't work in cordova?

MishaTornes commented 9 years ago

It is supposed to work when you setup: window.open = cordova.InAppBrowser.open; but no luck here, the in-app-browser opened and crashed on me so fast the errors handler did not fire to log the issue.

brockallen commented 9 years ago

Ok. Cordova was never a target environment, but I'd love to make it work. I'll leave this issue here as a reminder to look into it whenever I can (which means it won't be for a long time).

If, in the meantime, you figure it out I've love to know and maybe even get a PR. Thx

brockallen commented 8 years ago

I'm going to close this for now. I think you can use the underlying OidcClient (especially in its rewritten form: https://github.com/IdentityModel/oidc-client-js/issues/2) and at least get some benefit of this as a protocol library.