search

MaikuB / flutter_appauth

A Flutter wrapper for AppAuth iOS and Android SDKs
270 stars 243 forks source link

CFBundleURLTypes settings is seemingly no longer necessary #342

Closed KKamishima closed 2 years ago

KKamishima commented 2 years ago

The official guide provides instructions on iOS to add some settings in Info.plist if you want to use a custom URL scheme.

https://pub.dev/packages/flutter_appauth

However, the current version of AppAuth-iOS apparently does not require such settings. Their documentation does not mention anything about it any more. Also it does work without it as long as I tested.

https://github.com/openid/AppAuth-iOS

MaikuB commented 2 years ago

This isn't to do with the version of AppAuth iOS and you can go back to see it wasn't mentioned in the readme in older versions. This is to do with a generic setting that is in Apple's own specifications (https://developer.apple.com/documentation/bundleresources/information_property_list/cfbundleurltypes) and if you check the examples in https://github.com/openid/AppAuth-iOS/tree/master/Examples, those settings are there and docs mentions specifying them.

KKamishima commented 2 years ago

Thank you for your comment @MaikuB

I understand your stance on the matter and I withdraw this issue for the moment. However, there are still discrepancies between what I observe and what they (=AppAuth_iOS authors) claim via their demo code and documentation, and I want it to clear it up. I am going to submit an issue in their database.

The rest is just a note:

In their code, they pass the custom scheme id to ASWebAuthenticationSession or SFAuthenticationSession, according to the configuration. https://github.com/openid/AppAuth-iOS/blob/e191b1beadf3041259652e6e464eaceff16e5fbb/Source/AppAuth/iOS/OIDExternalUserAgentIOS.m#L97

The article from Apple on these APIs are not that clear in the first place. They do not mention anything about required configurations in your app; they may be implying it by using the word 'custom scheme' but who knows? https://developer.apple.com/documentation/authenticationservices/authenticating_a_user_through_a_web_service According to this passage, it may be handled internally in the browser (probably via its hooking mechanism) and not let the OS handle the custom scheme, which requires the said configurations in Info.plist.

After the user authenticates, the authentication provider redirects the browser to a URL that uses the callback scheme. The browser detects the redirect, dismisses itself, and passes the complete URL to your app by calling the closure you specified during initialization.

MaikuB commented 2 years ago

Agreed it's not clear. I had seen other docs that state this is to support older versions of iOS. In saying that, there's no harm to include it either