Does not work with WKWebView on iOS

[MT--]

Using this is a recent Ionic(3+) project, I came to notice that the plugin did not route the success callback or dismiss the SafariViewController after I added the "official" Ionic WKWebView plugin. This may be due to the fact there there is a local webserver being used to serve files and the file:// protocol is "not allowed" (though I have gotten it to work on iOS 10). I would say that it might be a CORS issue, since Auth0 domains likely have restrictions.

The Auth0 console shows a successful login, but the view does not move past accounts.google.com/...

[brassier]

@darkyen - Thanks for this update. Any idea when you'll be able to nail down the CORS issue you ran into?

[darkyen]

@brassier Apologies for the delay its now fixed and tested and we intend to release this in the next release (which should be today).

[brassier]

Thanks for the update @darkyen . Looking forward to testing this out. I don't see a new release for this yet. Any idea when that will happen?

[aaguiarz]

@brassier 0.3.0 was released yesterday https://www.npmjs.com/package/@auth0/cordova

[brassier]

Thanks @aaguiarz . My fault. I was watching the releases on the github project and not NPM. https://github.com/auth0/auth0-cordova/releases

[brassier]

I pulled in 0.3.0 and upgraded auth0-js to 9.0.2, and unfortunately this still isn't functional for me. Prior to these changes the app would be stuck on the Auth0 login page. It now gets past that and back into the app (which is great!). However, it doesn't actually complete the login. I can confirm that handleOpenURL() is being called, but calling Auth0Cordova.onRedirectUri() doesn't seem to complete the login and the callback wired up on Auth0Cordova.authorize() is never triggered.

I'll start digging into the code a bit, but I was hoping there's something easy I'm missing here. Does the Cordova version matter? I'm using 6.5.0 which by default pulls in cordova-ios4.3.1

Update: Not sure what changed, but this is now working for me. I uninstalled and re-installed the cordova-plugin-ionic-webview plugin and that seemed to jar something loose. I also added the inappbrowser plugin, but that shouldn't be related at all.

[darkyen]

Hi Brassier, I tested it on Cordova 8.0.0 (which just got released very recently). I do not think that there should be any problem with a lower cordova version as the plugins do most of the heavy lifting. Would it be possible to share a trace or log of the entire process?

[brassier]

Hi @darkyen - Thanks for following up. I'm not sure what happened, but it did end up working for me. I executed a bunch of steps, but the last 2 that seemed to work involved upgrading my cordova-plugin-ionic-webview plugin, and adding the inappbrowser plugin. If I have a situation where logins fail again I'll drop some logs out here. So far, so good. Thanks for the effort on this one!

[simonwatt]

I just installed 0.3.0 and it's finally hitting my authorize callback when using WKWebView on iOS (11.2.2), but there is always an error and the result is undefined. Prior to 0.3.0 it used to hang on the actual hosted page and never hit the callback at all, so this is progress.. but still not working as there's always an error passed to the callback.

The exact same code is working on Android, or on iOS when not using WKWebView.

Does anyone have any ideas on what I might be missing? Note - I'm not using Ionic. It's a PhoneGap app (cli-6.5.0) build via PhoneGap Build.

For example: Android: 0.3.0. Works fine 0.2.0 Works fine

iOS using WKWebView via in my config.xml: 0.3.0. Error callback on authorize always hit 0.2.0 Hangs on the hosted screen. Even error callback is not hit.

iOS NOT using WKWebView: 0.3.0. Works fine 0.2.0 Works fine

The error contains the following when I JSON.stringify() it: (For security reasons I've changed the Id, and the name to be 'MyApp').

{"original":{"line":38,"column":38141,"sourceURL":"file:///var/containers/Bundle/Application/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/MyApp.app/www/bundle.js","crossDomain":true,"method":"POST","url":"https://MyApp.au.auth0.com/oauth/token"},"code":null,"description":null,"name":"Error"}

[ghenry22]

Could you test using my fork of the wkwebview plugin?

Install from github url: https://github.com/ghenry22/cordova-plugin-ionic-webview#integratedFixes

In your config.xml add: <preference name="WKEnableBackground" value="true" />

See if that makes any difference.

The original ionic wkwebview plugin completely stops processing any javascript when in the background, this branch with the setting above changes the behaviour to continue running in the background as uiwebview does unless the OS suspends the app.

[simonwatt]

@ghenry22 Seeing as my App isn't an Ionic App I was actually using 'cordova-plugin-wkwebview-engine' plugin to provide WKWebView functionality. I didn't really click that I could use the Ionic web view on a standard PhoneGap App.

Anyway, I just tried using the Ionic plugin 'cordova-plugin-ionic-webview' (not the fork above), and finally I can login! I had to add <preference name="ScrollEnabled" value="true" /> when using it on a non Ionic App or scrolling wouldn't work, but other than that it seems to be working well and some issues I had on UIWebView seem to have gone so it was worth the effort to upgrade. Thanks!

[simonwatt]

@ghenry22 Nevermind, it looks like I spoke too soon; I'm still having issues when using the 'cordova-plugin-ionic-webview' plugin. I thought it was working fine, but strangely as soon as I do a build for UAT with a different App Id and a few other minor config changes to point to a different Auth0 tenant, it's back to hanging on the hosted login and doesn't hit my authorize callback. Both versions are almost identical (e.g same code, same versions of all Plugins) so I don't know what's going on and why the callback can be hit on one but not the other.

I'll try your fork as soon as I get the time and see if it makes a difference.

[simonwatt]

@ghenry22 Using your fork (https://github.com/ghenry22/cordova-plugin-ionic-webview#integratedFixes) I haven't had any issues so far and I can login fine, whereas the same code using the 'cordova-plugin-ionic-webview' plugin is still hanging (on most occasions, but not all the time) on login for me.

[saschwarz]

@ghenry22 Thank you for your branch! With 0.3.0 of @auth/cordova and WKWebView my app was also stuck at the login screen.

[darkyen]

Weird, in the repo i have examples/wkwebview can you test against that example?

[saschwarz]

Would it be possible to have the Ionic example updated?

[darkyen]

We are currently working on it, however the version update should just work.

[saschwarz]

@darkyen Thanks. Are you saying that upgrading to 0.3.0 and converting the app to use the official cordova-plugin-ionic-webview per the Ionic docs the login should be taken down automatically?

I went did that and still have the same issue as in 0.2.0: https://community.auth0.com/questions/13787/index.html

BTW: I didn't see a release or a git tag for 0.3.0 in this repository.

[mlynch]

We're tracking this at Ionic, will make sure we can get similar fixes into our WKWebView plugin and the upcoming Capacitor project we're working on (https://github.com/ionic-team/capacitor)

[darkyen]

@saschwarz yes it should, I have that exact setup in /examples/wkwebview. I am using the ionic webview, to keep the sample simple and re-use most code in /examples/src I used cordova directly instead of Ionic.

[saschwarz]

@darkyen maybe there is also an interaction or timing difference between plain cordova builds and Ionic builds that requires @ghenry22's version of cordova-plugin-ionic-webview? I just changed back to the official version of cordova-plugin-ionic-webview and wiped out/reinstalled npm/plugins/platforms:

rm package-lock.json
rm -rf node_modules/cordova-plugin-ionic-webview plugins platforms/ios
npm install
ionic cordova prepare ios --no-build
ionic cordova run ios

And I still have the original problem described in this issue with the 0.3.0 version. Then I switched to ghenry22's version, repeated the steps above, and, after logging in, the browser window is closed automatically.

BUT only the first time. If I log out and log in again the browser window doesn't dismiss. If I click the Done button the browser closes but the auth callback isn't called - it has the same symptoms as https://github.com/auth0/auth0-cordova/issues/67

[saschwarz]

If anyone else comes across this - the problem I had was the ionic-plugin-deeplinks was calling it's error callback and it wasn't calling through to the Auth0 callback after the first time. Replacing deeplinks with cordova-plugin-customurlscheme resolved the problem and I was able to use the official version of cordova-plugin-ionic-webview.

[bocodigital]

I am not using webkit and my callback is still never called, first time logging or not.

[swhile]

Does this work on iOS 11.3 for anyone? I have tried everything in this thread over several days and I can't get it to work. I've tried the background plugins, switching between the ionic webview plugin and wkwebview, ionic deep links vs custom url scheme. I haven't tried other versions of iOS yet. The Auth0 window opens, but it hangs after entering credentials and never returns to my app. I tested the custom url and it works.

[darkyen]

@swhile I'll test it on iOS 11.3 this week. Can you attach a debugger to WKWebView and check if it gets callback?

[JohnMcLear]

Try in Cordova not ionic.

---

From: swhile notifications@github.com Sent: Friday, 20 April 2018 6:33 pm To: auth0/auth0-cordova Cc: Subscribed Subject: Re: [auth0/auth0-cordova] Does not work with WKWebView on iOS (#42)

Does this work on iOS 11.3 for anyone? I have tried everything in this thread over several days and I can't get it to work. I've tried the background plugins, switching between the ionic webview plugin and wkwebview, ionic deep links vs custom url scheme. I haven't tried other versions of iOS yet. The Auth0 window opens, but it hangs after entering credentials and never returns to my app. I tested the custom url and it works.

- You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/auth0/auth0-cordova/issues/42#issuecomment-383168645, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AANewD3PUj2j0oiJrRPK5tNix7VPRL2sks5tqhxVgaJpZM4NqpLi.

[darkyen]

Interesting. That would imply that Apple Changed the UIWebView's handling logic. I just tried it in both and it worked out of the box.

[swhile]

@darkyen Thanks for investigating. I figured out the problem was caused by the Localytics plugin. Removing the plugin allowed the Auth0 callback to work in my app.

[studentIvan]

Had same issue, iOS 12.1.3 iPhoneX, phonegap, cordova 8.1.2 (cordova-lib@8.1.1), wkwebview

origin null is not allowed

<plugin name="cordova-plugin-wkwebview-engine" spec="~1.1.4" />
<plugin name="cordova-plugin-inappbrowser" spec="^2.0.2" />
<preference name="CordovaWebViewEngine" value="CDVWKWebViewEngine" />
<plugin name="cordova-universal-links-plugin" spec="~1.2.1" />
<plugin name="cordova-plugin-localization-strings" spec="~1.1.1">
<feature name="CDVWKWebViewEngine">
  <param name="ios-package" value="CDVWKWebViewEngine" />
</feature>
<preference name="websecurity" value="disable" />
<plugin name="cordova-plugin-safariviewcontroller" spec="^1.5.4" />
<plugin name="cordova-plugin-customurlscheme" spec="^4.3.0">

Planning to hack auth0-js and replace xmlhttprequest with native cordovaFetch Or to up the localhost server on the mobile, not sure

[brassier]

@studentIvan - If you happen to have the cordova-plugin-code-push plugin installed, that could be the cause too. I ran into that recently: https://github.com/Microsoft/cordova-plugin-code-push/issues/489

[darkyen]

Had same issue, iOS 12.1.3 iPhoneX, phonegap, cordova 8.1.2 (cordova-lib@8.1.1), wkwebview

origin null is not allowed

<plugin name="cordova-plugin-wkwebview-engine" spec="~1.1.4" />
<plugin name="cordova-plugin-inappbrowser" spec="^2.0.2" />
<preference name="CordovaWebViewEngine" value="CDVWKWebViewEngine" />
<plugin name="cordova-universal-links-plugin" spec="~1.2.1" />
<plugin name="cordova-plugin-localization-strings" spec="~1.1.1">
<feature name="CDVWKWebViewEngine">
  <param name="ios-package" value="CDVWKWebViewEngine" />
</feature>
<preference name="websecurity" value="disable" />
<plugin name="cordova-plugin-safariviewcontroller" spec="^1.5.4" />
<plugin name="cordova-plugin-customurlscheme" spec="^4.3.0">

Planning to hack auth0-js and replace xmlhttprequest with native cordovaFetch Or to up the localhost server on the mobile, not sure

Can you check in the auth0 dashboard if you have added localhost:8080 as an allowed origin?

[brassier]

@darkyen - I don't think that would help in this case. Notice the error Origin null is not allowed.... That shows that the Origin header is coming through as null (not localhost:8080).

That is exactly what I was seeing with certain versions of the code-push plugin, which is why I posted a link to that issue I ran into.

[darkyen]

Interesting, seems like it might be doing something by changing how network requests are handled.

[studentIvan]

@studentIvan - If you happen to have the cordova-plugin-code-push plugin installed, that could be the cause too. I ran into that recently: Microsoft/cordova-plugin-code-push#489

omg, how it can be related?)) I also have 1.11.17 version, seems it should be solved there

[studentIvan]

Can you check in the auth0 dashboard if you have added localhost:8080 as an allowed origin?

sure it has

[studentIvan]

turned off the code-push and it didn't help, continue checking

[studentIvan]

Auth0.js Authentication object has it's own param request (RequestBuilder) using superagent js library to do XHR requests. I guess we can pass our own RequestBuilder to it. Like myCordovaAuthObj.client.request = new MyOwnRequestBuilder(myCordovaAuthObj.client.baseOptions);

I will try to implement this thing today and notify you on success

[brassier]

If you are using code-push, it seems very strange that you are seeing an issue that recently came up with that plugin. You may want to run cordova plugin ls and make sure that you have 1.11.17. When I was testing that defect I had a couple times that didn't install the version I requested. Someone else also noticed the same on that issue. You may want to read the quote from that issue to make sure you actually have the latest.

@hciyang - I personally had some challenges getting cordova to get the proper version. For example, I explicitly installed @1.11.17 when I already had @1.11.16 installed, but my project stayed at @1.11.16 (as shown with cordova plugin list). Not sure if you are seeing the same.

It was most accurate for me when I actually removed the plugin, then removed the platform, then removed the plugins and platforms directory, then re-added things as needed. Probably overkill, but it seemed to be more reliable.

[studentIvan]

@brassier

$ cordova plugin ls
code-push 2.0.6 "CodePushAcquisition"
cordova-plugin-app-version 0.1.9 "AppVersion"
cordova-plugin-appcenter-analytics 0.3.0 "App Center Analytics for Cordova"
cordova-plugin-appcenter-crashes 0.3.0 "App Center Crashes for Cordova"
cordova-plugin-appcenter-push 0.3.0 "App Center Push for Cordova"
cordova-plugin-appcenter-shared 0.3.0 "App Center shared code for Cordova"
cordova-plugin-battery-status 1.2.5 "Battery"
cordova-plugin-code-push 1.11.17 "CodePush"
cordova-plugin-console 1.1.0 "Console"
cordova-plugin-customurlscheme 4.3.0 "Custom URL scheme"
cordova-plugin-device 2.0.2 "Device"
cordova-plugin-dialogs 2.0.1 "Notification"
cordova-plugin-disable-ios11-statusbar 1.0.0 "cordova-plugin-disable-ios11-statusbar"
cordova-plugin-fetch 0.1.0 "Cordova Fetch"
cordova-plugin-file 6.0.1 "File"
cordova-plugin-file-transfer 1.7.1 "File Transfer"
cordova-plugin-inappbrowser 2.0.2 "InAppBrowser"
cordova-plugin-intercom 6.2.0 "Intercom"
cordova-plugin-localization-strings 1.1.1 "Localization"
cordova-plugin-safariviewcontroller 1.5.4 "SafariViewController"
cordova-plugin-splashscreen 5.0.2 "Splashscreen"
cordova-plugin-whitelist 1.3.3 "Whitelist"
cordova-plugin-wkwebview-engine 1.1.4 "Cordova WKWebView Engine"
cordova-plugin-x-socialsharing 5.4.4 "SocialSharing"
cordova-plugin-zip 3.1.0 "cordova-plugin-zip"
cordova-universal-links-plugin 1.2.1 "Universal Links Plugin"
es6-promise-plugin 4.2.2 "Promise"

If guys from code-push use global XMLHttpRequest overwrite then is not ok by the way :)

[brassier]

Looks like a good indicator that you have code-push 1.11.17. Have you tried doing a clean project with just the plugins/packages needed to see if it is Auth0 + WKWebView plugin issues (as opposed to any other plugin)? You could also consider trying the cordova-plugin-ionic-webview plugin to pick up WKWebView to see if that changes anything. That's what I have, and it isn't sending null for the Origin: header - it is sending localhost:8080.

[studentIvan]

Looks like a good indicator that you have code-push 1.11.17. Have you tried doing a clean project with just the plugins/packages needed to see if it is Auth0 + WKWebView plugin issues (as opposed to any other plugin)? You could also consider trying the cordova-plugin-ionic-webview plugin to pick up WKWebView to see if that changes anything. That's what I have, and it isn't sending null for the Origin: header - it is sending localhost:8080.

how the pure cordova can send the localhost:8080 origin if it uses the file:// protocol? probably you are ionic app user, where the localhost is using by default since some version https://twitter.com/maxlynch/status/1019344740557492224

[darkyen]

Looks like a good indicator that you have code-push 1.11.17. Have you tried doing a clean project with just the plugins/packages needed to see if it is Auth0 + WKWebView plugin issues (as opposed to any other plugin)? You could also consider trying the cordova-plugin-ionic-webview plugin to pick up WKWebView to see if that changes anything. That's what I have, and it isn't sending null for the Origin: header - it is sending localhost:8080.

how the pure cordova can send the localhost:8080 origin if it uses the file:// protocol? probably you are ionic app user, where the localhost is using by default since some version https://twitter.com/maxlynch/status/1019344740557492224

It doesn't the origin at that point is null and the CORS restrictions are loosened. When you use WKWebView it adds localhost:8080, and adds CORS.

[brassier]

The docs speak to that (the many solutions link has some history too).

Rewriting file:// WKWebView still has some issues when referencing local files, file://. We tried many solutions but went with a local server, as it was the only solution that worked for every case.

[studentIvan]

Decided to move from wkvebview on ionic-webview, now at least it has ionic://localhost origin, not null

[studentIvan]

Ok solved with https://github.com/ionic-team/cordova-plugin-ionic-webview thank you all 👍