search

auth0 / auth0-spa-js

Auth0 authentication for Single Page Applications (SPA) with PKCE
MIT License
923 stars 364 forks source link

It is unclear whether this library is suitable for a Cordova application #511

Closed danielcrisp closed 4 years ago

danielcrisp commented 4 years ago

This is more of a shortcoming in the documentation rather than a bug.

I've read that PKCE is the preferred method for hybrid apps, such as Cordova, but it is not clear whether or not this library can actually be used.

I'm aware of https://github.com/auth0/auth0-cordova but I can't figure out if it can be used to supplement auth0-spa-js or you can only use one or the other. They appear to be implemented in quite different ways.

It seems that auth0-spa-js has some advantages, such as refresh token support, plus it is suitable for use in the browser, so if possible I'd like to implement this and then hook in the necessary Cordova support (rather than having two different packages for my web vs hybrid app builds).

Please can you clarify if an existing SPA should be able to use this library within a hybrid app (without too much hassle) or if Auth0's recommended approach is to use the auth0-cordova package?

stevehobbsdev commented 4 years ago

Thanks for raising @danielcrisp. The intended use case for this SDK is SPA applications running in the browser so there may be some things that do not play quite nicely within a hybrid app. Currently the recommendation is to use auth0-cordova.

hicreate commented 4 years ago

I'm trying to find a similar solution. I'm using the auth-spa-sdk in a Web app but can't find a fix to make it work in Web view in a cordova app. I don't want to use auth-cordova-sdk and run 2 auth sdks in the same project.

(On a side note the auth cordova quick start doesn't appear to work anymore)

Anyone else tried extending the spa-sdk to work with cordova? We could compare notes.

td-edge commented 3 years ago

@hicreate I was able to get it working in a browser using this guide (ionic5/angular9/cordova): https://blog.learningdollars.com/2020/01/14/how-to-configure-auth0-with-angular-8/

Good luck getting it work in mobile though. Seems impossible at the moment. I can't figure out the correct callback structure and using auth0-cordova doesn't work because angular changed their rules around webpack. If you can't use webpack to load the crypto library, the auth0 guides don't work.