Google no longer allows OAuthetication from within the WebView. They throw an error that the user agent as not allowed. Additionally, using the WebView browser does not take advantage of existing Google sessions in the native app or system browser.
It waits for a responses (message.provider === 'google' && message.type === 'auth-response') but consoles all responses:
interface AuthMessage {
type: string;
provider: string;
error?: string;
cookie?: string;
token?: string;
}
const handleMessageFromFlutter = (event: MessageEvent) => {
try {
const message: AuthMessage = typeof event.data === "string" ? JSON.parse(event.data) : event.data;
console.log("FROM FLUTTER: ", message)
// Process the token received from Flutter
if (message.provider === 'google' && message.type === 'auth-response') {
setLoading(false)
setError(JSON.stringify(message)) // TODO: set cookie or token and navigate to "next" param or home
}
} catch (error) {
// @ts-ignore
setError("BAD PARSE" + error.toString())
console.error('Error handling message from Flutter:', error);
}
};
Currently, the web app and API use cookies for session management. If possible try to parse and pass back all cookies set by the API in case I can persist the session from within webview. Otherwise, I'll have to change the whole API auth layer to use tokens.
Google no longer allows OAuthetication from within the WebView. They throw an error that the user agent as not allowed. Additionally, using the WebView browser does not take advantage of existing Google sessions in the native app or system browser.
I have implemented a testable button available at SignUp and my-profile. You can render it conditionally with the search parameter
appOSwith any value. For example, https://djmote.com/my-profile?appOS=web - Flutter automatically adds this param when starting the app here https://github.com/eliataylor/tam-flutter/blob/master/lib/utils/url_utils.dart#L13Clicking the login button uses postMessage:
It waits for a responses
(message.provider === 'google' && message.type === 'auth-response')but consoles all responses:Currently, the web app and API use cookies for session management. If possible try to parse and pass back all cookies set by the API in case I can persist the session from within webview. Otherwise, I'll have to change the whole API auth layer to use tokens.