search

ionic-team / capacitor-plugins

Official plugins for Capacitor ⚡️
518 stars 583 forks source link

Support of ASWebAuthenticationSession in capacitor browser #1338

Open JosefBredereck opened 1 year ago

JosefBredereck commented 1 year ago

Feature Request

Plugin

@capacitor/browser

Description

I would like to request that ASWebAuthenticationSession is added to @capacitor/browser. It was already requested in https://github.com/ionic-team/capacitor/issues/6066 and https://github.com/ionic-team/capacitor/issues/1948, but the answers there are not reflecting the issue we encounter.

The solutions mention to add something like Social Authentication as a plugin. The problem there is, we do not want to use social auth solutions. We have our own OICD authentication service that works under the hood with OAuth 2.0 and does not work with the current method.

Even OAuth is mentioning it in their docs that this would not work.

Capacitor's Browser plugin on iOS uses SFSafariViewController, which on iOS 11+ does not share cookies with Safari on the device. This means that SSO will not work on those devices. If you need SSO, please instead use a compatible plugin that uses ASWebAuthenticationSession.

We now have to rely on @awesome-cordova-plugins/core with @awesome-cordova-plugins/in-app-browser and cordova-plugin-inappbrowser which is not a bad thing at first. But it feels a bit off when there is a browser plugin in capacitor.

While Capacitor has had backwards-compatibility with the Cordova Plugin API since the beginning, and a large percentage of Cordova plugins work in Capacitor apps, it is not clear for how long this will be the case. Let's assume in version 6 you decide against Cordova plugin support because you want to boost the architecture. In that case, simple functions as that are not working anymore.

And so far as I was able to find something about that. Even the ionic-team is installing a third-party module: https://github.com/ionic-team/ionic-docs/blob/57ffe070c1fdf7056e71619f6ff00d0863e7800b/versioned_docs/version-v5/native/ios-aswebauthenticationsession-api.md where they inform to install @awesome-cordova-plugins/ios-aswebauthenticationsession-api

Platform(s)

Preferred Solution

ASWebAuthenticationSession is supported by @capacitor/browser

sandstrom commented 1 year ago

Just to chime in (I wrote the other two issues referenced above), this also affects Android and their tool to solve this is called "Custom Tabs" (https://developer.chrome.com/docs/android/custom-tabs/#whentouse).

ms-emp commented 1 year ago

Just to chime in (I wrote the other two issues referenced above), this also affects Android and their tool to solve this is called "Custom Tabs" (https://developer.chrome.com/docs/android/custom-tabs/#whentouse).

Browser already uses Chrome Custom Tabs on Android

muuvmuuv commented 1 year ago

We really need an option here to get SSO working with cookies and custom SAML providers. I am currently trying to convert the Browser plugin to use ASWebAuth.

Chuckv01 commented 1 year ago

Same thing over here, hoping ASWebAuthenticationSession is added soon.

muuvmuuv commented 1 year ago

I converted just the SSO part to use ASWeb. Will share more next week. Android does not need any conversions as I know and web neither. Just iOS. Maybe someone from Cap-Team has enough exp. to get it as an opt-in option into Browser-Plugin. In our case it works and we can use ASWeb to do SSO with sharing callbackUrl back to Angular (cookies wont work in any iOS case, Apple does not allow that or only with a lot of effourt and security misstakes).