search

luis901101 / oauth_webauth

BSD 3-Clause "New" or "Revised" License
15 stars 16 forks source link

Unable to access native apps from webview #17

Open naveen-toolagen opened 3 days ago

naveen-toolagen commented 3 days ago

Hi - Presently, I have integrated azure ADB2C login using oauth_webauth package which works fine.

I have a requirement of accessing native app like Microsoft authenticator app to authenticate the azure login. But, here I am unable to access native apps from oauth webview.

Another package webview_flutter supports the feature of accessing native apps from webview.

Does oauth_webauth package allows to access native apps from webview similar to webview_flutter package ?

luis901101 commented 3 days ago

I’m not sure to understand what you need. Currently the plugin uses flutter_inappwebview for webviews so check with it if what you need is supported. As far as I know this webview implementation integrates well with password managers like 1Password, Bitwarden, Keychain, etc.

naveen-toolagen commented 3 days ago

To clarify the issue, I am copying the webview_flutter approach to load URL in webview

image

In the code there is onNavigationRequest option which allows users to detect the navigation request URL Based on request URL, user can intercept the navigation & perform some operation like launching native apps from webview itself.

Does similar approach is available in oauth_webauth package where user can detect the navigation URL & perform required operations.

image

luis901101 commented 3 days ago

Ok I see now. The feature to intercept the url where the webview is going to navigate to is supported as well by flutter_inappwebview. This plugin oauth_webauth doesn't provide a way to override this as this function handles the logic of authentication from the authentication provider. I could allow to override the function but right now I'm not sure if this would be ideal for the plugin, initially I created this plugin as an alternative for flutter_appauth to allow devs to have more control over the authentication UI, but regarding authentication flow I try to respect the OIDC standard, and I'm not sure there is a step to interrupt the flow to open a native application for OTP... AFIK if the authentication flow requires some OTP or Password then the input for the OTP or Password is the one with the responsibility to autofill with data from Password Managers, and this happens automatically as the Password Managers integrate with it in through the Operating System.