search

okta / okta-signin-widget

HTML/CSS/JS widget that provides out-of-the-box authentication UX for your organization's apps
Other
376 stars 319 forks source link

Allow non-http domain names to Trusted domains #852

Open vicebtx opened 5 years ago

vicebtx commented 5 years ago

:information_source: If you have a question, please post it on the Okta Developer Forum instead. Issues in this repository are reserved for bug reports and feature requests.

I'm submitting a

Background info

I'm working on a Hybrid app with angular and Ionic V4, using the okta-signin-widget to reach Okta's servers and ease the login and register of users. Currently if the app is hosted on a server (http://mydomain.com or http://localhost) communication between the app and Okta works perfectly but as soon as the app is deployed to either iOS or Android platform, i start to have issues with CORS as Ionic is sending the requests from an origin different than http or https. It actually runs as "ionic://localhost". I tried to add it to the trusted origins but, to my surprise, non-http domains are not allowed. This is blocking the whole purpose of using okta and Ionic

Expected behavior

ionic:// or other non-http domain names should be accepted and valid.

What went wrong?

Getting a CORS error in my app stating "ionic://localhost" is not valid domain.

Steps to reproduce

Try to add ionic://localhost to the trusted domains in Okta dev console.

Your environment

swiftone commented 5 years ago

@vicebtx - I'll speak up despite not being a mobile developer, but here's what I've heard in the past:

"You have to use the HTTP Native Plugin for Cordova when using Ionic with Okta. Applies if you’re using Capacitor too. If you use our OktaDev Schematics with Ionic 4, it configured everything for you."

swiftone commented 5 years ago

@vicebtx - This blog post may have some helpful details: https://developer.okta.com/blog/2017/08/22/build-an-ionic-app-with-user-authentication

vicebtx commented 5 years ago

Thanks for the tip, unfortunately i have some logic and http interceptors that will not work with the Native HTTP plugin.

bijanmmarkes commented 4 years ago

This needs to be supported, as this prevents people from creating progressive web applications using the widget, forcing an ugly redirect to the browser.

bijanmmarkes commented 4 years ago

capacitor://localhost and ionic://localhost should be a support origin @swiftone - At a minimum, the plugins should do the rewriting for us, as we have no control over it.