Closed yentheo closed 6 years ago
yentheo
commented
6 years ago I'd like to add that I'm running a simulator with iOS 11.2, while the guide said I did not need to add the custom scheme in the info.plist file if I'm running on something higher than iOS 10, I tried it anyhow but it doesn't help.
yentheo
commented
6 years ago After a bit more research I found out if you're on iOS 11^ it will use SFAuthenticationSession so it is normal that the redirect won't fire. But it still doesn't explain why it's not firing the callback in the app.
I tried using an iOS 10.3 simulator, it still doesn't work. It opens Safari instead of the SFAuthenticationSession. The url redirect method in the AppDelegate fires, but the Safari-window doesn't close.
WilliamDenniss
commented
6 years ago urn:ietf:wg:oauth:2.0:oob was never actually standardized, and was a redirect URI scheme designed for webview making it incompatible with AppAuth. Even if you can get it working with AppAuth, you shouldn't use it – as it's a global URN that doesn't change per app, so you might accidentally mix up the app which receives the token.
Instead, for both iOS and Android you should use a scheme like com.example.yourapp using a domain that you control. RFC 8252 Section 7.1 has a complete example. Your IDP (e.g. Azure AD) may provide this scheme for you – and I think in fact that Azure AD might provision a scheme for this purpose, but you'd need to ask them.
You're right that on iOS 11, rather than using a URL scheme launch event, instead we use the completion callback. This should fire if the user browses to the scheme. One possibility is that the IDP isn't redirecting to your scheme. Perhaps to debug the problem you can try a simple toy example: load a HTML page in the auth session with a single link where that link points to "com.example.yourapp:/example-provider". Set "com.example.yourapp" as the scheme in AppAuth and see if the window closes when the link is clicked. If it does, then something must be misconfigured with your IDP (e.g. Azure AD).
I'm using react-native-app-auth as a library to tackle authentication in my native iOS and Android app.
As Authorization server I'm using Azure AD. I first set everything up for iOS, using the default redirect URI for native apps
urn:ietf:wg:oauth:2.0:oob. And everything worked on iOS, but didn't on Android. Apparently they don't support theurn:ietf:wg:oauth:2.0:oobredirect scheme, and it seems the community is dropping support for this scheme in favor of a custom uri scheme, as does this library. So I added a custom scheme redirect uri in my Azure AD configuration and configured an extra intent to handle the custom scheme in Android. So now it worked on Android but not on iOS. So I added the code in my AppDelegate.h and .m to handle the uri redirect. When starting the app I get the message if I would like to login with the Azure AD provider, I click yes and I get the browser window. I enter my credentials, click login, and my app pops back up, but I don't receive the token, the uri redirect doesn't seem to fire. When opening Safari and entering the custom uri scheme, iOS asks if I would like to open my app. So the custom scheme binding is in place. But it doesn't work when coming from the sign in pop up. It does on Android and it does when I change the redirect uri back tourn:ietf:wg:oauth:2.0:oob.Am I missing some configuration or something?