Open galsc-tr opened 5 years ago
You need to call [_currentAuthorizationFlow resumeExternalUserAgentFlowWithURL:url]
from the method in your delegate that receives the universal link.
E.g. like this, but in the universal link method:
How do I redirect from inside the HTML's WebView? (asking for both Android & iOS).
Is anyone using universal links in production for native apps, I haven't been able to find any examples and I'm struggling a lot with it myself. It works fine the first time (when I don't currently have an auth session and I'm not logged in on the provider) probably because the redirect then happens after a button click and not due to automatic redirection.
See other user with the same problem here: https://stackoverflow.com/questions/45239215/universal-link-fails-when-oauth2-login-page-redirects-immediately
To describe the issue I'm having:
application(_ application: UIApplication, continue userActivity: NSUserActivity, restorationHandler: @escaping ([UIUserActivityRestoring]?) -> Void
is never called.(Btw, the README and the examples doesn't support Universal Links, because they rely on AppDelegate's application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool
instead of the continue userActivity
as mentioned above).
@grEvenX, as you are aware, this is not really an AppAuth-iOS specific issue. My (non-production) experience, which I described in #396, was that the authorization endpoint needs to be visited from an intermediate screen in order for Universal Links to be redirected to the app. In the case of the in-app browser tabs, the user needs to navigate to the authorization endpoint. With Safari, it appears, navigation/redirection to the authorization endpoint may occur automatically. Like I said in the other issue, I am not entirely sure why this has to apply to the authentication classes, which AppAuth uses in iOS 11 and 12. Looks like something overlooked by Apple and to be fixed by them.
@WilliamDenniss, same issue is happening in my case as well. I am testing app on iOS simulator, and not on device. is there some dependency for this?
In my case, I don't even get a callback. None of the options open url or user activity. When I dump the request URL and paste it into the notes app and click the link there, everything works just fine. Any idea, what could have gone wrong?
I have the same issue as above. Universal link works fine from Notes, but is not triggered on a redirect from the identity provider. During the flow there is user interaction. Is there any response to this?
Has anyone found an issue to this? On My app, a blank page opens on SFSafariViewController which says 0kb. but it doesn't redirects to the app. But the universal links are correctly implemented as I have checked by using the redirect url in the notes.
Same here. I have implemented applinks with wildcard, but didn't get callback even for custom scheme. In case if wildcard not exist in entitlements, everything works as expected.
I'm having the same issue as everyone above. Has anyone been able to solve this?
@PankovSerge Do universal link OAuth work from you if opened from a SFSafariViewController
or ASWebAuthenticationSession
within the app? iOS 15.2
I am suffering the same issue today. The in-app browser opens. goes to IDP login screen. I login, and then i'm sent to a blank page (since my redirect uri points to a non existingwebpage) and get stuck there instead of closing the browser and returning to the app. Has anyone been able to get this working with universal links yet?
@Joren-Thijs-KasparSolutions Did you use ASWebAuthenticationSession? I've suffered the same issue for 3 days, and finally find out universal link is not supported as redirect URL when using ASWebAuthenticationSession.
So the workaround could be:
@XiangloongChen I ended up with custom schema, since it is safe to use custom schema with ASWebAuthenticationSession
, which was made by Apple specifically for authentication purpose. The session information is not shared with Safari or any other apps, so the custom schema would only redirect within the specific app, even if any malicious app registers for it. The official documentation says:
ASWebAuthenticationSession ensures that only the calling app’s session receives the authentication callback, even when more than one app registers the same callback URL scheme.
@XiangloongChen we ended up doing the same as @shobhitpuri and just used ASWebAuthenticationSession
.
We've been running into the same issue for years now, and decided to stick around with custom schemes. (Given that another app cannot hijack a session initiated by our app). We did file a RADAR a couple of years ago with Apple, since we are not getting the callback once the universal link is loaded in some scenarios such as autofilled passwords from keychain. Yet to get a proper response from them.
I do see a new issue raised: https://github.com/openid/AppAuth-iOS/issues/847 , about switching over to a new init
API. has anyone gotten a chance to verify if using this API: https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/init(url:callback:completionhandler:)-6nut7?language=objc makes any difference?
I am facing the same issue.
To investigate whether the problem lies with AppAuth or ASWebAuthenticationSession, I wrote some simple code. I obtained the request URL from OIDAuthorizationRequest and set it as the URL for ASWebAuthenticationSession. I then compared two scenarios: setting the callbackURLScheme
to the scheme of the redirect URL (in this case, https) similar to how it's done in AppAuth, and using the callback: ASWebAuthenticationSession.Callback
with the universal link's host and path, which is available from iOS 17.4 onwards.
The results of the tests showed that using the current callbackURLScheme
specification for ASWebAuthenticationSession did not trigger the completionHandler
and did not work. However, when using the callback: ASWebAuthenticationSession.Callback
specification available from iOS 17.4 onwards, the completionHandler
was called, and it functioned correctly.
From these findings, I understand that AppAuth, which relies on ASWebAuthenticationSession, only works with custom URL schemes.
I verified with the following code.
let authRequest = OIDAuthorizationRequest(...)
let session = ASWebAuthenticationSession(
url: authRequest.authorizationRequestURL(),
callback: ASWebAuthenticationSession.Callback.https(
host: <host>,
path: <path>
)
) { url, error in
// working
}
session.presentationContextProvider = contextProvider
session.start()
let authRequest = OIDAuthorizationRequest(...)
let session = ASWebAuthenticationSession(
url: authRequest.authorizationRequestURL(),
callbackURLScheme: "https"
) { url, error in
// not working
}
session.presentationContextProvider = contextProvider
session.start()
Hi,
Using SFSafariViewController to login and assuming I've setup Universal Link support for my iOS app on my domain, how do I leverage and redirect to my domain using universal login from within SFSafariViewController?