search

proyecto26 / react-native-inappbrowser

📱InAppBrowser for React Native (Android & iOS) 🤘
https://www.npmjs.com/package/react-native-inappbrowser-reborn
MIT License
1.29k stars 220 forks source link

Is there a possible way to disable prompt when using openAuth() #384

Closed seco35 closed 1 year ago

seco35 commented 1 year ago

As per the documentation the user is getting a popup dialog to open the authentication screen.

On iOS, the user will be asked whether to allow the app to authenticate using the given url (OAuth flow with deep linking redirection).

Is there a way to avoid this prompt by allowing the app to use a specific link for the authentication beforehand.

The main reason to accomplish that is, that the current workflow is not proper UX. The prompt comes up whenever openAuth() method is called and in my case whenever the user re-opens the app, since I try to re-authenticate using the persisted session after restart. It could easily be done in the background: Using the persisted session to the identity provider (keycloak for my case) the browser opens (with the popup) and redirects the user automatically back to the app using deeplink, since there is no reason for any user input, due to the active session.

To have the prompt always appearing requires user action and prevents the re-authentication in background.

jdnichollsc commented 1 year ago

@seco35 did you try using the ephemeralWebSession option for iOS?

seco35 commented 1 year ago

@seco35 did you try using the ephemeralWebSession option for iOS?

I don't know how this can help me to reach my goal?

As per the doc:

ephemeralWebSession : Prevent re-use cookies of previous session (openAuth only) [true/false]

That's exact the opposite what I'm expecting. I want to use the previous cookie information in order to keep the user signed in. The only thing that I want to prevent from happening is the popup dialog that comes up when opening the inapp browser with the openAuth() method.

To make it more clear, the session stored in the browser persists a restart and all, which is just fine. I have to get these cookie information to the native code (like: access_token, refrrsh_token etc.). The only way to do so is to refresh the session using the inapp browser and redirecting back to the app using deeplink.

When opening the inapp browser by calling the openAuth method, the refresh works using the previous stored cookie, browser closes automatically due to the authenticated user session and provides the information via deeplink. All that works automatically, except for the popup dialog that needs users permission to open the browser for authetication before opening the it. Basically I don't want the user to be a part of this process and have it done in the background.

jdnichollsc commented 1 year ago

@seco35 gotcha, that's not possible from iOS, check below link for more details: https://stackoverflow.com/a/47633537/1532821

jdnichollsc commented 1 year ago

BTW, this article looks great for more details https://developer.okta.com/blog/2022/01/13/mobile-sso