IOS Facebook app inner browser, popup redirected back not working (OAuth 2.0 Facebook)

[alonle]

Steps to reproduce:

1. Share the https://satellizer.herokuapp.com on your Facebook wall/page.
2. Open the Facebook app on your IOS (Iphone/Ipad) and click the link.
3. Facebook app is opening the link in the inner browser.
4. Try to login with Facebook or Google.
5. You can see you are redirected to the home page with ?code= parameter. The result is that the user is not logged in!!!

This scenario is working on the Facebook Android app. Any idea?

[rafaelbusetti]

I have same error in IPAD 7.0.4 (Safari)

1 - Open https://satellizer.herokuapp.com in Safari

2 - Click login

3 - After logging this "popup" not close, but if I click on the first tab (step 2), its close (same error in Twitter).

4 - And show logged

---

Twitter and Google Plus has the same error in mobile (IPAD). Need click in tab for authenticate.

In desktop works.

[hendricius]

Same issue here on mobile safari.

How can we help to fix this issue?

[jdariasl80]

+1

[aito0077]

+1

[mikepc]

+4

[kiro64]

+1

[sahat]

@alonle and others, are you all using iOS 7? May be related to this unresolved issue. https://github.com/sahat/satellizer/issues/450

I haven't figured out why .close() method does not work on iOS <= 7 but works everywhere else.

[mikepc]

I'm on an iPhone 6+ running iOS 9.2, also I've seen similar issues on Droid as well. Pretty much broken on Mobile platforms. In optimal conditions on fast networks it seems to be ok, but with any latency at all it falls apart, often taking 6+ attempts to succeed.

[kiro64]

I'm on iPhone 5s running IOS 9.2 testing with Safari and Opera Mobile using Wi-Fi and LTE network doesn't work at all, You can visit my site and see it via mobile at http://www.ticketdee.com/mu/login

[sahat]

I see the problem ok @kiro64's website, but could not reproduce it on http://satellizer.herokuapp.com. I wonder if this Graph API 2.5-related, because my app from 2014 is still on API 2.2. But then someone reported this issue for Google+ as well.

As much as I would like to fix this problem, it won't be possible until I can reproduce it myself, without that there is no way for me to know what is causing it and what needs to be done to resolve it.

@mikepc or @kiro64 If you don't mind, we can schedule a TeamViewer or Google Hangouts session one of these evenings to debug this issue.

[mikepc]

Awesome! This week is pretty clear for me, anytime after 7 PST or after 6 on Wed, Th, F

Sent from Outlook Mobile

On Sat, Jan 2, 2016 at 4:43 PM -0800, "Sahat Yalkabov" notifications@github.com wrote:

I see the problem ok @kiro64's website, but could not reproduce it on http://satellizer.herokuapp.com. I wonder if this Graph API 2.5-related, because my app from 2014 is still on API 2.2. But then someone reported this issue for Google+ as well.

As much as I would like to fix this problem, it won't be possible until I can reproduce it myself, without that there is no way for me to know what is causing it and what needs to be done to resolve it.

@mikepc or @kiro64 If you don't mind, we can schedule a TeamViewer or Google Hangouts session one of these evenings to debug this issue.

— Reply to this email directly or view it on GitHub.

[sahat]

This seems like a deja vu (similar to a case a few months ago), @kiro64 I think I know why it is happening in your particular case.

Let's assume you set up your Callback URL on Facebook to be http://www.ticketdee.com. When I authorize to share my profile information, Facebook will redirect the popup to http://www.ticketdee.com?code=SOME_RANDOM_STRING.

Immediately, your app is causing a redirect from http://www.ticketdee.com?code=SOME_RANDOM_STRING to http://www.ticketdee.com/voucher/list, completely destroying the code parameter in the process.

And since there is no code, access_token or error parameters in the URL, popup remains open while Satellizer keeps polling it and won't close the popup until one of the above query params is present.

[mikepc]

Are we both using ui-router? Could that be causing an issue?

Sent from Outlook Mobile

On Sat, Jan 2, 2016 at 5:01 PM -0800, "Sahat Yalkabov" notifications@github.com wrote:

This seems like a deja vu, @kiro64 I think I know why it is happening in your particular case.

Let's assume you set up your Callback URL on Facebook to be http://www.ticketdee.com. When I authorize to share my profile information, Facebook will redirect the popup to http://www.ticketdee.com?code=SOME_RANDOM_STRING.

Immediately, your app is causing a redirect from http://www.ticketdee.com?code=SOME_RANDOM_STRING to http://www.ticketdee.com/voucher/list, completely destroying the code parameter in the process.

And since there is no code, access_token or error parameters in the URL, popup remains open while Satellizer keeps polling it and won't close the popup until one of the above query params is present.

— Reply to this email directly or view it on GitHub.

[sahat]

@mikepc The sample project uses ui-router as well, so I don't think that's the issue.

[mikepc]

Our problem sounds identical though and exactly what I saw in debugging but I couldn't trap exactly where/why the redirect was happening

Sent from Outlook Mobile

On Sat, Jan 2, 2016 at 5:04 PM -0800, "Sahat Yalkabov" notifications@github.com wrote:

@mikepc The sample project uses ui-router as well, so I don't think that's the issue.

— Reply to this email directly or view it on GitHub.

[mikepc]

Jet are you using HTML5 mode too? The example site isn't in html5mode that's another difference.

On Sat, Jan 2, 2016 at 5:09 PM, Michael Draper mdraper@gmail.com wrote:

Our problem sounds identical though and exactly what I saw in debugging but I couldn't trap exactly where/why the redirect was happening

Sent from Outlook Mobile https://aka.ms/qtex0l

On Sat, Jan 2, 2016 at 5:04 PM -0800, "Sahat Yalkabov" < notifications@github.com> wrote:

@mikepc https://github.com/mikepc The sample project uses ui-router as

well, so I don't think that's the issue.

— Reply to this email directly or view it on GitHub https://github.com/sahat/satellizer/issues/645#issuecomment-168447862.

[mikepc]

Yes, yes he is. I thought at first he wasn't but navigating around his app and he IS using HTML5 mode.

On Sat, Jan 2, 2016 at 6:42 PM, Michael Draper mdraper@gmail.com wrote:

Jet are you using HTML5 mode too? The example site isn't in html5mode that's another difference.

On Sat, Jan 2, 2016 at 5:09 PM, Michael Draper mdraper@gmail.com wrote:

Our problem sounds identical though and exactly what I saw in debugging but I couldn't trap exactly where/why the redirect was happening

Sent from Outlook Mobile https://aka.ms/qtex0l

On Sat, Jan 2, 2016 at 5:04 PM -0800, "Sahat Yalkabov" < notifications@github.com> wrote:

@mikepc https://github.com/mikepc The sample project uses ui-router as

well, so I don't think that's the issue.

— Reply to this email directly or view it on GitHub https://github.com/sahat/satellizer/issues/645#issuecomment-168447862.

[mikepc]

I am noticing the /?code= is getting passed to node and not being handled by angular, going to crank up the interval (setting it to 10) to see if that will make a difference.

Sent from Outlook Mobile

On Sat, Jan 2, 2016 at 5:04 PM -0800, "Sahat Yalkabov" notifications@github.com wrote:

@mikepc The sample project uses ui-router as well, so I don't think that's the issue.

— Reply to this email directly or view it on GitHub.

[mikepc]

I believe I found the culprit.

if (window.location.hash && window.location.hash === '#=') { if (window.history && history.pushState) { window.history.pushState('', document.title, window.location.pathname); } else { // Prevent scrolling by storing the page's current scroll offset var scroll = { top: document.body.scrollTop, left: document.body.scrollLeft }; window.location.hash = ''; // Restore the scroll offset, should be flicker free document.body.scrollTop = scroll.top; document.body.scrollLeft = scroll.left; } }

This code was there as a leftover from the old session-based auth system, and it was facehumping satellizer. It really looks we are mission: Go.

Sahat, I can't tell you how much I appreciate you looking at this. I'm so sorry that I bothered you with this, I figured it out early this morning (like 1 AM). I had all sales guys pound login and everything passed. So relieved!

Keeping rocking man, and fly safe!

On Sat, Jan 2, 2016 at 9:08 PM, Michael Draper mdraper@gmail.com wrote:

I am noticing the /?code= is getting passed to node and not being handled by angular, going to crank up the interval (setting it to 10) to see if that will make a difference.

Sent from Outlook Mobile https://aka.ms/qtex0l

On Sat, Jan 2, 2016 at 5:04 PM -0800, "Sahat Yalkabov" < notifications@github.com> wrote:

@mikepc https://github.com/mikepc The sample project uses ui-router as

well, so I don't think that's the issue.

— Reply to this email directly or view it on GitHub https://github.com/sahat/satellizer/issues/645#issuecomment-168447862.

[kiro64]

I'm still have a problem, @sahat i try to check out what's happen in satellizer.js when running with safari on iPhone, and found the problem is in Popup.pollPopup function. it not return resolve promise and cause safari redirect immediately. hope this might help you.

*if you wanna try to debug in my site, connect your iPhone with laptop and go to http://dev.ticketdee.com/mu/login and debug in satellizer.js

i can team view or hangout when ever you're ready, but i'm not quit good in english

@mikepc yes, i'm using UI-Router and Html5Mode and glad that you're find and fix the problem

[danielscw]

+1 for the same problem inside iOS Facebook app as @alonle described Worked fine in safari and chrome but not in Facebook in app browser

[danielscw]

After doing some more research, find out that the $window.open function inside satellizer.popup returns undefined in Facebook's in-app browser. Not sure about if this is designed on purpose as if I set the window option from _blank to _self it returned the correct window object. Any suggestion on how to resolve this?

[kiro64]

@danielscw i posted solution about this problem in this post, hope it would help you https://github.com/sahat/satellizer/issues/674#issuecomment-173580908