capacitor-community / generic-oauth2

Generic Capacitor OAuth 2 client plugin. Stop the war in Ukraine!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

I am not able to hide URL bar

jdpsah93 opened this issue · comments

Capacitor version:

Run npx cap doctor:

Latest Dependencies:

  @capacitor/cli: 5.4.1
  @capacitor/core: 5.4.1
  @capacitor/android: 5.4.1
  @capacitor/ios: 5.4.1

Installed Dependencies:

  @capacitor/cli: 4.3.0
  @capacitor/core: 4.3.0
  @capacitor/android: 4.3.0
  @capacitor/ios: 4.3.0

[success] iOS looking great! 👌

Library version:

  • 3.0.1

OAuth Provider:

  • Azure AD (B2C)

Your Plugin Configuration

{
    export const oAuthConfig = {
  oauth2Options: {
    appId: environment.clientId,
    authorizationBaseUrl: `${environment.authority}/oauth2/v2.0/authorize?prompt=login`,
    scope: 'user.read openid profile offline_access',
    accessTokenEndpoint: `${environment.authority}/oauth2/v2.0/token`,
    resourceUrl: 'https://graph.microsoft.com/v1.0/me/',
    responseType: 'code',
    pkceEnabled: true,
    logsEnabled: true,
    web: {
      redirectUrl: environment.redirectUriWeb,
      windowOptions: 'height=600,left=0,top=0'
    },
    android: {
      redirectUrl: environment.redirectUri,
      additionalParameters: {
        location: 'yes',
        clearcache: 'yes',
        clearsessioncache: 'yes',
        hidenavigationbuttons: 'yes',
        hideurlbar: 'yes',
        fullscreen: 'yes',
        zoom: 'no'
      }
    },
    ios: {
      pkceEnabled: true,
      redirectUrl: environment.redirectUri
    }
  },
  oauth2RefreshOptions: {
    appId: environment.clientId,
    accessTokenEndpoint: `${environment.authority}/oauth2/v2.0/token`,
    refreshToken: '',
    scope: 'user.read openid profile offline_access'
  },
  logoutBaseUrl: `${environment.authority}/oauth2/v2.0/logout?post_logout_redirect_uri=${environment.postLogoutRedirectUri}&client_id=${environment.clientId}`
};
}

Affected Platform(s):

  • Android
    • Version/API Level: 13
    • Device Model: Google Pixel 6a
    • Content of your AndroidManifest.xml
 <?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
   package="com.my.sit">

   <application
       android:allowBackup="false"
       android:icon="@mipmap/ic_launcher"
       android:label="@string/app_name"
       android:roundIcon="@mipmap/ic_launcher_round"
       android:supportsRtl="true"
       android:theme="@style/AppTheme">

       <activity
           android:configChanges="orientation|keyboardHidden|keyboard|screenSize|locale|smallestScreenSize|screenLayout|uiMode"
           android:name="com.my.MainActivity"
           android:label="@string/title_activity_main"
           android:theme="@style/AppTheme.NoActionBarLaunch"
           android:launchMode="singleTask"
           android:exported="true">

           <intent-filter>
               <action android:name="android.intent.action.MAIN" />
               <category android:name="android.intent.category.LAUNCHER" />
           </intent-filter>
           <intent-filter>
               <action android:name="android.intent.action.VIEW" />
               <category android:name="android.intent.category.DEFAULT" />
               <category android:name="android.intent.category.BROWSABLE" />
               <data android:scheme="@string/custom_url_scheme" android:host="oauth" />
           </intent-filter>
           <intent-filter>
               <action android:name="android.intent.action.SEND" />
               <category android:name="android.intent.category.DEFAULT" />
               <data android:mimeType="text/*" />
           </intent-filter>
       </activity>

       <provider
           android:name="androidx.core.content.FileProvider"
           android:authorities="${applicationId}.fileprovider"
           android:exported="false"
           android:grantUriPermissions="true">
           <meta-data
               android:name="android.support.FILE_PROVIDER_PATHS"
               android:resource="@xml/file_paths"></meta-data>
       </provider>
   </application>

   <!-- Permissions -->

   <uses-permission android:name="android.permission.INTERNET" />
   <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
   <uses-permission android:name="android.permission.POST_NOTIFICATIONS"/>
   <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
   <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
</manifest>

Current Behavior

Once azure login opens in browser, it shows URL bar with share button which user can share through any other app.

Expected Behavior

URL bar with share button should be hidden for security purpose while running in native device.
Screenshot_20231003-201747

Sample Code or Sample Application Repo

Reproduction Steps

Other Information

As far as I can tell, this was never possible. Even on the latest version of the lib I get the address bar e.g. for Google auth. I myself have no time to do this feature request in 2023 but I'm happy to accept a PR