Giters

capacitor-community / generic-oauth2

Generic Capacitor OAuth 2 client plugin. Stop the war in Ukraine!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Feat: support universal links on iOS

raphael-yapla opened this issue · comments

commented

Describe the Feature

As recommended by the OAuth 2.0 for Native Apps RFC claimed "https" scheme redirect URIs (or app links on Android/iOS) should be favoured for security reasons as they guarantee the domain ownership.

App-claimed "https" scheme redirect URIs have some advantages
compared to other native app redirect options in that the identity of
the destination app is guaranteed to the authorization server by the
operating system. For this reason, native apps SHOULD use them over
the other options where possible.

I got it working on Android using the following AndroidManifest.xml configuration:

<activity android:name="net.openid.appauth.RedirectUriReceiverActivity" android:exported="true">
    <intent-filter android:autoVerify="true">
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="https" android:host="your.domain.com" android:path="/login"/>
    </intent-filter>
</activity>

But on iOS I'm facing an issue when using an associated domain, the redirection is not caught because I think that the handler is not listening on the right event:

public override func load() {
    NotificationCenter.default.addObserver(self, selector: #selector(self.handleRedirect(notification:)), name: .capacitorOpenURL, object: nil)
    registerHandlers()
}

capacitorOpenURL is called for custom scheme links but for universal links a different application signature is called in the AppDelegate.swift which in turn calls the capacitorOpenUniversalLink notification instead.

Platform(s) Support Requested

  • iOS

Describe Preferred Solution

I've opened a PR with a simple fix, by registering the capacitorOpenUniversalLink notification observer the same way it's done with capacitorOpenURL the redirection is handled properly. So something like this:

public override func load() {
    NotificationCenter.default.addObserver(self, selector: #selector(self.handleRedirect(notification:)), name: .capacitorOpenURL, object: nil)
    NotificationCenter.default.addObserver(self, selector: #selector(self.handleRedirect(notification:)), name: .capacitorOpenUniversalLink, object: nil)
    registerHandlers()
}

Describe Alternatives

Not sure if there are any unfortunately 🤷

Thank you for all the work on this package!