-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: added support for webview as a provider for webauth #875
Conversation
App/ViewController.swift
Outdated
@@ -27,13 +27,15 @@ class ViewController: UIViewController { | |||
@IBAction func login(_ sender: Any) { | |||
Auth0 | |||
.webAuth() | |||
.useWebViewProvider() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest adding a new static func to the WebAuthentication
struct like https://github.com/auth0/Auth0.swift/blob/master/Auth0/SafariProvider.swift#L37, as that:
- Follows the existing pattern in use for web providers
- Avoids adding new
useX()
methods that have the disadvantage of being mutually exclusive (e.g. these can be chained and it's not clear which one will end up being used)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agreed, changed accordingly
Auth0/Auth0WebAuth.swift
Outdated
#if os(iOS) | ||
private(set) var useWebViewProvider = false | ||
private(set) var webViewProviderPresentationStyle: UIModalPresentationStyle = .fullScreen | ||
#endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using a func like https://github.com/auth0/Auth0.swift/blob/master/Auth0/SafariProvider.swift#L37 also has the advantage of being on its own (gated) file, so there's no need to have these conditionals here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed accordingly
Auth0/Auth0WebAuth.swift
Outdated
let provider = self.provider ?? WebAuthentication.asProvider(redirectURL: redirectURL, | ||
ephemeralSession: ephemeralSession) | ||
|
||
#if os(iOS) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed accordingly
Auth0/WebAuthError.swift
Outdated
case .webViewNavigationFailed: return "An error occured during a committed main frame navigation of WebView" | ||
case .webViewProvisionalNavigationFailed: return "An error occured while starting to load data for the main frame of WebView" | ||
case .webViewContentProcessTerminated: return "WebView's content process is terminated." | ||
case .webViewResourceLoadingStopped: return "WebView's resource loading has been stopped" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
case .webViewNavigationFailed: return "An error occured during a committed main frame navigation of WebView" | |
case .webViewProvisionalNavigationFailed: return "An error occured while starting to load data for the main frame of WebView" | |
case .webViewContentProcessTerminated: return "WebView's content process is terminated." | |
case .webViewResourceLoadingStopped: return "WebView's resource loading has been stopped" | |
case .webViewNavigationFailed: return "An error occurred during a committed main frame navigation of the WebView." | |
case .webViewProvisionalNavigationFailed: return "An error occurred while starting to load data for the main frame of the WebView." | |
case .webViewContentProcessTerminated: return "The WebView's content process was terminated." | |
case .webViewResourceLoadingStopped: return "The WebView's resource loading was stopped." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated accordingly
Auth0/WebViewProvider.swift
Outdated
} | ||
|
||
extension WebViewUserAgent { | ||
var topViewController: UIViewController? { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We already have this logic here: https://github.com/auth0/Auth0.swift/blob/master/Auth0/SafariProvider.swift#L50-L77
Maybe we can put it in some kind of shared helper (e.g. an internal static var added to UIWindow
–analogous to rootViewController
)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agreed, moved this to a shared helper
Auth0/WebViewProvider.swift
Outdated
|
||
static let customSchemeRedirectionSuccessMessage = "com.auth0.webview.redirection_success" | ||
static let customSchemeRedirectionFailureMessage = "com.auth0.webview.redirection_failure" | ||
let defaultSchemesSupportedByWKWebview = ["http", "https"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest checking with somebody from the security team if we should be supporting http
schemes here (vs https
only), e.g. when using an authorize URL override that proxies to Auth0.
Auth0/WebViewProvider.swift
Outdated
NSLocalizedDescriptionKey: "WebViewProvider: WKURLSchemeHandler: Webview Resource Loading has been stopped" | ||
]) | ||
urlSchemeTask.didFailWithError(error) | ||
self.finish(with: .failure(WebAuthError(code: .webViewResourceLoadingStopped))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this error case be userCancelled
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, updated accordingly
Co-authored-by: Rita Zerrizuela <[email protected]>
I've tested this on my local branch and it still does not fix my webview issue. |
Hi @fal3, Can you please share more details about the webview issue you are running into ? |
9e5fe87
to
405d22b
Compare
We get this simulator crash 👇 . Which is also related to this incident |
@fal3, I would like to clarify that this pull request is not intended to address the issue you mentioned. Additionally, regarding the crash you are experiencing, could you please confirm if you were able to reproduce this issue on a real device as well? |
I can confirm that this issue happens only on simulator. |
} | ||
|
||
describe("initialization") { | ||
it("should initialize with correct parameters") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we add a test case that uses returnTo
instead of redirect_uri
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, added it now
Co-authored-by: Rita Zerrizuela <[email protected]>
…in case of webviewprovider
Co-authored-by: Rita Zerrizuela <[email protected]>
📋 feat: added support for webview as a provider for webauth
WKWebView
as a User Agent for WebAuthentication along withASWebAuthenticationSession
&SFSafariViewController
Checklist
🎯 Testing