oidc-cordova-demo icon indicating copy to clipboard operation
oidc-cordova-demo copied to clipboard

Published 20 hours ago verified publisher icon markphillips100

Redirect Url for mobile apps

Open layinka opened this issue 7 years ago • 14 comments

Hi, I am trying to follow your example. What/How do i use as redirect_url in a mobile app since the mobile app will no longer have access to https://localhost/oidc

layinka avatar Sep 12 '17 21:09 layinka

For the Cordova implementation, which internally uses InAppBrowser for communicating with an Identity Server, the redirect URI is used to inform the oidc library that the browser session should end and the InAppBrowser should close. It doesn't actually redirect anywhere. So these are arbitrary strings (namespaces if you like) rather than an actual endpoint, hence URI not URL. The namespace must match with what is configured for the client in the Identity Server.

markphillips100 avatar Sep 13 '17 05:09 markphillips100

In case anyone else comes here and is confused about how to implement this. I've gotten this solution to work with in Ionic 2 and Angular 2, but I was confused on how to get this working so I can test in the browser.

I've provided the full typescript code for the oidc provider, and instuctions on how to get this working https://stackoverflow.com/a/47949445/1938988

granthoff1107 avatar Dec 23 '17 03:12 granthoff1107

But when "signinPopupCallback()" is called ??

tomadj avatar May 21 '18 16:05 tomadj

It’s in the login page, look at the answer

granthoff1107 avatar May 21 '18 23:05 granthoff1107

Hi @granthoff1107 ,

Thank's for your answer.

I see in the loginCtrl the function signinPopup() and the callback :

var signin = function () { ngOidcClient.signinPopup().then(function (user) { $log.log("user:" + JSON.stringify(user)); if (!!user) { $log.log('Logged in so going to home state'); $state.go('app.home'); } }); }

But not the signinPopupCallback() function of oidc-client.

Just to be sure, can you confirm me that in this case (cordova mobile app (ionic 2)) the call of the function signinPopupCallback() is not necessary ?

Thank's a lot

tomadj avatar May 22 '18 13:05 tomadj

Go to my stackoverflow question and talk to aesir he opened a question for this on mobile. I haven’t fully test native.

granthoff1107 avatar May 22 '18 15:05 granthoff1107

Ok thank's . I will see with Aesir.

Maybe @markphillips100 can tell me why he hadn't use signinPopupCallback() function ? And if it's normal

tomadj avatar May 22 '18 16:05 tomadj

Inappbrowser just detects for the presence of the redirect Uri that is sent back with the token at the end of the login flow. Once it detects the Uri it is closed and the token details are extracted from the url. The callback is unnecessary in this case. This also means the redirect Uri does not have to be a valid URL, which is one of the reasons this implementation is no longer good practice. You should use auth code flow with pkce instead. Have a look at AppAuth-js. I no longer use oidc-client-js for Cordova apps.

On Wed., 23 May 2018, 2:13 am Thomas Adjadj, [email protected] wrote:

Ok thank's . I will see with Aesir.

Maybe @markphillips100 https://github.com/markphillips100 can tell me why he hadn't use signinPopupCallback() function ? And if it's normal

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/markphillips100/oidc-cordova-demo/issues/4#issuecomment-391050121, or mute the thread https://github.com/notifications/unsubscribe-auth/AF8zNYsyAK3cyASQMalCZbCTFW2zNdyaks5t1DkPgaJpZM4PVRN7 .

markphillips100 avatar May 22 '18 21:05 markphillips100

Ok thank you @markphillips100,

it works with oidc-client, but i will try to use auth code flow with pkce instead.

tomadj avatar May 23 '18 09:05 tomadj

Hi @markphillips100, with your example i could able to perform Sign-in/Sign-out on Cordova based mobile app successfully. But i'm facing issue in method signinSilent() . Actually signinSilent() is not working as expected on Cordova based mobile app, as a result Renew Token is failing, please provide some pointers here. Thanks in advance!

akhileshwar-mishra avatar Mar 11 '19 20:03 akhileshwar-mishra

I'm sorry but I no longer use oidc-client-js for Cordova, or recommend it's use.

On Tue., 12 Mar. 2019, 6:19 am akhileshwar-mishra, [email protected] wrote:

Hi @markphillips100 https://github.com/markphillips100, with your example i could able to perform Sign-in/Sign-out on Cordova based mobile app successfully. But i'm facing issue in method signinSilent() . Actually signinSilent() is not working as expected on Cordova based mobile app, as a result Renew Token is failing, please provide some pointers here. Thanks in advance!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/markphillips100/oidc-cordova-demo/issues/4#issuecomment-471712256, or mute the thread https://github.com/notifications/unsubscribe-auth/AF8zNdS0XnWiYRwc9S6BxGqG7HjbJUQLks5vVrpMgaJpZM4PVRN7 .

markphillips100 avatar Mar 11 '19 23:03 markphillips100

What do you recommend to use instead Sent from my Samsung Galaxy smartphone. -------- Original message --------From: Mark [email protected] Date: 3/11/19 7:26 PM (GMT-05:00) To: markphillips100/oidc-cordova-demo [email protected] Cc: granthoff1107 [email protected], Mention [email protected] Subject: Re: [markphillips100/oidc-cordova-demo] Redirect Url for mobile apps (#4) I'm sorry but I no longer use oidc-client-js for Cordova, or recommend it's

use.

On Tue., 12 Mar. 2019, 6:19 am akhileshwar-mishra, [email protected]

wrote:

Hi @markphillips100 https://github.com/markphillips100, with your

example i could able to perform Sign-in/Sign-out on Cordova based mobile

app successfully. But i'm facing issue in method signinSilent() . Actually

signinSilent() is not working as expected on Cordova based mobile app, as a

result Renew Token is failing, please provide some pointers here. Thanks in

advance!

You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub

https://github.com/markphillips100/oidc-cordova-demo/issues/4#issuecomment-471712256,

or mute the thread

https://github.com/notifications/unsubscribe-auth/AF8zNdS0XnWiYRwc9S6BxGqG7HjbJUQLks5vVrpMgaJpZM4PVRN7

.

—You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/markphillips100/oidc-cordova-demo","title":"markphillips100/oidc-cordova-demo","subtitle":"GitHub repository","main_image_url":"https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/markphillips100/oidc-cordova-demo"}},"updates":{"snippets":[{"icon":"PERSON","message":"@markphillips100 in #4: I'm sorry but I no longer use oidc-client-js for Cordova, or recommend it's\nuse.\n\nOn Tue., 12 Mar. 2019, 6:19 am akhileshwar-mishra, \[email protected]\u003e\nwrote:\n\n\u003e Hi @markphillips100 \u003chttps://github.com/markphillips100\u003e, with your\n\u003e example i could able to perform Sign-in/Sign-out on Cordova based mobile\n\u003e app successfully. But i'm facing issue in method signinSilent() . Actually\n\u003e signinSilent() is not working as expected on Cordova based mobile app, as a\n\u003e result Renew Token is failing, please provide some pointers here. Thanks in\n\u003e advance!\n\u003e\n\u003e —\n\u003e You are receiving this because you were mentioned.\n\u003e Reply to this email directly, view it on GitHub\n\u003e \u003chttps://github.com/markphillips100/oidc-cordova-demo/issues/4#issuecomment-471712256\u003e,\n\u003e or mute the thread\n\u003e \u003chttps://github.com/notifications/unsubscribe-auth/AF8zNdS0XnWiYRwc9S6BxGqG7HjbJUQLks5vVrpMgaJpZM4PVRN7\u003e\n\u003e .\n\u003e\n"}],"action":{"name":"View Issue","url":"https://github.com/markphillips100/oidc-cordova-demo/issues/4#issuecomment-471781185"}}}

[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/markphillips100/oidc-cordova-demo/issues/4#issuecomment-471781185",

"url": "https://github.com/markphillips100/oidc-cordova-demo/issues/4#issuecomment-471781185",

"name": "View Issue"

},

"description": "View this Issue on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]

granthoff1107 avatar Mar 12 '19 03:03 granthoff1107

There are various discussions in the oidc-client-js repo, the main issue being Cordova support. I've referenced Brock's comment which references the IETF draft describing all the reasons why the approach being used (InAppBrowser) is wrong.

The draft recommends using Auth Code flow + PKCE and as far as I know (I could be wrong) that means using AppAuth. However, there's no direct support for Cordova using this library, nor is there any token management functionality. That is left for you as a consumer to implement yourself.

markphillips100 avatar Mar 12 '19 05:03 markphillips100

@granthoff1107 & @akhileshwar-mishra Just to add some insight, this issue in the AppAuth-JS repo will give you good pointers towards a more secure approach, and even references a sample implementation.

I don't personally use the sample code as I wrote my own implementation for a customer - sorry can't release it to open source unfortunately - but the same principles apply i.e. don't use InAppBrowser, use an external user agent.

markphillips100 avatar Mar 12 '19 05:03 markphillips100