react-native-inappbrowser icon indicating copy to clipboard operation
react-native-inappbrowser copied to clipboard

Published 20 hours ago • verified publisher icon proyecto26

Session is not persistent (cookies are not being stored) on iOS

Open sadikyalcin opened this issue 5 years ago • 4 comments

I'm using a custom flow where I authenticate to OKTA via Drupal. openAuth launches the login screen of my CMS which logs into OKTA, redirect back to Drupal and Drupal re-directs me back to to my application with an access token and a refresh token. The complexity here is being signed into Drupal - which is a requirement. Otherwise I could just use a native flow.

This works perfectly fine on Android but iOS doesn't seem to store the session or any cookies. When I open a CMS link or openAuth again, I am not logged in.

To make it more clear;

  • openAuth opens the oauth url for Drupal
  • I sign in and I'm authenticated with Drupal
  • Drupal redirects to my deeplink with the tokens
  • I grab the tokens from the deeplink and complete the process

Now, when I open a page on Drupal, I'm not authenticated. If I open the auth page again, I'm not authenticated and have to login again.

Perhaps ephemeralWebSession isn't doing anything...

Which platform(s) does your issue occur on?

  • iOS
  • 11.4 - 13.4
  • Emulator & physical device

Please, provide the following version numbers that your issue occurs with:

  • CLI: 2.0.1
  • Plugin(s): 3.4.0

Please, tell us how to recreate the issue in as much detail as possible.

  • openAuth and sign in to your provider
  • call openAuth again or visit a URL you should be authenticated to

Is there any code involved?

InAppBrowser.openAuth(url, deeplink, {
    // iOS Properties
    ephemeralWebSession: false,
    // Android Properties
    showTitle: false,
    enableUrlBarHiding: true,
    enableDefaultShare: false,
})

sadikyalcin avatar Jun 04 '20 11:06 sadikyalcin

This native option is false by default https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/3237231-prefersephemeralwebbrowsersessio?language=objc More details here https://developer.apple.com/documentation/authenticationservices/authenticating_a_user_through_a_web_service#3395310

Do you see any issue with the native code? or please let me know if you find any official docs to handle this issue

jdnichollsc avatar Jun 04 '20 14:06 jdnichollsc

Sorry I don't really know objective-c. I don't see anything wrong with the logic however. It's only being set if the value is defined - put a NSLog to test it.

if (ephemeralWebSession) {
    //Prevent re-use cookie from last auth session
    webAuthSession.prefersEphemeralWebBrowserSession = true;
}

Going to test iOS 12 to see what's going on pre iOS 13. Will let you know if I get anywhere.

sadikyalcin avatar Jun 04 '20 15:06 sadikyalcin

iOS 12 is the same. So, openAuth will not store any details (I'm always anonymous) and does not share any details with the InAppBrowser. I tried using Safari but Apple rejected my app for poor UX.

sadikyalcin avatar Jun 08 '20 09:06 sadikyalcin

Let me check here https://github.com/openid/AppAuth-iOS/issues/120#issuecomment-314492127

jdnichollsc avatar Jun 08 '20 14:06 jdnichollsc