cookies
cookies copied to clipboard
react-native-cookies
Single sign on between mobile app and webview using okta
Hello, guys!
I'm trying to make a SSO, that is access a secured webpage (with webview) from mobile app passing the session cookie obtained from okta's authorize call.
I make the authorize request using the fetch fetchPolyfill from whatwg-fetch, so it automatically sets the session cookie I need and I can access my webpage normally in android. But it's not working in ios!
I tried to see the differences between both cookies using the RN cookies library, and I saw that the android version has the same cookies for my okta's url both using webkit and not, while the ios version have it only in one of them. So I tried to get and set the cookies from one to another to copy android behavior, but still not working in ios.
My guess is that the fetch/webview relation saves and reads the httpOnly session cookies from same native cookie storage, while not in ios. Can you point me some guidance to handle this?
I have a similar use case and need a solution also. Please, can anyone give some help on this?
UP! Here in my company we are looking for this same solution. I think this should be a common use case and I believe it would bring a lot of value if someone could give some guidance on how to make it work.
I see the ios is missing the sid cookie session id, why is this happening?
I wrote a piece on extracting cookies. Sometimes it takes some WebView magic to get the cookies you want, https://dev.to/safaiyeh/react-native-authentication-with-webview-1nh let me know if this helps
Hello, @safaiyeh , thanks for your reply!
I read your article and it really helped me to understand some concepts about the cookie management.
From there, you made login already using the website with the webview. In my use case, I need to use a native login page. I have login and home native scenes, and from there I need to call a webpage that is secured by okta. So I need to do the opposite flow, pass my session cookie from native to web to maintain logged in without needing to do it again.
With the react native cookies library, I saw that I get four cookies after getting the native session in android, beeing one of them the session id. In ios, I can't see this specific cookie. I dont know if it is hidden/missing (and because of this I cannot succeed) or if something related with the fetch/webview in ios (and the new/old native cookie storage) is not considering session cookies.
I saw that there is recent topics asking for this specific use case, mainly I can show you are those https://stackoverflow.com/questions/68148629/on-ios-missing-session-cookies-used-react-native-webview https://github.com/react-native-webview/react-native-webview/issues/2067 https://github.com/react-native-webview/react-native-webview/issues/897 https://stackoverflow.com/questions/49038243/react-native-webview-missing-session-cookies-on-ios https://stackoverflow.com/questions/26573137/can-i-set-the-cookies-to-be-used-by-a-wkwebview
And because the session cookie is httponly it appears that I cant manipulate it freely using javascript because of security reasons. If the cookie is there but I cant see, maybe a method to natively sync both cookie storage in ios would help, but I dont know for sure. Do you have any idea what I can do to solve this problem? It would be of great value to many developers make their custom auth native/website projects work!
I found a setup that solved for both android and ios
For ios, just make the okta custom login and call the webview with sharedCookiesEnabled={true}. If you call the okta /authorize needed for android, it sets wrong cookies and it does not work. So just the custom login sets the right cookies.
For android, just call the /authorize endpoint passing the session token solves the problem.
So, you need to call /authorize only for android with the Platform.OS and set webviews with sharedCookiesEnabled={true}.
I used getAllCookies to get cookies from wkwebview, like this
https://github.com/react-native-webview/react-native-webview/issues/2067#issuecomment-887564850
