You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/04/05 20:15:00 UTC

[jira] [Commented] (CB-14013) cordova-plugin-inappbrowser support for custom URL schemes, as needed for oAuth

    [ https://issues.apache.org/jira/browse/CB-14013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16427528#comment-16427528 ] 

ASF GitHub Bot commented on CB-14013:
-------------------------------------

SailingSteve opened a new pull request #263: CB-14013: (android) Change the InAppBrowser to allow custom schemes for oAuth
URL: https://github.com/apache/cordova-plugin-inappbrowser/pull/263
 
 
   <!--
   Please make sure the checklist boxes are all checked before submitting the PR. The checklist
   is intended as a quick reference, for complete details please see our Contributor Guidelines:
   
   http://cordova.apache.org/contribute/contribute_guidelines.html
   
   Thanks!
   -->
   
   ### Platforms affected
   Android
   
   ### What does this PR do?
   Allows oAuth redirects that return to Android with custom schemes like "twitter://code=nnn" to be
   acted on by the InAppBrowser.  This is needed for oAuth 2.0 flow.
   
   Here is my actual working JavaScript app code from [https://github.com/WeVote/WebApp/blob/develop/src/js/components/Twitter/TwitterSignIn.jsx](https://github.com/WeVote/WebApp/blob/develop/src/js/components/Twitter/TwitterSignIn.jsx)
   ```
             inAppBrowserRef.addEventListener('customscheme', function (event) {
               oAuthLog("customscheme: ", event.url);
               TwitterSignIn.handleTwitterOpenURL(event.url);
   
               //inAppBrowserRef.close();
             });
   ```
   
   You configure the allowable schemes in a comma separated list in a new preference.  This implements whitelisting for the allowed schemes, but doesn't use the Cordova Whitelist plugin -- this approach seemed much simpler and safer.
   
   See my actual config.xml at [https://github.com/wevote/WeVoteCordova/blob/master/config.xml](https://github.com/wevote/WeVoteCordova/blob/master/config.xml)
   ```   
      <preference name="AllowedSchemes" value="mycoolapp,wevotetwitterscheme" />
   ```
   
   ### What testing has been done on this change?
   It has been tested and is working in my app  [https://github.com/wevote/WeVoteCordova](https://github.com/wevote/WeVoteCordova).  I tested to make sure that single and multiple schemes in the "AllowedSchemes" preference worked as expected. 
   
   ### Checklist
   - [x] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database
   - [x] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB-xxxx is the JIRA ID & "android" is the platform affected.
   - [ ] Added automated test coverage as appropriate for this change.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> cordova-plugin-inappbrowser support for custom URL schemes, as needed for oAuth
> -------------------------------------------------------------------------------
>
>                 Key: CB-14013
>                 URL: https://issues.apache.org/jira/browse/CB-14013
>             Project: Apache Cordova
>          Issue Type: New Feature
>          Components: cordova-plugin-inappbrowser
>    Affects Versions: cordova@7.0.0
>            Reporter: Steve Podell
>            Priority: Major
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>
> A very common usage of the inappbrowser is to open a URL to the apps server, as part of the oAuth flow.  After a secure token is created, the final step in the oAuth flow is to redirect back to the Cordova app, to proceed as authenticated.  At the WeVote open source project we use this to authenticate with Twitter and Facebook, other projects want to authenticate with Google, Whatsapp, Skype, etc. 
> There is a package for React Native react-native-oauth that does this, and I was able to get oAuth working for iOS with cordova-plugin-safariviewcontroller, but there is nothing that is stable, maintained, and working that is equivalent for Android.
> A pull request will follow that uses whitelisted schemes to allow the oAuth redirect to complete through the InAppBrowser.  It is a fairly simple code change, that leads to a simple end user implementation, that should be widely appreciated (based on years of mostly unfulfilled Stack Overflow chatter.)
>  
> This PR builds on  [https://github.com/apache/cordova-plugin-inappbrowser/pull/99] and [https://github.com/apache/cordova-plugin-inappbrowser/pull/261] and builds on a good suggestion from *[NGumby|https://github.com/NGumby]* and comments about viability from *[infil00p|https://github.com/infil00p]*
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org