Authentication prompt not happening in inappbrowser about cordova-plugin-inappbrowser HOT 21 CLOSED

Correct, its a basic authentication.

from cordova-plugin-inappbrowser.

Does the prompt work in the normal Android browser?
In other browsers like Firefox for Android?

from cordova-plugin-inappbrowser.

Yes, I have opened the same in android chrome browser its showing prompt to enter the credentials.

The same i opened in firefox its prompt for signIn But i noticed one thing which is a text saying as The site says: "Protect:/"

from cordova-plugin-inappbrowser.

But i noticed one thing which is a text saying as The site says: "Protect:/"

Huh? Can you provide a screenshot?

Seems to me cordova-plugin-inappbrowser is not configured to prompt for authentication passwords. One reason could be to avoid users entering credentials in a way they don't intent to?

Is this only on Android or also on iOS?

You will have to find out how InAppBrowser creates the webview to display the pages, then see if there is a configuration option for that code to enable or disable the authentication prompts. Maybe this has to be added to this plugin via a Pull Request.

from cordova-plugin-inappbrowser.

Yes in IOS also i have verified its prompting in safari browser, but when i check in app using _blank i see only IOS loader screen not prompting signIn screen.

from cordova-plugin-inappbrowser.

but when i check in app using _blank i see only IOS loader screen not prompting signIn screen.

What does that mean exactly? Can you provide a screenshot?

Are you opening the page with the password prompt directly in InAppBrowser? Try opening a normal HTML page first that is not behind a password, then add a link to the page and click it. Is the behavior different?

from cordova-plugin-inappbrowser.

Above is the screenshot for IOS. Coming to the scenario, I am loading inappbrowser on a click event

function openBrowser() {
    showHelp(url);
}
var inAppBrowserRef;
var cookies;
var interval;
function showHelp(url) {

    var target = "_blank"; //_blank   _self  _system
    // var options = "location=no,hidden=yes;clearcache=yes;clearsessioncache=yes;";
    var options = "location=no,hidden=yes;";
    console.log('Opening Inapp browser ');
    inAppBrowserRef = cordova.InAppBrowser.open(url, target, options);
    inAppBrowserRef.addEventListener('loadstart', loadStartCallBack);
    inAppBrowserRef.addEventListener('loadstop', loadStopCallBack);
    inAppBrowserRef.addEventListener('loaderror', loadErrorCallBack);
    inAppBrowserRef.show();
}

i have opened a normal html which is google.com it is opening properly. i have loaded gmail it is also loaded properly. The only problem is when a server is directly requesting to signIn in order to access for a webpage.

from cordova-plugin-inappbrowser.

Ok. Please create a webpage linking to the protected one and open that in InAppBrowser, then click the link. Test in both iOS and Android.

If that also has the same behavior, the only solution will be to do what I described in the last paragraph of #282 (comment)

By the way:
Do you actually want your users to enter a username/password combination for that URL?
Or do you want to hardcode the credentials in the app and have the page directly accessible?

from cordova-plugin-inappbrowser.

Yes, the page will return few info regarding the loggedIn by specific user and it is not hardcode credentials. I have tried the above mentioned scenario also and it behave the same. But finally i found some info which the pop-up raised because of Windows based authentication which is not a webpage authentication. Please check the below link for sample windows based authentication.

Windows Based Authentication

from cordova-plugin-inappbrowser.

No, the popup you are seeing looks like a normal "Basic authentication" - how this works in the backend doesn't matter. You can check the response headers in your browser's dev tools network panel to see if it contains WWW-Authenticate: Basic

from cordova-plugin-inappbrowser.

Ok, good to be sure.

Next thing to try: Do the URLs work if you supply the username and password in the URL: https://username:[email protected]/page. If that does, it might offer a workaround you could use. But try this first. (Should also work in desktop)

from cordova-plugin-inappbrowser.

I have tried it but results no change, its again redirecting to the login screen and prompts for credentials.

from cordova-plugin-inappbrowser.

Okay, so supplying credentials via the URL is also a no go by default. (Tested iOS and Android?)

Can you maybe move the authentication to a different method, not Basic Auth but a login form?

from cordova-plugin-inappbrowser.

No positive by adding credentials via url. Is there any other approach.

from cordova-plugin-inappbrowser.

No positive by adding credentials via url.

Tested both iOS and Android?
(I need an explicit answer before moving on to the next thing to try - otherwise we might miss a simple solution)

Is there any other approach.

See my previous comment:

Can you maybe move the authentication to a different method, not Basic Auth but a login form?

from cordova-plugin-inappbrowser.

Yes, i have tested in Android and IOS results same error.
I have created a form authentication, its working properly and i can get the required token.

from cordova-plugin-inappbrowser.

Token? Please elaborate.

from cordova-plugin-inappbrowser.

Ok, after some googling:

1. This exists to solve this specific problem: https://github.com/MicrosoftArchive/cordova-plugin-auth-dialog Unfortunately it is not very well maintained and outdated, but there are multiple forks with additional commit like e.g. https://github.com/michael79bxl/cordova-plugin-auth-dialog. Problem: The docs say this does not work in InAppBrowser, but I am not sure this is actually true (I found issues and comments that indicate that it indeed does work on Android, but maybe not on iOS).

2. Another "hack" that could work if there is only 1 page, and no links to other pages on it:
   Create a simple website with a form that accepts username and password. When submitting this form, the "proxy" script takes the credentials and requests the correct website with the Authorization header directly, and return the HTML of the original page to the InAppBrowser which can then display it. (If there are more links on the page, one could also replace them with a different URL that again uses the "proxy" to get the original page with the credentials, modify the links and return to the browser.

3. If you want to work on the InAppBrowser plugin yourself, this might give you some ideas (at least for Android): https://stackoverflow.com/questions/38369522/inapp-browser-basic-authentication-not-working + https://stackoverflow.com/questions/36041760/open-inappbrowser-with-authorization-header

from cordova-plugin-inappbrowser.

On authentication success i will get user information along with user access token.

from cordova-plugin-inappbrowser.

Oh, so the whole point was to get an authentication token via username + password, not load actual content in the InAppBrowser?

from cordova-plugin-inappbrowser.

Perfect.

from cordova-plugin-inappbrowser.