capacitor-community / generic-oauth2 Goto Github PK

Please, close this issue.

I set up Facebook and Google for Android. Facebook works as expected. However, with Google, after I've selected which account to connect, it then asks me to choose which app to go back to. It lists the correct app, but it lists it twice for some reason. Selecting one completely reopens the app, and so the connection doesn't work. Selecting the other takes you back to the open app and it DOES work.

The screenshot shows it split based on which I had previously selected but the first time it asked me it showed both in a list, both with app.temployee.app as the package name

Do you have any idea what I could be doing wrong?

I am trying to migrate from cordova-plugin-googleplus. In the previous plugin the response I was getting from logging in with google included an idToken which I sent to my server and obtained a refresh_token and the issuer additionally to all the other info I am getting now if I sent just the access_token that is returned from using this plugin.

Plugins.OAuth2Client.authenticate(
      {
        appId: this._appConfig.thirdPartyAPIs.googleOAuth.clientId,
        authorizationBaseUrl: 'https://accounts.google.com/o/oauth2/auth',
        accessTokenEndpoint: 'https://www.googleapis.com/oauth2/v4/token',
        scope: 'email profile',
        resourceUrl: 'https://www.googleapis.com/userinfo/v2/me',
        web: {
          redirectUrl: 'http://localhost:4200',
          windowOptions: 'height=600,left=0,top=0'
        },
        android: {
          appId: 'xxxx.apps.googleusercontent.com',
          responseType: 'code', // if you configured a android app in google dev console the value must be "code"
          customScheme: 'com.example.android:/'
        },
        ios: {
          appId: 'xxxx.apps.googleusercontent.com',
          responseType: 'code',
          customScheme: 'com.example.app:/'
        }
      }
    )

The response I get contains these fields:

  email: string;
  name: string;
  family_name: string;
  given_name: string;
  verified_email: boolean;
  picture: string;
  locale: string;
  id: string;
  access_token: string;

OAuth2ClientPlugin.java line 222 < response = AuthorizationResponse.fromIntent(data);>
Will crash the application when data is null.

When chrome custom tabs(used by AppAuth) redirect back to the application using the uri scheme, the data provided to handleOnActivityResult can be null.
Passing this to the AuthorizationReponse.fromIntent causes the application to crash.

Edit:
The same sort of issue can be found here

Including a state is recommended and therefore the plugin automatically includes one.

If users set the option themself the plugin does not overwrite it.

I need to support cloud storage providers like OneDrive, Google Drive, DropBox and so on.

The actual access to resources is handled by the backend, so only the authentication is done by to user on the client this results in the authorizationCode, which is sent to the backend. The backend performs the retrieval of accessToken and most important the refreshToken

Unfortunately Code Flow with PKCE is no option because various OAuth providers support only native apps for this flow and web apps/PWAs are forced to use Implizit Flow. I need the refreshToken to access resources without the users interaction.

Hello I have the following problem:
error: cannot access AppCompatActivity
class file for android.support.v7.app.AppCompatActivity not found
File: OAuth2ClientPlugin.java

Ionic:

ionic (Ionic CLI) : 4.12.0
Ionic Framework : @ionic/angular 4.3.0
@angular-devkit/build-angular : 0.13.8
@angular-devkit/schematics : 7.1.4
@angular/cli : 7.1.4
@ionic/angular-toolkit : 1.2.3

Capacitor:

capacitor (Capacitor CLI) : 1.0.0-beta.19
@capacitor/core : 1.0.0-beta.19

Cordova:

cordova (Cordova CLI) : not installed
Cordova Platforms : not available
Cordova Plugins : not available

System:

NodeJS : v10.15.3 (C:\Program Files\nodejs\node.exe)
npm : 6.4.1
OS : Windows 10

More info:
Wrong 1st argument type. Found: 'android.support.v7.app.AppCompatActivity', required: 'android.app.Activity'

In this line: handler.getAccessToken(getActivity(), call, new AccessTokenCallback()

Thanks

https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

In our app a significant portion of the flow will involve the server taking action on behalf of the user, to accomplish this we need to get a refresh token when the user logs in, and be able to put it on the server. What's the recommended flow using this library to do something like that?

I've gotten the access token locally on the device, but I'm unsure of how to get the refresh token.

So far I've been thinking of changing the customScheme to be a URL on the remote server then having the user login using that, then redirecting back to the app by redirecting to the actual local customScheme URL once that's done. Not sure what to do to pass the cookie from the server / some other auth method to the actual app code at that point though.

As stated in #31 Microsoft (Azure AD) supports implicit flow for iOS but the access token is returned as url parameter starting with # instead of ?

On Webservers # url params get removed because they are client side only but on the native app it should/could work.

See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow#get-access-tokens for details.

In the browser impl of this plugin # started url params are supported see https://github.com/moberwasserlechner/capacitor-oauth2/blob/33c041e248d0a18ef491f042336c9dcf36a3bd38/src/web-utils.ts#L66

I created a new task because the user closed the other one.

Hi there!
Great job with this library, been using it and I love it. However, I've been having some issues with the docs on manifestPlaceholders (Google implementation).

When implementing it in default it wouldn't parse or it would get replaced. I end up with an error and can't get over it. I found this comment openid/AppAuth-Android#323 (comment) that explained it.

Can you help me?

Can I put that string inside the AndroidManifest.xml somehow?

I wrote this plugin that does the oauth stuff for Twitter and linked your lib as a related project.
can I send a PR linking my plugin as well?

https://github.com/stewwan/capacitor-twitter

It is possible for the user to close the popup window and not authenticate, this results in a failed login attempt without any means to catch it.

The workaround that I have found is to set an interval and watch the windowHandle.close of OAuth2Client class, but this property is not public meaning that in TypeScript I have to extend the interface.

It's quite a bit of extra work and could easily be part of the source.

Hello!

Just curious, would it be helpful to this plugin if Capacitor would support SFAuthenticationSession and Chrome Custom Tabs, as a part of their Browser API?

I'm thinking those two would be good additions to the Capacitor Browser API.

Hello at the time of writing
registerWebPlugin(OAuth2Client);
Get the following message:
Argument of type 'OAuth2ClientPluginWeb' is not assignable to parameter of type 'WebPlugin'.
Types have separate declarations of a private property 'addWindowListener'.

Ionic:

ionic (Ionic CLI) : 4.9.0 (...AppData\Roaming\nvm\v11.8.0\node_modules\ionic)
Ionic Framework : @ionic/angular 4.0.0-rc.1
@angular-devkit/build-angular : 0.12.1
@angular-devkit/schematics : 7.1.4
@angular/cli : 7.1.4
@ionic/angular-toolkit : 1.2.2

Capacitor:

capacitor (Capacitor CLI) : 1.0.0-beta.17
@capacitor/core : 1.0.0-beta.17

Cordova:

cordova (Cordova CLI) : not installed
Cordova Platforms : not available
Cordova Plugins : not available

System:

NodeJS : v11.8.0 (C:\Program Files\nodejs\node.exe)
npm : 6.5.0
OS : Windows 10

• xcode 10.2.1
• swift 4.2
• angular 7.2.2
• ionic 4.4.2
• capacitor 1.0.0-beta.19

So I've been able to prove out authenticating with Auth0 via the web plugin (although there's a CORS issue with the request headers, I'll create a seperate issue for that) however, when I go to authenticate with the iOS plugin it's throwing the following error...

To Native ->  OAuth2Client authenticate 50216884
2019-06-21 09:59:34.058638+1200 App[870:157200] [MC] System group container for systemgroup.com.apple.configurationprofiles path is /private/var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles
2019-06-21 09:59:34.064168+1200 App[870:157200] [MC] Reading from public effective user settings.
2019-06-21 09:59:37.683308+1200 App[870:157302] [BoringSSL] nw_protocol_boringssl_get_output_frames(1301) [C1.1:2][0x100e3f060] get output frames failed, state 8196
2019-06-21 09:59:37.684177+1200 App[870:157302] [BoringSSL] nw_protocol_boringssl_get_output_frames(1301) [C1.1:2][0x100e3f060] get output frames failed, state 8196
2019-06-21 09:59:37.685975+1200 App[870:157302] TIC Read Status [1:0x0]: 1:57
2019-06-21 09:59:37.686141+1200 App[870:157302] TIC Read Status [1:0x0]: 1:57

The promise from the authenticate call doesn't ever seem to resolve/reject and I'm at a bit of a loss to figure out the issue. Any ideas what I might be dealing with here? I can provide authentication options if needed.

Setup:

• Ionic 5.2.3
• Capacitor 1.1.1
• Capacitor OAuth 2 client plugin 1.0.0

Scenario:

• React app
• Added Capacitor
• Added iOS and Android platforms
• Configured OAuth 2 client in the app (in Android: edited MainActivity)
• Created an app on Azure B2C, obtained Client ID and all necessary parameters

On iOS and web:

• Calling “OAuth2Client.authenticate(authOptions)” launches a successful flow where I am able to grab the token from the callback (Web) or from the custom app scheme after the app is launched (iOS).

On iOS, the link opens in an external browser window, but the redirect correctly points to the app itself (as the custom scheme is register) so I am able to get the token from the URLs callback.

On Android I encounter the following problem::

• Calling “OAuth2Client.authenticate(authOptions)” opens the authentication page in the app itself (not in the browser), and once I enter the correct username and password I am prompted for a redirect to Chrome, where the “Bad request” error is shown.

I observed that the native code of the plugin is not executed on Android (breakpoints not reached) and I am concerned this could be the cause, but the MainActivity seems properly configured so I do not know where else to look:

public class MainActivity extends BridgeActivity {
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    // Initializes the Bridge
    this.init(savedInstanceState, new ArrayList<Class<? extends Plugin>>() {{
      // Additional plugins you've installed go here
      // Ex: add(TotallyAwesomePlugin.class);
      add(OAuth2ClientPlugin.class);
    }});
  }
}

Note: this issue looks similar to #47 but opening a new issue for clarity and also because using different Id provider.

Any idea on what I could be doing wrong/missing?

I've got this error from Gradle when trying to sync the project after adding the plugin:

Could not get unknown property 'bundleRelease' for object of type org.gradle.api.publish.maven.internal.publication.DefaultMavenPublication.

Not sure how to fix it, @moberwasserlechner any suggestions?

I'm trying to use this plugin to add OAuth 2.0 authentication to an Ionic 4 app. I'm using Okta as my provider and I'm able to get "web" login to work. When I try to make it work in iOS Simulator, I get an error. It does redirect back to my app successfully.

Here's the full log from Xcode:

Loading network plugin
2019-04-08 10:51:21.596427-0600 App[28645:712874] CAPKeyboard: resize mode - native
⚡️  Loading app at capacitor://localhost...
Reachable via WiFi
APP ACTIVE
⚡️  [log] - Angular is running in the development mode. Call enableProdMode() to enable the production mode.
⚡️  [log] - Ionic Native: deviceready event fired after 286 ms
⚡️  [warn] - Native: tried calling StatusBar.styleDefault, but the StatusBar plugin is not installed.
⚡️  [warn] - Install the StatusBar plugin: 'ionic cordova plugin add cordova-plugin-statusbar'
⚡️  [warn] - Native: tried calling SplashScreen.hide, but the SplashScreen plugin is not installed.
⚡️  [warn] - Install the SplashScreen plugin: 'ionic cordova plugin add cordova-plugin-splashscreen'
⚡️  [log] - Register custom capacitor plugins
⚡️  To Native ->  App addListener 100427320
⚡️  WebView loaded
SplashScreen.hideSplash: SplashScreen was automatically hidden after default timeout. You should call `SplashScreen.hide()` as soon as your web app is loaded (or increase the timeout). Read more at https://capacitor.ionicframework.com/docs/apis/splash-screen/#hiding-the-splash-screen
⚡️  To Native ->  OAuth2Client authenticate 100427321
2019-04-08 10:51:27.030836-0600 App[28645:712874] [MC] System group container for systemgroup.com.apple.configurationprofiles path is /Users/mraible/Library/Developer/CoreSimulator/Devices/5E87F505-456A-44B3-A682-9E1943F56211/data/Containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles
2019-04-08 10:51:27.031220-0600 App[28645:712874] [MC] Reading from private effective user settings.
2019-04-08 10:51:34.804082-0600 App[28645:712956] [BoringSSL] nw_protocol_boringssl_get_output_frames(1301) [C1.1:2][0x7fc75e501000] get output frames failed, state 8196
2019-04-08 10:51:34.804220-0600 App[28645:712956] [BoringSSL] nw_protocol_boringssl_get_output_frames(1301) [C1.1:2][0x7fc75e501000] get output frames failed, state 8196
2019-04-08 10:51:34.804645-0600 App[28645:712956] TIC Read Status [1:0x0]: 1:57
2019-04-08 10:51:34.804785-0600 App[28645:712956] TIC Read Status [1:0x0]: 1:57
@byteowls/capacitor-oauth2: Access resource request failed with The operation couldn’t be completed. (OAuthSwiftError error -11.).
ERROR MESSAGE:  {"errorMessage":"","message":"ERR_GENERAL"}
2019-04-08 10:51:35.123647-0600 App[28645:713548] [BoringSSL] nw_protocol_boringssl_get_output_frames(1301) [C2.1:2][0x7fc7ce409c60] get output frames failed, state 8196
2019-04-08 10:51:35.123779-0600 App[28645:713548] [BoringSSL] nw_protocol_boringssl_get_output_frames(1301) [C2.1:2][0x7fc7ce409c60] get output frames failed, state 8196
⚡️  [error] - OAuth rejected {"errorMessage":"","message":"ERR_GENERAL"}
2019-04-08 10:51:35.124128-0600 App[28645:713548] TIC Read Status [2:0x0]: 1:57
2019-04-08 10:51:35.124256-0600 App[28645:713548] TIC Read Status [2:0x0]: 1:57

I've published my app to https://github.com/mraible/ionic-4-oauth2. You should be able to login with demo/Password1 as credentials.

I have some questions after making this attempt:

1. Is it possible to use PKCE with "web" login?
2. Would it be possible to use OIDC discovery so a developer can specify issuer instead of authorizationBaseUrl, accessTokenEndpoint, and resourceUrl? With OIDC discovery, these values can be looked up. For example, you can find the values for my Okta tenant at https://dev-737523.oktapreview.com/oauth2/default/.well-known/openid-configuration

In Ionic 3, I used https://github.com/manfredsteyer/angular-oauth2-oidc, and wrote a blog post to explain how I did it. I'm hoping to do the same for Ionic 4.

Hey Michael, first of all thank you for creating and maintaining this great plugin!

I was following the docs to create the iOS Facebook login and had problems with the YourIOsFacebookOAuth2Handler class. I got following two issues and did some changes to make them work again:

Value of type 'AccessToken' has no member 'authenticationToken':

...
if let accessToken = AccessToken.current {
    success(accessToken.authenticationToken)
} else {
...

changed to

if let accessToken = AccessToken.current {
    success(accessToken.tokenString)
} else {
...

Use of unresolved identifier 'ReadPermission'

...
self.loginManager!.logIn(readPermissions: [ ReadPermission.publicProfile ],
...

changed to

self.loginManager!.logIn(permissions: [ Permission.publicProfile ],

I'm new to Capacitor, I'm new to swift. If I'd be more confident in it would have turned into a PR right away. 🙈
What do you think?

In google console I see a handful of crashes with the following stacktrace attached

Caused by: java.lang.NullPointerException: 
 
  at com.byteowls.capacitor.oauth2.OAuth2ClientPlugin.handleOnActivityResult (OAuth2ClientPlugin.java:224)
  at com.getcapacitor.Bridge.onActivityResult (Bridge.java:748)
  at com.getcapacitor.BridgeActivity.onActivityResult (BridgeActivity.java:209)
  at android.app.Activity.dispatchActivityResult (Activity.java:7634)
  at android.app.ActivityThread.deliverResults (ActivityThread.java:4622)

Any idea what might be causing this?

Using version 1.0.1 with the following invocation:

return from(Plugins.OAuth2Client.authenticate(
      {
        appId: this._appConfig.thirdPartyAPIs.googleOAuth.clientId.web,
        authorizationBaseUrl: 'https://accounts.google.com/o/oauth2/auth',
        accessTokenEndpoint: 'https://www.googleapis.com/oauth2/v4/token',
        scope: 'email profile',
        resourceUrl: 'https://www.googleapis.com/userinfo/v2/me',
        web: {
          redirectUrl: 'http://localhost:4200',
          windowOptions: 'height=600,left=0,top=0'
        },
        android: {
          appId: this._appConfig.thirdPartyAPIs.googleOAuth.clientId.android,
          responseType: 'code', 
          customScheme: 'com.myapp.android:/'
        },
        ios: {
          appId: this._appConfig.thirdPartyAPIs.googleOAuth.clientId.ios,
          responseType: 'code', 
          customScheme: 'com.myapp.myapp:/'
        }
      }
    )

And add option "responseType" if someone wants to use "code".

Full-Screen MacOS Redirect "Not Found" Error.

Hello Michael! Tsavo Here,

I released a beta out yesterday to a few test groups and they seem to be running into an issue in fullscreen mode on OSX, which also seems to be an issue in the browser on Mobile for iOS and Android.

Error: Error: Not found at intervalId.setInterval
File: http://localhost:8081/node_modules/@byteowls/capacitor-oauth2/dist/esm/web.js

I am trying to do further debugging but it seems to be a vague error. I believe it is due to that fact that in fullscreen mode the redirect launches a new tab whereas in a non-fullscreen window the redirect creates a new window allowing for proper resolution back to the previous window.

Do you have any initial thoughts on this/have you encountered this situation?

Additionally, is there any way that we can further and formally collaborate on this. Am more than willing to help fund development/help develop myself.

Please let me know what I can do to help with this process, much appreciated - Tsavo Knott

Attached is a screenshot of the two types of views I am describing.

Full Window: "Blue dot thrown on Origin Tab"

This is the redirected Tab.

Final Console Log:

Attention: cocoapods are one version number behind the rest ;)

MainActivity has leaked ServiceConnection net.openid.appauth.browser.CustomTabManager$1@2f048d4 that was originally bound here
                  android.app.ServiceConnectionLeaked: Activity com.byteowls.teamconductor.MainActivity has leaked ServiceConnection net.openid.appauth.browser.CustomTabManager$1@2f048d4 that was originally bound here
                      at android.app.LoadedApk$ServiceDispatcher.<init>(LoadedApk.java:1336)
                      at android.app.LoadedApk.getServiceDispatcher(LoadedApk.java:1231)
                      at android.app.ContextImpl.bindServiceCommon(ContextImpl.java:1450)
                      at android.app.ContextImpl.bindService(ContextImpl.java:1422)
                      at android.content.ContextWrapper.bindService(ContextWrapper.java:636)
                      at android.support.customtabs.CustomTabsClient.bindCustomTabsService(CustomTabsClient.java:71)
                      at net.openid.appauth.browser.CustomTabManager.bind(CustomTabManager.java:95)
                      at net.openid.appauth.AuthorizationService.<init>(AuthorizationService.java:116)
                      at net.openid.appauth.AuthorizationService.<init>(AuthorizationService.java:94)
                      at net.openid.appauth.AuthorizationService.<init>(AuthorizationService.java:83)
                      at com.byteowls.capacitor.oauth2.OAuth2ClientPlugin.authenticate(OAuth2ClientPlugin.java:145)
                      at java.lang.reflect.Method.invoke(Native Method)
                      at com.getcapacitor.PluginHandle.invoke(PluginHandle.java:99)
                      at com.getcapacitor.Bridge$2.run(Bridge.java:473)
                      at android.os.Handler.handleCallback(Handler.java:751)
                      at android.os.Handler.dispatchMessage(Handler.java:95)
                      at android.os.Looper.loop(Looper.java:154)
                      at android.os.HandlerThread.run(HandlerThread.java:61)

Causes the App to reload / restart Capacitor

Hi
could really use some help , using capacitor with capacitor-oauth2 and VueJS

I am trying to get an accessToken from AzureAD

it works fine on web, but not on IOS

I get an info message in console with

To Native -> OAuth2Client authenticate 127389189

the Token its returned from native project I am not receiving it back

here is my config

const config = {

  additionalParameters: {

    'prompt':'login',

    'login_hint':'[email protected]',

    'nonce': 'jahsdjahsdk',

  }

  authorizationBaseUrl: "https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize",

  pkceDisabled: true,

  appId: '777777-777777-777777-77777',

  scope: "user.readwrite",

  accessTokenEndpoint: "https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/token",
                                                                                                                  
                                                                                                                  
  web: {                                                                                                          
    redirectUrl: "http://localhost:8080/start",                                                                   
    windowOptions: "height=600,left=0,top=0",                                                                     
    responseType: "token",                                                                                        
  },                                                                                                                                                                                                                           
  ios: {                                                                                                                                          
    appId: '777777-777777-7777-7777-77777777',                                                                
    customScheme: "capacitor://localhost",                               
    responseType: "token"                                                                                         
  }                                                                                                               
};                                                                                                                ` 

  login(){                                                                              
   return  await this.OAuth2Client.authenticate(                                        
      config                                                                            
    ).then(resourceUrlResponse => {                                                     
      let accessToken = resourceUrlResponse["access_token"];                            
                                                                                             
      return accessToken;                                                               
                                                                                        
    }).catch(reason => {                                                                
      console.error("OAuth rejected", reason);                                          
    });                                                                                 
                                                                                        
  }

Thanks for the support !

/Ibrahim

I introduce a option to disable this but by default this should be handled by the plugin. Although I thougth in #3 that it is not required.

But if the plugin handles the access_token as well. Authentication and access should be faster. The alternative would be to hand the access_token to the plugin as the client user stores it.

On Android I have a weird problem:

1. Login using Google as provider with the plugins standard features. Login successful. ✔️
2. Logout. Logout successful. ✔️
3. Login again using Google oauth with the plugins standard features. Login fails. ❌

The login does not fail because the the authentification fails. The flow is successfully executed and the response from the resource url queried but the when the plugin calls call.resolve(response) it is not passed to my application code.

I have no error or warning. The promise is simply not resolved. If I restart the app the first login works but the problem persists.

On the web and on IOS there is no problem.

System Information:

• Capacitor: beta.17
• Plugin: beta.2
• Framework: Angular 6
• OS: Android 8.0

On iOS, I'm getting

Main Thread Checker: UI API called on a background thread: -[UIApplication canOpenURL:]

in XCode when "Sign In with Facebook" dialog pops up. Shouldn't we wrap LoginManager calls in DispatchQueue.main.async { }?

For me this solved the issue...

New method for handling Logout especially for customHandlerClass (Facebook).

Because the SDK caches the access token.

Hey Michael, I hope all is well, I have a pretty urgent request that will need to be addressed to continue to allow Capacitor to work out of the box for browsers.

Import * as base64 from 'base64-js' uses UMD exports and causes the browser to throw an error when ran natively. This is found in your web-utils.js file.

I would recommend using This Base64 package from NPM which will allow you to use native es6 imports and then leave it up to the end user to transpile/build. It will also support code splitting/tree shaking to ensure that you only include what you use from the package.

It also is one of the most widely used Base64 packages on NPM at around 5 million per week downloads.

I can gladly make a PR using the more up to date base64 package. Please let me know how we can move forward on this as quickly as possible or how I can help in any way.

All the best,
-Tsavo

Before releasing the first beta I want to upgrade to Capacitor beta11.

Hi,

With the provided documentation for Facebook, I always get "Login cancelled by user". Don't we have to add this code:

if let scheme = url.scheme, let host = url.host {
  if scheme == "fb\(SDKSettings.appId)" && host == "authorize" {
    return SDKApplicationDelegate.shared.application(app, open: url, options: options)
  }
}

to the

func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool { }

in AppDelegate.swift?

For me, this fixed the issue...

Web: localStorage or cookie
Android: shared preferences

I am trying to use [email protected], but I could not find documentation about which version of capacitor it is compatible with. Could you clarify?

I keep getting the issue #36, and I have tried the following capacitor versions: beta.17, beta.19, 1.0.0 but the issue persists.

Some provider support options which are not defined in the OAuth2 standard.

Thanks for a great plugin! In our situation we need to provide oAuth flow with code, but we can't store client_id and secrets on the client app. We are using Java spring oauth on the backend, all we need to use is Capacitor Browser plugin. I was able to get everything working but couldn't close the Browser upon browserPageLoaded event upon looking for specific client side redirect url. What I get from this event is empty.

I understand this is not the forum to ask this question, since we are on the oAuth topic, any direction would be highly appreciated. We need to get this accomplished both on ios, android and web.

Thanks in advance

I am currenty working on a mobile app for both ios and android, which is going to need oauth for its authoriztion.

While registering client-ids in our backend and implementing this plugin I came across an issue, the plugin doesn't seem to support "id_token token" as valid responseType, though our service does expect this repsonseType.

According to the AppAuth documentation, the sdk's also support OpenID Connect, which specifies the usage of alternative responseTypes such as "id_token token" and "id_token code".

Would it be possible for this plugin to also support these specs / responseTypes? or atleast the "id_token token" as a first step to supporting more of the OpenID Connect extentions?

extras:
Linkto openId connect specs
AppAuth stating it supports OpenID Connect.
oauth 2.0 on Extensibility

The web/pwa implementation retrieves the token by using response_type=token on the authorization request.

Thats differs how its done in Android.

Within this task I will use response_type=code with a code_challenge in the web implementation as well.

Hi,

Is it possible to make this plugin work with Sign in with Apple, that is expected to come this fall with iOS13?

Initial Situation:

• I need to implement a Google login with Ionic which works on a web platform as well as on an android device.

Therefore I use:

• Ionic 5.2.2
• Capacitor 1.1.1
• Capacitor OAuth 2 client plugin 1.0.0

With that setup I achieved already:

• Web-Login workes perfectly

Problem:

• Login in from an Android device doesn't work

I followed the steps in the readme from https://github.com/moberwasserlechner/capacitor-oauth2/blob/master/README.md

• I registered the plugin OAuth2Client in my app.component.ts
• I implemented a method googleLogin() where I call Plugins.OAuth2Client.authenticate() with OAuth2AuthenticateOptions

app.component.ts

import { Component, OnInit } from '@angular/core';

import { registerWebPlugin } from "@capacitor/core";
import { OAuth2Client } from '@byteowls/capacitor-oauth2';

@Component({
  selector: 'app-root',
  templateUrl: 'app.component.html'
})
export class AppComponent implements OnInit {
  constructor() {}

  ngOnInit() {
    console.log("Register custom capacitor plugins");
    registerWebPlugin(OAuth2Client);
  }
}

home.page.ts

import { Component } from '@angular/core';
import { Plugins } from '@capacitor/core';

@Component({
  selector: 'app-home',
  templateUrl: 'home.page.html',
  styleUrls: ['home.page.scss'],
})
export class HomePage {

  constructor() { }

  async googleLogin() {

    try {
      const resourceUrlResponse = await Plugins.OAuth2Client.authenticate({
        appId: "XXX.apps.googleusercontent.com",
        authorizationBaseUrl: "https://accounts.google.com/o/oauth2/auth",
        accessTokenEndpoint: "https://www.googleapis.com/oauth2/v4/token",
        scope: "email profile",
        resourceUrl: "https://www.googleapis.com/userinfo/v2/me",
        web: {
          redirectUrl: "http://localhost:8100",
          windowOptions: "height=600,left=0,top=0"
        },
        android: {
          appId: "XXX.apps.googleusercontent.com",
          responseType: "code",
          customScheme: "com.xxx.playground.googleLogin07"
        }
      })
    }
    catch (err) {
      console.error(err);
    }
  }

}

On an device this code results in an error-message from Google:

This is plausible. It seems to be that the method Plugins.OAuth2Client.authenticate() tries to do a web-based login where an android login is needed. Am I right?

If I make a call without the "web"-parameter like this...

const resourceUrlResponse = await Plugins.OAuth2Client.authenticate({
        appId: "XXX.apps.googleusercontent.com",
        authorizationBaseUrl: "https://accounts.google.com/o/oauth2/auth",
        accessTokenEndpoint: "https://www.googleapis.com/oauth2/v4/token",
        scope: "email profile",
        resourceUrl: "https://www.googleapis.com/userinfo/v2/me",
        android: {
          appId: "XXX.apps.googleusercontent.com", //--> I tried both, android- and web-client key from the google clout platform console.
          responseType: "code",
          customScheme: "com.xxx.playground.googleLogin07"
        }
      })

...the method Plugins.OAuth2Client.authenticate() returns a blank error object --> {}

What am I doing wrong?

Hi

Ionic:

ionic: 4.12.0
@ionic-native/core: ^5.0.0
@ionic/angular: ^4.1.0

Capacitor:

@capacitor/android: ^1.0.0-beta.22
@capacitor/cli: 1.0.0-beta.22
@capacitor/core: 1.0.0-beta.22

System:

node : v10.15.3
npm : 6.9.0
OS : Deepin 15.9.3

Error

I've got an error ERR_STATES_NOT_MATCH on Android, but on Browser everything works as expected. In Browser I see an URL like

localhost:8100/#access_token=...&expires_in=...&token_type=Bearer&state=SAME_AS_IN_REQUEST

And everything is works

Consitent codes across all platforms.

Only codes can be processed properly.

We'd like to let our users log in with the code flow + PKCE, then store the refresh token as well client-side (only for the Android/iOS version), in our case from Azure AD B2C. In short, we are looking for the following behavior:

• Android/iOS version: code flow + PKCE, with refresh token stored using the Capacitor Secure Storage Plugin
• PWA version: implicit flow (for now, see this article by Auth0 for details as to why it's still not considered safe to store a refresh token from the implicit flow in the browser)

Would be great if we could add a function to this library called refresh() or similar which gets a fresh access token from the server (no iFrames/etc. needed). See this Microsoft Azure B2C example for refreshing the access token.

I think it would be enough if this library provided a function refresh(refresh_token: string) {} to get a new access token based on the given refresh token. Combined with Capacitor's background fetch operations (coming soon), the token can be refreshed at regular intervals, so that the user doesn't have to log in over and over again.

One major point to emphasize here, is that this should only be done with the Android/iOS version in combination with the Secure Storage Plugin because we can't safely store refresh tokens securely in the browser (yet).

I'm happy to provide a PR for this, but would like to ask what you think of this approach and if you think it's feasible and secure enough.

Installing the plugin and running npx cap update works well for all platforms except iOS:

✖ update ios: ENOENT: no such file or directory, open 'ios/App/public/cordova.js'
[error] Error running update: { [Error: ENOENT: no such file or directory, open 'ios/App/public/cordova.js']
  errno: -2,
  code: 'ENOENT',
  syscall: 'open',
  path: 'ios/App/public/cordova.js' }

Check if and how this plugin, which was intended to only support OAuth2 is extendable for OpenId.

Hi,

Have you considered integrating LINE messenger login flow?
LINE is the extremely popular messenger app in Japan and South East Asia (e.g. Thailand). Curious how difficult would be to make it work with Capacitor on iOS and Android...