[keycloak-dev] KEYCLOAK-2606 - Browsertab-Support for Cordova
Stian Thorgersen
sthorger at redhat.com
Tue Jun 12 11:32:58 EDT 2018
Sounds good. I'm not able to review this work properly at the moment as I
have too much stuff on my plate, but will find others that can.
I'm very pleased to see this and look forward to getting it in. I've been
wanting it for a long time, but couldn't find the time to work on it.
On Sat, 9 Jun 2018, 23:53 Gregor Tudan, <Gregor.Tudan at cofinpro.de> wrote:
> Hi Stian,
>
> I’ve created a first version and submitted it as pull-request, so we can
> review it. https://github.com/keycloak/keycloak/pull/5256
>
> It relies on the following plugins:
>
> - browsertab: https://github.com/google/cordova-plugin-browsertab
> - universal-links:
> https://github.com/nordnet/cordova-universal-links-plugin
>
> While the first works really well, the second is a bit of mess and looks
> abandoned. Sadly, it is still the best plugin for deep-linking into apps
> around if you don’t want to add branch.io as third party service. It
> still works, but the future of the plugin is unclear. Other plugins only
> provide custom-url-stlye links, which are deprecated since iOS 9.
>
> Sadly Universal-Links are not without problems either (at least on iOS),
> as they don’t really work with redirects: i.e. clicking on the login-button
> in the form takes you straight to the app, but hitting the „open“ button on
> the keyboard won’t - this is a problem which all oauth libraries are
> facing, so I guess there isn’t much we can do about it:
> https://www.google.com/search?q=universal+links+redirect+site%3Aforums.developer.apple.com
> <https://www.google.com/search?q=universal+links+redirect+site:forums.developer.apple.com>
>
> I have to do some more testing to see how well this works on Android. The
> first attempts looked promising.
>
> - Gregor
>
> Am 05.06.2018 um 20:12 schrieb Stian Thorgersen <sthorger at redhat.com>:
>
> Sorry for the late response, but the first approach seems good to me. I
> would assume the app developer would have to configure the universal link
> for the app, but also configure it in the Keycloak adapter right so it
> knows what URL to handle? Or can it just handle it without knowing the
> exact link? I would assume changes needed to apps to switch between the
> "old mode" and the new mode with system browsers in either case so not to
> worried if it requires some changes for existing users.
>
> On 30 May 2018 at 10:26, Gregor Tudan <Gregor.Tudan at cofinpro.de> wrote:
>
>>
>>
>>> Figuring out the callback wasn’t to hard either - now the last missing
>>> piece is parsing the callback. Here we have the option of registering a
>>> universal link inside the Keycloak adapter which opens the app, or leaving
>>> this to the developer and provide a public method for it (like
>>> processCallback).
>>>
>>> I’m not quiet sure on these options, what are your thoughts on this?
>>>
>>
>> Could you elaborate a bit on this please?
>>
>>
>> Sure - The way those native browser tabs work is that the app requests to
>> open a site, but has no access to what happens inside the browser. After
>> the login is done, the browser redirects back into the app by using
>> universal links. These URLs have be registered in the app, so the browser
>> knows that it should pass those requests back. From there, we can get the
>> oauth params (state and code) and fetch the token.
>>
>> The question is: should we implement this kind of callback logic inside
>> the adapter, or should we provide the user a method for completing the
>> login process upon redirecting?
>>
>> If we do this in the adapter, we would need to make some assumptions on
>> the Cordova-Plugin being used and how the link is set up. I don’t think
>> that’s a bad thing, but we would need to document how to setup the app so
>> that the redirect works. This would also fit nicely in the current API of
>> the adapter.
>>
>> The other option would be to leave it up to the user to handle the
>> redirect and offer a callback for finishing the authorization. This would
>> basically boil down to a method that takes the code and the state params
>> (like processCallback in the current adapter). This would kind of break the
>> API of the adapter, as the login method will behave differently for this
>> native adapter.
>>
>> To summarize: doing more stuff in the adapter would simplify things for
>> the developer, but might not work for existing apps - i.e. if they use a
>> different plugin for handling universal links.
>>
>> I suggest starting with first option (handling redirects in the adapter)
>> to get started - universal links don’t seem to be to widely used, so most
>> apps shouldn’t run into problems with us picking a plugin for them. Maybe
>> we can add another option to the adapter for manual redirect-handling later
>> on.
>>
>
> For the first approach I assume the app developer would have to pick a
>
>
>
More information about the keycloak-dev
mailing list