如何在 Cordova 应用中处理 OAuth2 回调 URI?

huangapple go评论62阅读模式
英文:

How should I handle oauth2 callback uri in a cordova app?

问题

我正在使用 Cordova 在移动设备上运行一个 Angular 应用程序(目前是在 Android 上)。
该应用程序使用 Auth0,这是一个用于身份验证的 OAuth2 提供者。
在 Web 上运行正常,因为提供者在身份验证后将令牌重定向到回调 URL,Web 应用程序会使用接收到的参数重新启动。

在移动设备上,第一次尝试时,应用程序会打开外部浏览器进行登录,显然无法返回应用程序。然后我在 config.xml 中使用了 <allow-navigation href="https://[my domain].eu.auth0.com/*"/>。现在身份验证在应用内部进行,但回调 URL 为 https://localhost/index.html?code=[token],而应用程序无法识别它为自己的 URL。

如何让 Cordova 应用程序理解它需要处理该 URL,或者有什么是正确的回调 URL?

更新:我找到了一个示例,使用了 Ionic/Capacitor:https://github.com/auth0-samples/auth0-ionic-samples/tree/main/angular
我尚未成功使其工作,但主要问题是被接受的答案所说的。

英文:

I am using cordova to run an angular application on mobile (android for now).
The application uses auth0, an oauth2 provider for authentication.
It works fine on the web, as the provider redirects to the callback url with the token after authentication, and the web app restarts with the parameters received.

On mobile at first try the app opened an external browser for login, which obviously could not return to the app. Then I used <allow-navigation href="https://[my domain].eu.auth0.com/*"/> in config.xml. Now the authentication is happening in-app, but the callback url is https://localhost/index.html?code=[token], which the app does not recognize as its own.

How can I make the cordova app to understand that that url have to be handled by it, or alternatively what would be the right callback url?

Update: I have found this sample, using ionic/capacitor: https://github.com/auth0-samples/auth0-ionic-samples/tree/main/angular
I could not yet make it work, but the main point is what the accepted answer says.

答案1

得分: 1

一款移动应用需要遵循RFC8252的建议,使用基于自定义方案的重定向URI,例如com.mycompany.myapp:/callback。也可以使用HTTPS方案,但这需要注册应用/通用链接。这通常被称为AppAuth模式。查看我的博客文章以获得简介:

在Cordova上,这将需要一个插件,尽管我不知道是否存在一个好的插件可以直接使用,可能需要编写自己的插件。这是一个技术栈如Cordova可能存在问题的领域之一,因为底层行为是原生技术。

英文:

A mobile app needs to follow recommendations from RFC8252, to use a custom scheme based redirect URI, such as com.mycompany.myapp:/callback. It is also possible to use HTTPS schemes, though this requires app / universal links to be registered. This is often called the AppAuth pattern. See my blog posts for an intro:

On Cordova this will require a plugin, though I don't know if a good one exists that you can just plugin, and it is possible you'll need to write your own one. This is one of those areas where tech stacks such as Cordova can be problematic, since the underlying behaviour is native tech.

huangapple
  • 本文由 发表于 2023年2月10日 16:24:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/75408541.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定