Comments (4)
So far we do not have any plans to develop a safari-view-controller alternative, the plugin / dev dependency offers excellent integration with the browser apis
from auth0-cordova.
Absolutely, but what I am unsure of is why you need any deps at all? Like what is it about auth0 that requires such a dependency? Is it the callback method or?
Not trying to be critical of the project here I am just surprised that can't be handled by Cordova without such requirements.
from auth0-cordova.
TLDR; Google / Apple's recommended way to do web based auth.
Long version.
A long while back, there were apps and the usual way of opening an authentication page was to open the webview. Now although this sounds super simple, the webview's controller api had access to the information in the page. This made it much easier to steal say, an untrusting users Google Credentials. Since then, there have been better integrations (Chrome Custom Tabs, on Android) and SafariViewController (On Windows * you have WebAuthenticationBroker) the key idea here is that these environments do not allow access to the page's data itself and the OS guarantees that making it much safer.
Google now actively blocks WebView UserAgents and therefore the System Views are now the default way of authenticating with a remote IdP
from auth0-cordova.
Super useful info tnx! Let's close this but keep it for posterity. I'm +1 all things security but when it adds 10Mb to my app it feels a little like adding flash to handle clipboard (to draw an analogy).
Hopefully in the future we can see a cleaner/less heavy solution but until then I can live with how things are.
from auth0-cordova.
Related Issues (20)
- Handling errors in redirect uri HOT 1
- Capacitor support HOT 13
- onRedirectUri faulty behavior after first login HOT 8
- Module not found: Error: Can't resolve 'crypto' in 'C://mypc/path/node_module/@auth0\cordova\src' HOT 1
- Angular support HOT 4
- Login screen hangs after entering credentials HOT 9
- Refresh tokens HOT 6
- iOS social provider signout problem HOT 3
- Custom Webpack is not used when using livereload on cordova run HOT 6
- Sign in with Apple - error on callback HOT 22
- Universal and Deep link support for iOS and Android HOT 3
- Use ASWebAuthenticationSessionManager with cordova HOT 4
- New Version Release HOT 1
- Cannot read properties of undefined (reading 'open') HOT 1
- net: ERR_UNKNOWN_URL_SCHEME with targetSdkVersion 30 HOT 11
- loading icon keeps spinning after social sign in using ionic V3 app on Android
- Could not load module crypto HOT 3
- New Release? HOT 1
- Login with Google is not asking the account to use HOT 2
- SafariViewController Closes before user can save or update password HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth0-cordova.