Document requirement for safariviewcontroller about auth0-cordova HOT 4 CLOSED

So far we do not have any plans to develop a safari-view-controller alternative, the plugin / dev dependency offers excellent integration with the browser apis

from auth0-cordova.

Absolutely, but what I am unsure of is why you need any deps at all? Like what is it about auth0 that requires such a dependency? Is it the callback method or?

Not trying to be critical of the project here I am just surprised that can't be handled by Cordova without such requirements.

from auth0-cordova.

TLDR; Google / Apple's recommended way to do web based auth.

Long version.

A long while back, there were apps and the usual way of opening an authentication page was to open the webview. Now although this sounds super simple, the webview's controller api had access to the information in the page. This made it much easier to steal say, an untrusting users Google Credentials. Since then, there have been better integrations (Chrome Custom Tabs, on Android) and SafariViewController (On Windows * you have WebAuthenticationBroker) the key idea here is that these environments do not allow access to the page's data itself and the OS guarantees that making it much safer.

Google now actively blocks WebView UserAgents and therefore the System Views are now the default way of authenticating with a remote IdP

from auth0-cordova.

Super useful info tnx! Let's close this but keep it for posterity. I'm +1 all things security but when it adds 10Mb to my app it feels a little like adding flash to handle clipboard (to draw an analogy).

Hopefully in the future we can see a cleaner/less heavy solution but until then I can live with how things are.

from auth0-cordova.