Our app allows Single Sign On(SSO) using the Xamarin's webview component. One of the clients have reported that they are not able to sign in to our app as it fails. But the same SSO if accessed from the device browser, passes the CA policy.
From the logs provided by the customer, it shows that DeviceID is null when called from Xamarin webview but it shows a valid value when called from the device browser.
Can someone help me understand why it is failing on our app alone?
Related
I am a developer working on the mini programs platform. I need access to the Vodapay app but I cannot find it on both the app store for iOS and the play store for Android. How can I get access to the app?
The app is scheduled to launch sometime in August, that is why it is not available on the app store or google play store. To get access to the test version of the app, send an email to miniprogramsupport#vodacom.co.za . You will need to provide the following:
Name
Surname
Mini program you are working on
Platform you want access to: (For iOS, send associated apple ID, for Android, send email address used on google account found on the device)
I followed the sample on Xamarin Authorization with Azure AD B2C
That uses Custom Chrome Tabs (and the Safari equivalent).
I do not find any resources on how to handle the case if no Chrome is installed on the mobile device. I just noticed in emulator, it just raises an error dialog that Chrome must be installed. But I do not want to exclude users from signing in/up that use alternative browsers.
Are there any links/tutorials that cover this (crucial) behavior?
MSAL now suports a fallback using the embedded browser of Android / iOS:
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-2-released#you-can-now-leverage-the-embedded-web-browser-in-xamarinios-and-xamarinandroid
You can now leverage the embedded web browser in Xamarin.iOS and
Xamarin.Android
In the previous versions of MSAL.NET, Xamarin.Android and Xamarin.iOS
used the System web browser interacting with Chrome tabs. This was
great if you wanted to benefit from SSO, but that was not working on
some Android phones which device manufacturers did not provide Chrome,
or if the end user had disabled Chrome. As an app developer, you can
now leverage an embedded browser. To support this, the UIParent class
now has a constructor taking a Boolean to specify if you want to
choose the embedded browser. It also has a static method,
IsSystemWebviewAvailable(), to help you decide if you want to use it.
For instance, on Android: bool useSystemBrowser =
UIParent.IsSystemWebviewAvailable(); App.UIParent = new
UIParent(Xamarin.Forms.Forms.Context as Activity, !useSystemBrowser);
For more details about this possibility see the article in MSAL's
conceptual documentation: https://aka.ms/msal-net-uses-web-browser.
Also the web view implementation might change in the future
You will have to use a different library such as:
AppAuth for Android
"When a Custom Tabs implementation is provided by a browser on the device (for example by Chrome), Custom Tabs are used for authorization requests. Otherwise, the default browser is used as a fallback."
AppAuth for iOS
"iOS 9+ uses the in-app browser tab pattern (via SFSafariViewController), and falls back to the system browser (mobile Safari) on earlier versions."
(Note that Microsoft Authentication Library is consistent with the IETF's Best Current Practice for OAuth 2.0 for Native Apps that:
"... the best current practice is to perform the OAuth authorization request in an external user agent (typically the browser) rather than an embedded user agent (such as one implemented with web-views)."
I am developing an app in Android and IOS. I want to use the Google Sign In to login in the app.
In Android I use the client ID of the backend server, but in IOS I have to use the IOS app client ID to login.
Is not possible to use the backend server client ID in the IOS app?
Google Documentation
https://developers.google.com/identity/sign-in/ios/backend-auth
Regards
I work on the team at Google: yes, unfortunately, this is a known deficiency and inconsistency of the iOS SDK for Google Sign-In. We're working on some changes and I'll update this answer when this is resolved.
For now, your backend server will have to determine what client the token is coming from and check appropriate audience. Very sorry for the trouble :/
i have an Mobile App on Azure. All Works like Charm, but the i can´t configure the Access. There is an Application Key, this one should prevent the Mobile App. But it doesen´t. I can directly send a request to the mobile app
http://myappname-code.azurewebsites.net/tables/User/3 and an answer returned, without prompting for the Application Key set in the azure preview portal.
Things i tried:
Regenerate Key
Restart Gateway
Restart mobile app code
the same project as Mobile Service works perfect, but as mobile app there are only ghost errors.
Regards,
Marcus
The migration process isn't perfect yet, so if it's working for you as a Mobile Service, you may just want to stick with it for now. (which you discovered) But if you need the features of Mobile Apps now, Mobile Apps work a bit more like Web Apps. There's still a way to generate codes on the preview portal, but try looking here for a different set of authorizations: https://azure.microsoft.com/en-us/documentation/articles/app-service-api-dotnet-debug/ There's a troubleshooting link at the bottom there too if you run into other issues with the Mobile Apps.
We are in the process of creating our new app for v2 of the apps marketplace. Recently we have run into quite a major issue and we are having a lot of trouble resolving it.
We are testing the workflow where a domain admin installs via the chrome webstore listing. The actual installation of the app works, insofar as the app is installed on the domain and the scopes appear to be granted when looking at the "Manage API client access" section in the domain admin panel (http://i.stack.imgur.com/a63nv.png).
However, when we attempt to use the service account to get calendar or contacts info, we are getting "Requested client not authorized" errors.
{
"error" : "access_denied",
"error_description" : "Requested client not authorized."
}
However, if we manually add our service account + scopes to the domain in question, then accessing the data programmatically works fine (http://i.stack.imgur.com/g6pRg.png).
So, clearly we are missing something here, with how installing a marketplace app via the chrome web store is supposed to work.
Other things to note:
Chrome webstore listing is marked as unlisted.
New marketplace app is not approved (obviously) as the tester received this specific error when attempting to install the marketplace app.
We got it figured out. The issue was in how we declared our contacts API scope in the marketplace sdk setup screen.
In the marketplace setup screen, we declared using the contacts scope without a trailing slash ("https://www.google.com/m8/feeds").
However in our app, we were sending oauth requests for the calendar feed with the slash at the end. ("https://www.google.com/m8/feeds/"). This mismatch caused the whole request to fail with the error message above.
If anyone runs into this and is baffled at why their service account requests are failing, make sure you are consistent with your slashes at the end!
I would suggest to Google that you should update the marketplace sdk screen to also be consistent and reject scopes that do not have a slash at the end. That would have saved us days of frustration.