I followed the sample on Xamarin Authorization with Azure AD B2C
That uses Custom Chrome Tabs (and the Safari equivalent).
I do not find any resources on how to handle the case if no Chrome is installed on the mobile device. I just noticed in emulator, it just raises an error dialog that Chrome must be installed. But I do not want to exclude users from signing in/up that use alternative browsers.
Are there any links/tutorials that cover this (crucial) behavior?
MSAL now suports a fallback using the embedded browser of Android / iOS:
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-2-released#you-can-now-leverage-the-embedded-web-browser-in-xamarinios-and-xamarinandroid
You can now leverage the embedded web browser in Xamarin.iOS and
Xamarin.Android
In the previous versions of MSAL.NET, Xamarin.Android and Xamarin.iOS
used the System web browser interacting with Chrome tabs. This was
great if you wanted to benefit from SSO, but that was not working on
some Android phones which device manufacturers did not provide Chrome,
or if the end user had disabled Chrome. As an app developer, you can
now leverage an embedded browser. To support this, the UIParent class
now has a constructor taking a Boolean to specify if you want to
choose the embedded browser. It also has a static method,
IsSystemWebviewAvailable(), to help you decide if you want to use it.
For instance, on Android: bool useSystemBrowser =
UIParent.IsSystemWebviewAvailable(); App.UIParent = new
UIParent(Xamarin.Forms.Forms.Context as Activity, !useSystemBrowser);
For more details about this possibility see the article in MSAL's
conceptual documentation: https://aka.ms/msal-net-uses-web-browser.
Also the web view implementation might change in the future
You will have to use a different library such as:
AppAuth for Android
"When a Custom Tabs implementation is provided by a browser on the device (for example by Chrome), Custom Tabs are used for authorization requests. Otherwise, the default browser is used as a fallback."
AppAuth for iOS
"iOS 9+ uses the in-app browser tab pattern (via SFSafariViewController), and falls back to the system browser (mobile Safari) on earlier versions."
(Note that Microsoft Authentication Library is consistent with the IETF's Best Current Practice for OAuth 2.0 for Native Apps that:
"... the best current practice is to perform the OAuth authorization request in an external user agent (typically the browser) rather than an embedded user agent (such as one implemented with web-views)."
Related
Edge DevTools Preview could manipulate local storage of a PWA APP , could i do it also ?
EdgeDevTools is a close source APP , and i googled , no document says some API or SDK could manipulate the localstorage of a PWA APP.
Yes, since the UWP application is a sandbox application, in theory each application is independent of each other and cannot directly access the data of an App.
The PWA application relies on WWAHost.exe, but it also enjoys the treatment of UWP applications. Its data is protected and will not expose data access methods.
Best regards.
I am following the tutorial located here: https://developer.xamarin.com/guides/xamarin-forms/cloud-services/authentication/oauth/
I got to the step titled: Presenting the Sign-In User Interface.
It says that, "When the Login method is invoked, the sign-in user interface is presented to the user in a tab from the device's web browser."
Now is this really the process when using Xamarin?
Because the other apps I've downloaded and played with don't open the browser and then open a new tab to give me a choice of which account to choose. Those apps pop up a small page on top of the app and allows me to select an account.
If this Xamarin process is different I am not going to use it when developing my app. Please clear this up for me thanks.
There is no such thing as as "Xamarin's way of oAuth".
oAuth is about authenticating users through 3rd parties like Google, Facebook, Twitter etc. There are different oAuth flows which are mostly used: the implicit grant and the authorisation code grant. For mobile apps the implicit flow is common because auth code flow involves the app keeping a secret which a mobile cannot really guarantee. For a great overview of these flows I can recommend this lecture from Xamarin.University.
These flows are the same no matter which underlying development stack you are using.
The documentation you are referring to is using a library to help using these flows: Xamarin.Auth. As a matter of fact you don't have to use this library at all. This library helps with storing tokens, sending requests that include the required tokens, detect endpoint redirects etc. Part of using this library is presenting the UI where the 3rd party vendors login form is shown.
This is what you do when calling:
var presenter = new Xamarin.Auth.Presenters.OAuthLoginPresenter();
presenter.Login(authenticator);
The actual implementation of presenting the UI is platform specific. On iOS the UI os shown modally if that's how you are coding it. If you change this code to show the UI as a small popup floating on top of existing content, you can of course do this. This is true for any given platform.
I'm trying to develop a Xamarin project wich is able to stream on youtube.
I want to get the rtmp url from the user account.
But, recently google has disabled webviews to authorize apps to get accesstoken and others user data.
I have tried to use Xamarin Auth but unfortunately, it actually use a webview.
(getUI() is returning a webview).
So i'm asking if someone know how to authentificate a user with google without webviews ?
I have also tried using custom tabs but I can't get the url to get the access token because the NavigationEvent is not fired when a new page is loaded.
Xamarin.Auth 1.4.x supports Custom Tabs and SafariViewController, but no Xamarin.Forms support what most of the users want.
Xamarin.Forms support is in the 1.5.0-alpha soon to be released.
Samples extracted from the repo:
https://github.com/moljac/Xamarin.Auth.Samples.NugetReferences
Try ComicBook (Xamarin.Forms) or Providers (Traditional/Standard).
Nuget packages tuning can be problematic, just bump versions to the highest.
I already posted to Apple's Safari dev forum but got no responses so thought try cross posting elsewhere to get ideas:
I'm asking this question in regards to both
Safari Extension (toolbar type AJAX extension)
Mac OS X dashboard widget
I assume both will be similar as they use the WebKit rendering engine?
I would like to know if the engine for maintaining built in session state support (cookies?) shares and persists the session between web content loaded on the page by the browser engine (HTML, JS, CSS, images, etc.) and requests made by XmlHttpRequest object.
I'm porting an AJAX app that requires session state that's shared between web content and XmlHttpRequest object. (i.e. no explicit cookie management for session state, at least not defined by the web service API that I use).
I successfully ported the app to Chrome, Opera, Windows 7/Vista gadget. It failed to work on iGoogle, and Mac OS X widget. Safari extension port had mixed results - it works in some cases but not in others.
I also did a Microsoft .HTA port (HTA app = web app to be run via IE w/o security restrictions of normal web apps, like cross domain XmlHttpRequests) and noticed that works only with IE7+ (due to implementation differences of native XmlHttpRequest in IE7+ vs MS XML version of earlier IEs)
I had consulted discussion/support group for iGoogle as well and learned that iGoogle too doesn't support such session state support.
I kind of worked around iGoogle issue by using Flash component to perform XmlHttpRequests which seemed to be able to share the overall browser session and thus work. I'm attempting that for Mac widget, it didn't seem to work. Can Safari toolbar extensions make use of Flash?
In any case posting this thread for more insight like if Safari/Mac is like iGoogle and not support a shared session between web content and XmlHttpRequest (or no cookies even supported).
FYI, the app I'm working on is below, you can try out what I have to investigate issue. When session state support fails, you get error message that need to enter code correctly (that's what the web service returns in this case, not very helpful to the user).
http://code.google.com/p/autosmsclients/
I've already hosted code for Mac OS X widget and Safari extension there.
I have been running the facebook c# sdk successfully for a good year or more, and it stopped working early december. This was due to the API changes at Facebook, and an informative error told me that i needed to use some new parameters in my calls (specifically oAuth: true )
I read up on the changes, and updated the sdk via nuget, which is now running on version 5.4.1.0 of Facebook.JavascriptMvcWebsite and FacebookWebMvc and the other required libraries that make up the facebook c# sdk.
Now, when clicking the facebook login button i get a different error...
Unsafe JavaScript attempt to access frame with URL https://www.facebook.com/login.php?api_key=251066398241630&skip_api_login=1&display=popup&cancel_url=https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%26error_reason%3Duser_denied%26error%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.%23cb%3Df3570617%26origin%3Dhttp%253A%252F%252Fgem.local%252Ffbb4f09e%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df1c822218c&fbconnect=1&next=https%3A%2F%2Fwww.facebook.com%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D251066398241630%26redirect_uri%3Dhttps%253A%252F%252Fs-static.ak.fbcdn.net%252Fconnect%252Fxd_proxy.php%253Fversion%253D3%2523cb%253Df3570617%2526origin%253Dhttp%25253A%25252F%25252Fgem.local%25252Ffbb4f09e%2526relation%253Dopener%2526transport%253Dpostmessage%2526frame%253Df1c822218c%26sdk%3Djoey%26display%3Dpopup%26response_type%3Dtoken%252Csigned_request%26fbconnect%3D1%26from_login%3D1&rcount=1 from frame with URL http://gem.local/Account/LogOn. Domains, protocols and ports must match.
The console window in Chrome then racks up about 5 of these errors a second, all coming from the facebook login dialog.
I have tried modifying the fbChannel.ashx file to explicity use http:// instead of just // (which respects the current protocol) and also have done the same in FacebookInit.cshtml, but none of this is making any difference.
I also modified my facebook app settings to allow deprecated code...
What am i missing here? I understand why the browser is having a fit over cross domain access, but what is causing this? Have facebook completely switched to https? can i still use facebook logins over http?
I have a test site up where you can see the error in action
Any help appreciated.
Clear the App Domain Field (leave it blank) in Facebook Application --> Basic Info