Capacitor: Single Sign-on (SSO) Child Browser Flow

Created on 10 Sep 2019  路  4Comments  路  Source: ionic-team/capacitor

Capacitor has an excellent Browser API.

However, a common usage is Single Sign-on (SSO) such as OpenID-Connect and system-to-system authentication, such as OAuth. For these use-cases the Browser API doesn't work that well.

It would be great if Capacitors Browser API would support this common use-case.

Happy to elaborate on this and describe the use-cases in-depth.

Let me know what you think! Is this something that could be added to the Browser API?

iOS

Apple has two classes for this, SFAuthenticationSession (deprecated) and ASWebAuthenticationSession (their most recent API).

They make sure that credentials (active sessions) with the identity provider is re-used within the child-browser, to avoid prompting the user for login credentials over and over again.

Android

Android has Chrome Custom Tabs for this purpose, they work similar to their iOS equivalents.

picture sandstrom
👍5 👀3

Most helpful comment

@jcesarmobile Thanks for commenting on this!

For SSO use-cases on iOS to work properly one need to use ASWebAuthenticationSession. So basically, it would be neat if the Browser API would expose access to this iOS primitive.

Happy to elaborate more though!

picture sandstrom on 13 Jan 2020
👍5

All 4 comments

Browser already uses Chrome Custom Tabs on Android, so not sure what are you suggesting.

Anyway, there is already a feature request issue for an Auth plugin https://github.com/ionic-team/capacitor/issues/395

Also you can use current browser implementation and make the auth provider to redirect to a custom app scheme that you have configured and use App plugin to listen for the appUrlOpen event, it should contain the login token

jcesarmobile picture jcesarmobile on 13 Jan 2020

@jcesarmobile Thanks for commenting on this!

For SSO use-cases on iOS to work properly one need to use ASWebAuthenticationSession. So basically, it would be neat if the Browser API would expose access to this iOS primitive.

Happy to elaborate more though!

sandstrom picture sandstrom on 13 Jan 2020
👍5

@sandstrom do you have a sense of what's the difference of using ASWebAuthenticationSession vs using SFSafariViewController with custom scheme to redirect back into the app?

tonyxiao picture tonyxiao on 22 Oct 2020

@tonyxiao No, I don't know without researching that, sorry.

sandstrom picture sandstrom on 22 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

TayKara picture TayKara  路  3Comments
MatanYadaev picture MatanYadaev  路  3Comments
alexcroox picture alexcroox  路  3Comments
nicobytes picture nicobytes  路  3Comments
ebk46 picture ebk46  路  3Comments