I am developing an app which uses OAuth for authentication but I have a little problem handling OAuth callbacks.
THE AUTHENTICATION
My app has a webview as the login screen and I am given a url to load the auth form in my webview. Let's say that the url is :
https://myoauthhost.com/oauth/auth?response_type=code&client_id=XXXXXXX&redirect_uri=YYYYYYYY&scope=ZZZZZZZZZZ
and in the auth activity (AuthActivity.java), I have the following :
String authURL = https://myoauthhost.com/oauth/auth?response_type=code&client_id=XXXXXXX&redirect_uri=YYYYYYYY&scope=ZZZZZZZZZZ
myWebView.loadUrl(authURL);
in the manifest.xml, I have the following for oauth callback handling :
<activity
android:name=".AuthActivity"
android:label="@string/app_name"
android:screenOrientation="portrait" >
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="authprovider"
android:scheme="auth" />
</intent-filter>
</activity>
THE PROBLEM
This url when used in the webview (with loadURL() method) redirects to another url containing the REAL OAUTH WEB FROM (that should be loaded in the webview). The problem is that this redirection launches automatically the intent selection in Android : since the URL should be handled by a web browser, Android lets you choose one of the available web browser on the phone to open the url.
Since this is not what I want, I have to include the following code so that the redirection is handled within the webview but does not launch a web browser (or whatever) :
myWebView.setWebViewClient(new WebViewClient());
so with this code, the redirection is handled "within the webview" and I have the login screen displayed.
I can then enter the credentials (e.g : oauth via Twitter) but when the authentication is done, the call back is received but then the activity which is supposed to handle the callback (AuthActivity configured to receive callback in the manifest) is not launched. Instead, I have the webview displaying a message saying that the url callback (in our case : authprovider://auth/XXX?xxx=yyy as configured in the manifest) can not be found.
The reason may be that the following code :
myWebView.setWebViewClient(new WebViewClient());
introduced earlier, tells Android that the webview handles everything. So now, since the callback url is not a web url, it has trouble to handle it and can not even launch the intent which can handle it.
THE QUESTION
How can I solve this problem ? I should be able to let the activity handle the callback but not let the webview try to load it.
any help would be appreciated
thanks in advance
The callback URL typically specifies the URL of an app that is designated to receive an authorization code on behalf of the client app. In addition, this URL string is used for validation.
Callback URLs are the URLs that Auth0 invokes after the authentication process. Auth0 redirects back to this URL and appends additional parameters to it, including an access code which will be exchanged for an id_token , access_token and refresh_token .
Your app subscribes to the changes of the web component, and when it detects the callback URL it takes the Authorization Token, destroy the web component, and calls the REST API to get an Access Token, and then access any protected resources.
First of all in your manifest, set these properties to your activity that launches the WebView
android:launchMode="singleInstance"
and add an intent filter to that as
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="oauth-testing" />
</intent-filter>
then in your code when the user clicks on the login button
mReqToken = mTwitter.getOAuthRequestToken(CALLBACK_URL);
WebView webView = new WebView(this);
webView.requestFocus(View.FOCUS_DOWN);
webView.setOnTouchListener(new View.OnTouchListener() {
@Override
public boolean onTouch(View v, MotionEvent event) {
switch (event.getAction()) {
case MotionEvent.ACTION_DOWN:
case MotionEvent.ACTION_UP:
if (!v.hasFocus()) {
v.requestFocus();
}
break;
}
return false;
}
});
webView.loadUrl(mReqToken.getAuthenticationURL());
mainLayout.removeAllViews();
mainLayout.addView(webView);
Here the callback url isprivate static final String CALLBACK_URL = "oauth-testing:///";
and you are creating a dynamic webview and displaying to the user. And after logging in the webview is closed and the code comes to the onNewIntent()
. You need to implement your functionality after logging in there.
@Override
protected void onNewIntent(Intent intent) {
super.onNewIntent(intent);
dealWithTwitterResponse(intent);
}
private void dealWithTwitterResponse(Intent intent) {
Uri uri = intent.getData();
System.out.println("URI=" + uri);
if (uri != null && uri.toString().startsWith(CALLBACK_URL)) {
String oauthVerifier = uri.getQueryParameter("oauth_verifier");
authoriseNewUser(oauthVerifier);
}
}
I know I have added a lot of code snippet, some of which might not be relevant, but i hope it will help someone someday.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With