I have an iOS App
that basically runs a mobile website using a WkWebView
. In the mobile website users can sign in using a Google account.
Due to the fact that google will not allow WebViews to use Google Sign in anymore, how can i login my users?
I think of two solutions:
Intercept the google login URL (account.google.com/) and open a SFSafariViewController
and then somehow get the callback in my WkWebView?
Google Sign in SDK
which relays on the SFsafariViewController
but will give me only an userToken which i would have to send to my website and authenticate the user in the server side.Is there an easy way to authenticate the user without dealing with the tokens?
WKWebView uses the Nitro JavaScript engine, also used by mobile Safari, which comes with significant performance improvements over UIWebView's older JavaScript engine.
In the simplest terms, WKWebView allows mobile app developers to integrate mobile web content into their User Interface through the use of web views. The WKWebView API renders a complete mobile browser experience within the app itself allowing users to interact with web content while remaining in the app.
The WKWebView is a modern API applying all the modern web security mechanisms, it's still maintained by Apple and gets updates. The good thing about WKWebView is that it does out-of-process rendering, so if the attackers find a memory corruption vulnerability in it, your application's process is still isolated.
You can implement WKWebView in Objective-C, here is simple example to initiate a WKWebView : WKWebViewConfiguration *theConfiguration = [[WKWebViewConfiguration alloc] init]; WKWebView *webView = [[WKWebView alloc] initWithFrame:self. view. frame configuration:theConfiguration]; webView.
I solved it.
Basically when the WkWebkit launches the account.google.com
URL i intercept it and launch the Google native library for sign in, which launches a SFSafariViewController
(in iOS 9+, falls back to a WebView in previous versions).
When the user finishes logginng in , i get a URL call to my app which i handle in the app delegate and get the User information.
In the user object, there comes a serverAuthcode which is the one i need to send to my backend server for it to authenticate the google user. (I basically recreate the oauth callback URL that the server expects)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With