Post

Replies

Boosts

Views

Activity

WKWebView OAuth popup misses window.opener in iOS 17.5+
In my project, I'm using the WKWebView to display the Google OAuth popup. And after it appears, the JS window.opener is null, and because of that the original window cannot receive an auth token in a callback. This works perfectly fine in iOS 17.0 and earlier, but broken starting from 17.5. I've tested on the 18.0 too - same results the opener is always null no matter what I try. Web Part: <html> <head> <script src="https://accounts.google.com/gsi/client" async></script> </head> <script type="text/javascript"> var global = {}; window.addEventListener("message", function (ev) { console.log("=== Event Listener ==="); console.log(ev); }); function client() { if (global.client === undefined) { global.client = google.accounts.oauth2.initTokenClient({ client_id: '<client_id>', scope: 'https://www.googleapis.com/auth/userinfo.email \ https://www.googleapis.com/auth/userinfo.profile', callback: function (responseToken) { console.log("=== Callback ==="); console.log(responseToken); let auth = document.getElementById("auth"); auth.textContent = 'Token: ' + responseToken.access_token } }); } return global.client; } function googleOauthClient() { console.log("Trying to login"); let auth = document.getElementById("auth"); auth.textContent = 'In Progress...'; client().requestAccessToken(); } </script> <body> <div id="center"> <a onclick="googleOauthClient()"><h1>Google Login Attempt</h1></a> <h2 id="auth"></h2> </div> </body> </html> In iOS showing popup is implemented as: #import "WebViewController.h" #import "SafariServices/SafariServices.h" @interface WebViewController () <WKNavigationDelegate, WKUIDelegate> { WKWebView *web; WKWebView *popupWebView; } @end @implementation WebViewController - (void)loadView { [super loadView]; WKWebViewConfiguration *config = [[WKWebViewConfiguration alloc] init]; [[config preferences] setJavaScriptEnabled:YES]; [[config preferences] setJavaScriptCanOpenWindowsAutomatically:NO]; [[config defaultWebpagePreferences] setAllowsContentJavaScript:YES]; [config setAllowsInlineMediaPlayback:YES]; web = [[WKWebView alloc] initWithFrame:self.view.frame configuration:config]; [web setAutoresizingMask:UIViewAutoresizingFlexibleWidth | UIViewAutoresizingFlexibleHeight]; [web setAllowsLinkPreview:YES]; [web setNavigationDelegate:self]; [web setUIDelegate:self]; [web setInspectable:YES]; [web setCustomUserAgent:[[web valueForKey:@"userAgent"] stringByAppendingString:@" Safari"]]; [[self view] addSubview:web]; } - (void)viewDidLoad { [super viewDidLoad]; NSString *url = @"http://localhost:8080/oauth"; // A simple Spring Boot App where HTML is hosted [web loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:url]]]; } - (void)webView:(WKWebView *)webView decidePolicyForNavigationAction:(WKNavigationAction *)navigationAction decisionHandler:(void (^)(WKNavigationActionPolicy))decisionHandler { decisionHandler(WKNavigationActionPolicyAllow); } - (WKWebView *)webView:(WKWebView *)webView createWebViewWithConfiguration:(WKWebViewConfiguration *)configuration forNavigationAction:(WKNavigationAction *)navigationAction windowFeatures:(WKWindowFeatures *)windowFeatures { if (navigationAction.targetFrame == nil) { popupWebView = [[WKWebView alloc] initWithFrame:webView.frame configuration:configuration]; [popupWebView setCustomUserAgent: [webView customUserAgent]]; [popupWebView setUIDelegate:self]; [popupWebView setNavigationDelegate:self]; [popupWebView setInspectable:true]; [[[popupWebView configuration] defaultWebpagePreferences] setAllowsContentJavaScript:YES]; [[[popupWebView configuration] preferences] setJavaScriptCanOpenWindowsAutomatically:NO]; [[[popupWebView configuration] preferences] setJavaScriptEnabled:YES]; [[popupWebView configuration] setSuppressesIncrementalRendering:YES]; [webView addSubview:popupWebView]; [popupWebView loadRequest:[navigationAction.request copy]]; return popupWebView; } return nil; } - (void)webViewDidClose:(WKWebView *)webView { [webView removeFromSuperview]; popupWebView = nil; } - (void)webView:(WKWebView *)webView didFailProvisionalNavigation:(null_unspecified WKNavigation *)navigation withError:(NSError *)error { NSLog(@"didFailProvisionalNavigation: %@", [error description]); } - (void)webView:(WKWebView *)webView didFailNavigation:(null_unspecified WKNavigation *)navigation withError:(NSError *)error { NSLog(@"didFailNavigation: %@", [error description]); } - (void)webView:(WKWebView *)webView requestMediaCapturePermissionForOrigin:(WKSecurityOrigin *)origin initiatedByFrame:(WKFrameInfo *)frame type:(WKMediaCaptureType)type decisionHandler:(void (^)(WKPermissionDecision decision))decisionHandler { decisionHandler(WKPermissionDecisionGrant); } - (void)webView:(WKWebView *)webView requestDeviceOrientationAndMotionPermissionForOrigin:(WKSecurityOrigin *)origin initiatedByFrame:(WKFrameInfo *)frame decisionHandler:(void (^)(WKPermissionDecision decision))decisionHandler { decisionHandler(WKPermissionDecisionGrant); } - (void)webView:(WKWebView *)webView runOpenPanelWithParameters:(WKOpenPanelParameters *)parameters initiatedByFrame:(WKFrameInfo *)frame completionHandler:(void (^)(NSArray<NSURL *> * _Nullable URLs))completionHandler { completionHandler(nil); } @end What I tried so far: Disabled in the Settings -> Safari -> Cross-Origin-Opener-Policy; Disabled popup blocking; Added Allow Arbitrary Loads to Info.plist (actually added all possible security policies); This actually works in the SFSafariViewController, but I cannot use it because I need to hide the Navigation and Status bar panels. How it looks in 17.0 vs 17.5 And ideas about what I might be doing wrong? Or maybe some workaround I can utilize to get the Google OAuth token from the popup. Thanks in advance.
1
1
640
Jul ’24