ASWebAuthenticationSession Not Recognizing LinkedIn https Redirect

Question

Created Jul ’20

Replies 3

Boosts 0

Views 3.1k

Participants 3

I am attempting to use ASWebAuthenticationSession for logging into LinkedIn. However, LinkedIn doesn't support callbacks (redirecturi) back to the app. They only support http or https. Problem is they put the token in the redirecturi so if I can't detect it and grab the token/code then I can't move on to next step.

I can't seem to figure out how to get ASWebAuthenticationSession to respond to this so I can get the token and move on to next step of autho.

Does anyone have any experience in this?

Boost

Answer 1

VVD93 OP

Jul ’20

I faced the same issue. What I have found out is ASWebAuthenticationSession only uses custom URL scheme. I tried with universal link, still does not work. Callback is not happening back to the app. I would suggest you to use WKWebview for http/https scheme or use custom URL scheme.

0

Answer 2

jonnyh OP

Aug ’20

Accepted Answer

Thanks @VVD93. I ended up having to user WKWebview with a local url callback and listening for it. For anyone interested, I've pasted the code below:

Code Block func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
        // here we handle internally the callback url and call method that call handleOpenURL (not app scheme used)
        if let url = navigationAction.request.url, url.host == "localhost" , url.path == "/linkedin-oauth-callback" {
            if self.codeCheck == false {
                if let code = url.valueOf("code") {
                    Log("Found code: \(code)")
                    codeCheck = true
                    getToken(code: code)
                }
            } else {
                
            }
            //decisionHandler(.cancel)
            /*  Dismiss your view controller as normal
                And proceed with OAuth authorization code
                The code you receive here is not the auth token; For auth token you have to make another api call with the code that you received here and you can procced further
             */
        }
        decisionHandler(.allow)
    }

0

Answer 3

lapinka OP

Oct ’20

I've commented on a similar issue.

In short, you are to use Universal Links for HTTP(S) redirection back to the app. They do work, pending correct implementation (which, admittedly, may not always be too straight forward).

WKWebView is not an exact functional replacement for ASWebAuthenticationSession. It is not suitable for an app developed by a different business entity than one managing the authentication/authorization system, a third-party app, which is not supposed to have access to the user credentials. And, WKWebView cannot provide SSO experience between apps belonging to different development teams, which includes the system browsers.

0