Hi there,
I'm having some trouble with getting a OAuth Authorization Code redirect with a custom scheme to work with ASWebAuthenticationSession.
I am trying to build an app that integrates with an authentication provider, in which I have configured like this:
- Callback URL: myapp://auth
In my iOS app, I have define this as a custom scheme in my info.plist file.
<dict>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleTypeRole</key>
<string>Editor</string>
<key>CFBundleURLName</key>
<string>com.abc.def</string>
<key>CFBundleURLSchemes</key>
<array>
<string>myapp</string>
</array>
</dict>
<dict/>
</array>
</dict>
Excuse the messy-ish code below, but I just want to see this work.
import SwiftUI
@main
struct MyApp: App {
var body: some Scene {
WindowGroup {
AContentView()
.onOpenURL { url in
print("Received URL in onOpenURL: \(url)")
Self.handleURL(url)
}
}
}
static func handleURL(_ url: URL) {
print("Handled URL: \(url)")
}
}
import AuthenticationServices
struct AContentView: View {
@Bindable var viewModel = SomeViewModel()
@State private var authSession: ASWebAuthenticationSession?
@State private var presentationContextProvider = PresentationContextProvider()
var body: some View {
VStack {
Button(action: doIt) {
Text("Authenticate")
}
}
}
func doIt() {
Task { @MainActor in
await viewModel.onLaunchAsync() // this asynchronously gets some stuff that is used to build `viewModel.loginUrl`
authenticate()
}
}
func authenticate() {
let authURL = viewModel.loginUrl! // Replace with your auth URL
let callbackURLScheme = "myapp"
authSession = ASWebAuthenticationSession(url: authURL, callback: .customScheme(callbackURLScheme)) { callbackURL, error in
if let error = error {
print("Authentication error: \(error.localizedDescription)")
return
}
guard let callbackURL = callbackURL else {
print("No callback URL")
return
}
print("Callback URL: \(callbackURL)")
MyApp.handleURL(callbackURL)
}
authSession?.presentationContextProvider = presentationContextProvider
authSession?.start()
}
}
class PresentationContextProvider: NSObject, ASWebAuthenticationPresentationContextProviding {
func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {
return UIApplication.shared.windows.first!
}
}
I'm running Proxyman, and can see the calls the iOS app makes.
When I click the "authenticate" button, I get the expected request to open Safari, and login to a web form provided by an authentication provider. Next, I am redirected to a "choose consents" page, where I can choose scopes. Finally, on this page, I click "Allow" at the bottom of this list of scopes, but instead of being 'sent' back to the app, the redirect doesn't work.
The final API call the web screen makes is to a /consent endpoint which replies with an HTTP 302, and a Location header as below:
Location: myapp://auth#code=<something>.
This doesn't close the window, either in a simulator or a real device.
I can verify that my scheme is working correctly, as if I manually in Safari browse to myapp://auth#code=1234 it asks me if I want to open in my app, and I can see my print firing off.
Am I missing something? What am I doing wrong here?
While I could implement this myself using WKWebView / WKNavigationDelegate to intercept the new location, see if its my custom scheme, and then close it out, that seems hacky, and AFAIK ASWebAuthenticationSession should support my use-case.
Many thanks!