Ability to customize pop ups when calling signInWithRedirect on iOS

[mkrn]

Describe the bug

1. Using withOAuth HOC and facebookSignIn flow in expo bare / react native shows alert that says "AppName Wants to Use "amazoncognito.com" to Sign In"
   The users may not be familiar with amazoncognito.com and may be confused since they chose to sign in with Facebook, not Amazon.

2. New users need to sign in to facebook even if they're signed in to Facebook App on their iPhone. This lowers conversions since users have to enter email/password that they may not remember.

Is there any way to have permission say "use 'facebook.com'" to sign in?
Is there any way to have new users signed in if they've signed in to the Facebook app on their phone?

I'm using expo bare and already have Facebook SDK Pod, so if there's a native way to achieve Cognito+Facebook sign in please share.

To Reproduce
Steps to reproduce the behavior:

1. Click a button with onPress action this.props.facebookSignIn

Expected behavior

• Alert asking if user would like to sign in with "facebook.com"
• Following screen have user signed in to facebook.

Screenshots
If applicable, add screenshots to help explain your problem.

Smartphone (please complete the following information):

• iPhone 8 plus
• iOS 12.2
• react-native 0.59.5
• aws-amplify 1.1.26
• "aws-amplify-react-native": "2.1.10",

Additional context
Add any other context about the problem here.

Sample code

const urlOpener = async (url, redirectUrl) => {
  const { type, url: newUrl } = await WebBrowser.openAuthSessionAsync(url, redirectUrl);

  if (type === 'success') {
    await WebBrowser.dismissBrowser();

    if (Platform.OS === 'ios') {
      return Linking.openURL(newUrl);
    }
  }
};

Amplify.configure({
Auth: {
...
oauth: {
      domain: Config.REACT_APP_COGNITO_DOMAIN,
      scope: ['public_profile', 'email'],
      redirectSignIn: `app://signIn`, 
      redirectSignOut: `app://signOut`,
      responseType: 'code',
      urlOpener,
    }

You can turn on the debug mode to provide more info for us by setting window.LOG_LEVEL = 'DEBUG'; in your app.

[bonillam]

@mkrn do you get the same alert when you logout/signout of your app? I get the same alert “... wants to use Amazoncognito to signin...” both when the user signs in and when the user signs out.

Different problem, but just in case you have not tested the signout flow.

[mkrn]

@bonillam Yes, get the same alert on sign out:
"appName" Wants to Use "amazoncognito.com" to Sign In

[loganwedwards]

@mkrn I do not think the flow you are describing is possible. There's a statement buried in the docs indicating that RN apps must use the hosted Cognito UI (which you can hide), but the initial web browser redirect does go there before Facebook. The popup is an Expo thing indicating an oauth flow via a web redirect is about to happen. https://docs.expo.io/versions/v30.0.0/sdk/auth-session/

One small idea for an improvement would be to associate a custom domain with Cognito in the AWS Console, so at least the user associates the auth flow with an existing app experience.

[mkrn]

Thanks, @loganwedwards
As for custom domain that's a great suggestion!

As for the second part of my issue, I think that even though Expo web browser shares cookies with system browser, not all users are logged in to Facebook in the browser, but most are in the Facebook app.

I will explore integrating Amplify iOS SDK with FB SDK since I already have swift parts as well in the app.

[ameershujjah]

+1 , is there another url opener we can provide to the was config so we can customize the " "appName" Wants to Use "amazoncognito.com" to Sign In " message, which is shown for both sign in and sign out ?

instead of using the default Expo Link opener provided here : https://aws-amplify.github.io/docs/js/authentication#a-note-for-expo-users

[sammartinez]

Closing this issue as it seems it was solved. Please feel free to reopen in need be.

[kaitlynbrown]

The last comment is an open, unanswered question, and the issue is not in any way fixed, and no workaround or solution was offered, so why on earth would you say it is solved?

I'm facing the same problem. When a user tries to sign out on iOS, they get a pop up saying my app wants to use my domain to sign in. A user should never have to give permission just to sign out. How to I circumvent this?

[sammartinez]

Apologizes, I read it as the workaround was able to resolve this. Reopening issue

[phanviet]

https://docs.expo.io/versions/latest/sdk/auth-session/?redirected
Additionally, AuthSession simplifies setting up authorized redirect URLs by using an Expo service that sits between you and your authentication provider (read Security considerations for caveats). This is particularly valuable with Expo because your app can live at various URLs. In development, you can have a tunnel URL, a lan URL, and a localhost URL. The tunnel URL on your machine for the same app will be different from a co-worker's machine. When you publish your app, that will be another URL that you need to whitelist. If you have multiple environments that you publish to, each of those will also need to be whitelisted. AuthSession gets around this by only having you whitelist one URL with your authentication provider: https://auth.expo.io/@your-username/your-app-slug. When authentication is successful, your authentication provider will redirect to that Expo Auth URL, and then the Expo Auth service will redirect back to your appplication. If the URL that the auth service is redirecting back to does not match the published URL for the app or the standalone app scheme (eg: exp://expo.io/@your-username/your-app-slug, or yourscheme://), then it will show a warning page before asking the user to sign in. This means that in development you will see this warning page when you sign in, a small price to pay for the convenience.

@mkrn Does it happen if we config app scheme in production?