fix(templates): fix race condition in popup based social sign-in #10941 (#10942)

Author: ysmoradi

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Layout/ForceUpdateSnackBar.razor.cs

@@ -21,7 +21,7 @@ protected override async Task OnInitAsync()
             if (isShown) return;
 
             isShown = true;
-            await bitSnackBar.Success(string.Empty);
+            await bitSnackBar.Error(string.Empty);
         });
     }
 

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInPanel.razor.cs

@@ -18,7 +18,7 @@ public partial class SignInPanel
     private SignInPanelType internalSignInPanelType;
     private readonly SignInRequestDto model = new();
     private AppDataAnnotationsValidator? validatorRef;
-    private string ReturnUrl => ReturnUrlQueryString ?? NavigationManager.GetRelativePath() ?? Urls.HomePage;
+    private string ReturnUrl => ReturnUrlQueryString ?? Urls.HomePage;
 
 
     [Parameter, SupplyParameterFromQuery(Name = "return-url")]

…ore/Components/HybridAppWebInterop.razor …ient.Core/Components/WebInteropApp.razorsrc/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/HybridAppWebInterop.razor renamed to src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/WebInteropApp.razor src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/HybridAppWebInterop.razor renamed to src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/WebInteropApp.razor

@@ -1,15 +1,16 @@
+@*+:cnd:noEmit*@
 @*
-Leveraging Web Features in Blazor Hybrid:
-
-1. WebView Integration: Directly utilize standard web technologies like CSS animations and external frames (e.g., Google reCaptcha) within the Blazor WebView.
-
-2. Addressing Origin Restrictions for Sensitive Web APIs:
-   - Due to the our WebView's fixed origin (http://0.0.0.1), certain security-sensitive web features like WebAuthn and social sign-in will not function directly within the WebView.
-   - Solution for WebAuthn: Employ a local HTTP server (see WindowsLocalHttpServer and MauiHttpLocalServer) to serve the HybridAppWebInterop component via a GET endpoint. Use IExternalNavigationService to open an in-app browser, facilitating authentication (e.g., Face ID).
-   - Limitation for Social Sign-in: Social sign-in providers generally restrict WebView usage due to security considerations, regardless of the origin.
-
-3. Utilizing Website Origin (Such as https://adminpanel.bitplatform.dev):
-   - For scenarios requiring your website's actual origin or other features incompatible even with a localhost origin, use IExternalNavigationService to navigate to the /HybridAppWebInterop minimal API endpoint (defined in HybridWebAppInteropEndpoint.cs).
+Most web features like animations, videos, or Google reCAPTCHA work fine in Blazor Hybrid.
+However, since Blazor Hybrid uses Web View with an IP-based Origin (http://0.0.0.1)
+more sensitive features like Social Sign-in and Face-ID/Fingerprint Sign-in using WebAuthn do not function properly in Web View.
+To address this, within a Blazor Hybrid App, you can use a Local HTTP Server to load a lightweight WebInteropApp component that
+only loads app.js (without Blazor.web.js) on an Origin like localhost.
+Then, using IExternalNavigationService, you can display it via an In-App Browser to bypass Web View limitations.
+
+Additionally, in a Web Browser, if Social Sign-in is performed in a Popup or a new Tab to preserve the app's
+state and avoid restarting Blazor upon returning from Social Sign-in, the Popup should redirect back to WebAppInterop
+after authentication. Using app.js, it can notify the main Window via window.opener.postMessage({ key: 'PUBLISH_MESSAGE', ... }),
+allowing the main Window to resume its operations.
 *@
 
 @code {
@@ -111,6 +112,12 @@ Leveraging Web Features in Blazor Hybrid:
             }
         }
     </style>
+
+    @*#if (appInsights == true)*@
+    <link rel="preconnect" href="https://js.monitor.azure.com" crossorigin />
+    <!-- Perform the initial static render of ApplicationInsightsInit to start App Insights ASAP. -->
+    <BlazorApplicationInsights.ApplicationInsightsInit />
+    @*#endif*@
 </head>
 <body>
     <div class="title">@Localizer[nameof(AppStrings.PleaseWait)]</div>
@@ -123,7 +130,7 @@ Leveraging Web Features in Blazor Hybrid:
     <script src="_content/Bit.Butil/bit-butil.js"></script>
     <script src="_content/Boilerplate.Client.Core/scripts/app.js"></script>
     <script type="text/javascript">
-        HybridAppWebInterop.run();
+        WebInteropApp.run();
     </script>
 </body>
 </html>

…ient.Core/Scripts/HybridAppWebInterop.ts …ate.Client.Core/Scripts/WebAppInterop.tssrc/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Scripts/HybridAppWebInterop.ts renamed to src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Scripts/WebAppInterop.ts src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Scripts/HybridAppWebInterop.ts renamed to src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Scripts/WebAppInterop.ts

@@ -1,4 +1,4 @@
-// Read Components/HybridAppWebInterop.razor comments.
+// Read Components/WebInteropApp.razor comments.
 
 declare class BitButil {
     static webAuthn: {
@@ -7,48 +7,71 @@ declare class BitButil {
     }
 };
 
-class HybridAppWebInterop {
+class WebInteropApp {
+
+    private static autoClose = true;
+
     public static async run() {
         try {
             const urlParams = new URLSearchParams(location.search);
             const action = urlParams.get('actionName');
             switch (action) {
                 case 'SocialSignInCallback':
-                    await HybridAppWebInterop.socialSignInCallback();
+                    await WebInteropApp.socialSignInCallback();
                     break;
                 case 'GetWebAuthnCredential':
-                    await HybridAppWebInterop.getWebAuthnCredential();
+                    await WebInteropApp.getWebAuthnCredential();
                     break;
                 case 'CreateWebAuthnCredential':
-                    await HybridAppWebInterop.createWebAuthnCredential();
+                    await WebInteropApp.createWebAuthnCredential();
                     break;
             }
         }
         catch (err: any) {
-            const errMsg = `${JSON.stringify(err, Object.getOwnPropertyNames(err))} ${err.toString()}`;
-            await fetch('api/LogError', {
-                method: 'POST',
-                credentials: 'omit',
-                body: errMsg
-            });
+            const urlParams = new URLSearchParams(location.search);
+            const localHttpPort = urlParams.get('localHttpPort')?.toString();
+            if (localHttpPort) {
+                // Blazor Hybrid:
+                const errMsg = `${JSON.stringify(err, Object.getOwnPropertyNames(err))} ${err.toString()}`;
+                await fetch('api/LogError', {
+                    method: 'POST',
+                    credentials: 'omit',
+                    body: errMsg
+                });
+            }
         }
         finally {
-            window.close();
-            location.href = 'about:blank';
+            if (WebInteropApp.autoClose) {
+                window.close();
+                location.href = 'about:blank';
+            }
         }
     }
 
     private static async socialSignInCallback() {
         const urlParams = new URLSearchParams(location.search);
         const urlToOpen = urlParams.get('url')!.toString();
-        const localHttpPort = Number.parseInt(urlParams.get('localHttpPort')!.toString());
+        const localHttpPort = urlParams.get('localHttpPort')?.toString();
+        if (!localHttpPort) {
+            // Blazor WebAssembly, Auto or Server:
+            if (window.opener) {
+                window.opener.postMessage({ key: 'PUBLISH_MESSAGE', message: 'SOCIAL_SIGN_IN', payload: urlToOpen });
+            }
+            else {
+                WebInteropApp.autoClose = false;
+                location.href = urlToOpen;
+            }
+            return;
+        }
+        // Blazor Hybrid:
         await fetch(`http://localhost:${localHttpPort}/api/SocialSignInCallback?urlToOpen=${encodeURIComponent(urlToOpen)}`, {
             method: 'POST',
             credentials: 'omit'
         });
     }
 
     private static async getWebAuthnCredential() {
+        // Blazor Hybrid:
         const webAuthnCredentialOptions = await (await fetch(`api/GetWebAuthnCredentialOptions`, { credentials: 'omit' })).json();
         const webAuthnCredential = await BitButil.webAuthn.getCredential(webAuthnCredentialOptions);
         await fetch(`api/WebAuthnCredential`, {
@@ -63,6 +86,7 @@ class HybridAppWebInterop {
     }
 
     private static async createWebAuthnCredential() {
+        // Blazor Hybrid:
         const webAuthnCredentialOptions = await (await fetch(`api/GetCreateWebAuthnCredentialOptions`, { credentials: 'omit' })).json();
         const webAuthnCredential = await BitButil.webAuthn.createCredential(webAuthnCredentialOptions);
         await fetch(`api/CreateWebAuthnCredential`, {

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Scripts/app.ts

@@ -104,15 +104,6 @@ function handleMessage(e: MessageEvent) {
 
 function handleLoad() {
     setCssWindowSizes();
-    if (window.opener != null && (location.pathname == '/sign-in' || location.pathname == '/sign-up')) {
-        // The IExternalNavigationService is responsible for opening pages in a new window,
-        // such as during social sign-in flows. Once the external navigation is complete,
-        // and the user is redirected back to the newly opened window,
-        // the following code ensures that the original window is notified.
-        // If IExternalNavigationService fails to navigate to the new window (Typically on iOS/Safari), the window.opener will be null and the page normally loads.
-        window.opener.postMessage({ key: 'PUBLISH_MESSAGE', message: 'SOCIAL_SIGN_IN', payload: window.location.href });
-        window.close();
-    }
 }
 
 function setCssWindowSizes() {

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/Contracts/IExternalNavigationService.cs

@@ -1,6 +1,6 @@
 namespace Boilerplate.Client.Core.Services.Contracts;
 
-// Check out HybridAppWebInterop.razor's comments.
+// Check out WebInteropApp.razor's comments.
 public interface IExternalNavigationService
 {
     Task NavigateToAsync(string url);

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/DefaultExternalNavigationService.cs

@@ -1,15 +1,17 @@
-namespace Boilerplate.Client.Core.Services;
+namespace Boilerplate.Client.Core.Services;
 
-public partial class DefaultExternalNavigationService : IExternalNavigationService
+public partial class DefaultExternalNavigationService : IExternalNavigationService, IAsyncDisposable
 {
     [AutoInject] private readonly Window window = default!;
+    [AutoInject] private readonly PubSubService pubSubService = default!;
     [AutoInject] private readonly NavigationManager navigationManager = default!;
 
     /// <summary>
     /// The MauiExternalNavigationService (Client.Maui) implementation of <see cref="IExternalNavigationService"/> can show one window at a time
     /// on Android and iOS apps. Trying to have similar UX across platforms, we close the last opened window before opening the new one in web platform as well.
     /// </summary>
     private string? lastOpenedWindowId = null;
+    private Action? pubSubUnsubscribe;
 
     public async Task NavigateToAsync(string url)
     {
@@ -20,17 +22,32 @@ public async Task NavigateToAsync(string url)
             return;
         }
 
-
         // Client.Web:
         if (lastOpenedWindowId is not null)
         {
-            await window.Close(lastOpenedWindowId);
+            await window.Close(lastOpenedWindowId); // Only one open window at a time.
         }
 
-        if ((lastOpenedWindowId = await window.Open(url, "_blank", new WindowFeatures() { Popup = true, Height = 768, Width = 1024 })) is null // Let's try with popup first.
+        if ((lastOpenedWindowId = await window.Open(url, "_blank", new WindowFeatures() { Popup = true, Width = 1024, Height = 768 })) is null // Let's try with popup first.
             && (lastOpenedWindowId = await window.Open(url, "_blank", new WindowFeatures() { Popup = false })) is null) // Let's try new tab
         {
             navigationManager.NavigateTo(url, forceLoad: true, replace: true); // If all else fails, let's try to navigate in the same tab.
         }
+        else
+        {
+            pubSubUnsubscribe?.Invoke();
+            pubSubUnsubscribe = pubSubService.Subscribe(ClientPubSubMessages.SOCIAL_SIGN_IN, async _ =>
+            {
+                if (lastOpenedWindowId != null)
+                {
+                    await window.Close(lastOpenedWindowId); // It's time to close the social sign-in popup / tab.
+                }
+            });
+        }
+    }
+
+    public async ValueTask DisposeAsync()
+    {
+        pubSubUnsubscribe?.Invoke();
     }
 }

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Maui/Services/MauiLocalHttpServer.cs

@@ -8,7 +8,7 @@
 
 namespace Boilerplate.Client.Maui.Services;
 
-// Checkout HybridAppWebInterop.razor's comments.
+// Checkout WebInteropApp.razor's comments.
 public partial class MauiLocalHttpServer : ILocalHttpServer
 {
     [AutoInject] private HtmlRenderer htmlRenderer;
@@ -143,10 +143,10 @@ await MainThread.InvokeOnMainThreadAsync(() =>
 
                 await GoBackToApp();
             }))
-            .WithModule(new ActionModule("/hybrid-app-web-interop", HttpVerbs.Get, async ctx =>
+            .WithModule(new ActionModule("/web-interop-app", HttpVerbs.Get, async ctx =>
             {
                 var html = await htmlRenderer.Dispatcher.InvokeAsync(async () =>
-                    (await htmlRenderer.RenderComponentAsync<HybridAppWebInterop>()).ToHtmlString());
+                    (await htmlRenderer.RenderComponentAsync<WebInteropApp>()).ToHtmlString());
 
                 await ctx.SendStringAsync(html, "text/html", Encoding.UTF8);
             }))

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Maui/Services/MauiWebAuthnService.cs

@@ -15,7 +15,7 @@ public override async ValueTask<JsonElement> GetWebAuthnCredential(JsonElement o
 
         ((MauiLocalHttpServer)localHttpServer).WebAuthnService = this;
 
-        await externalNavigationService.NavigateToAsync($"http://localhost:{localHttpServer.Port}/hybrid-app-web-interop?actionName=GetWebAuthnCredential");
+        await externalNavigationService.NavigateToAsync($"http://localhost:{localHttpServer.Port}/web-interop-app?actionName=GetWebAuthnCredential");
 
         return await GetWebAuthnCredentialTcs.Task;
     }
@@ -30,7 +30,7 @@ public override async ValueTask<JsonElement> CreateWebAuthnCredential(JsonElemen
 
         ((MauiLocalHttpServer)localHttpServer).WebAuthnService = this;
 
-        await externalNavigationService.NavigateToAsync($"http://localhost:{localHttpServer.Port}/hybrid-app-web-interop?actionName=CreateWebAuthnCredential");
+        await externalNavigationService.NavigateToAsync($"http://localhost:{localHttpServer.Port}/web-interop-app?actionName=CreateWebAuthnCredential");
 
         return await CreateWebAuthnCredentialTcs.Task;
     }

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Web/wwwroot/index.html

@@ -10,7 +10,7 @@
     <script>
         // disable auto-zoom of iOS Safari when focusing an input
         (/iPad|iPhone|iPod/.test(navigator.userAgent)) &&
-            (document.querySelector('meta[name="viewport"]').content = 'width=device-width, initial-scale=1.0, viewport-fit=cover, maximum-scale=1.0')
+            (document.querySelector('meta[name="viewport"]').content = 'width=device-width, initial-scale=1.0, maximum-scale=1.0, viewport-fit=cover');
     </script>
 
     <!--#if (captcha == "reCaptcha")-->