Skip to content

Commit

Permalink
Add "authorization_response" and "access_token_response" to result (#167
Browse files Browse the repository at this point in the history
)
  • Loading branch information
Michael Oberwasserlechner authored Aug 2, 2021
1 parent f421e42 commit 1129cc9
Show file tree
Hide file tree
Showing 13 changed files with 539 additions and 181 deletions.
16 changes: 13 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,30 @@

## [Unreleased]

## [3.0.0] - 2021-07-xx
### Added
* Added `logoutUrl` to base options [#97](https://github.com/moberwasserlechner/capacitor-oauth2/issues/97)

### Fixed
* iOS: Fix boolean param inheritance (#111) [#111](https://github.com/moberwasserlechner/capacitor-oauth2/issues/111)

## [3.0.0] - 2021-08-02

### Breaking
* Minimum Capacitor version is **3.0.0** [#138](https://github.com/moberwasserlechner/capacitor-oauth2/issues/138) [#140](https://github.com/moberwasserlechner/capacitor-oauth2/pull/140)
* Minimum Capacitor version is **3.0.0**. Only this plugin version supports Capacitor `3.x`! [#138](https://github.com/moberwasserlechner/capacitor-oauth2/issues/138) [#140](https://github.com/moberwasserlechner/capacitor-oauth2/pull/140)

### Added
* Web: Add a new option `windowReplace` that defaults to undefined. Used in `window.open()` 4th param.
This will fix https://bugs.chromium.org/p/chromium/issues/detail?id=1164959 [#153](https://github.com/moberwasserlechner/capacitor-oauth2/issues/153)
* Web: Add "authorization_response" and "access_token_response" to "resource response" [#154](https://github.com/moberwasserlechner/capacitor-oauth2/issues/154)
* Web, Android: Add "authorization_response" and "access_token_response" to the result returned to JS. On iOS it is not possible to extract the authorization response because of the used lib. [#154](https://github.com/moberwasserlechner/capacitor-oauth2/issues/154)
* Web, Android: Added `additionalResourceHeaders` to base options
* Web, Android, iOS: Added `logsEnabled` to base options. If enabled extensive logs are written. All logs are prefixed with `I/Capacitor/OAuth2ClientPlugin` across all platforms.

### Changed
* Use `window.crypto` if available to generate random strings [#138](https://github.com/moberwasserlechner/capacitor-oauth2/issues/138) [#140](https://github.com/moberwasserlechner/capacitor-oauth2/pull/140)

### Fixed
* Web: # in URL causes parser to ignore ? [#132](https://github.com/moberwasserlechner/capacitor-oauth2/issues/132) [#133](https://github.com/moberwasserlechner/capacitor-oauth2/pull/133)
* Android: Fix boolean param inheritance (#162) [#162](https://github.com/moberwasserlechner/capacitor-oauth2/issues/162)

## [2.1.0] - 2020-08-27

Expand Down Expand Up @@ -102,6 +111,7 @@ This is controlled by Android specific parameters `handleResultOnNewIntent` for
- Fix github security error by updating Jest lib

[Unreleased]: https://github.com/moberwasserlechner/capacitor-oauth2/compare/3.0.0...master
[3.1.0]: https://github.com/moberwasserlechner/capacitor-oauth2/compare/3.0.0...3.1.0
[3.0.0]: https://github.com/moberwasserlechner/capacitor-oauth2/compare/2.1.0...3.0.0
[2.1.0]: https://github.com/moberwasserlechner/capacitor-oauth2/compare/2.0.0...2.1.0
[2.0.0]: https://github.com/moberwasserlechner/capacitor-oauth2/compare/1.1.0...2.0.0
Expand Down
135 changes: 109 additions & 26 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@ Actively maintained: YES
## Install

```bash
npm install @capacitor-community/oauth2
npm i @byteowls/capacitor-oauth2
npx cap sync
```

## Versions

| Plugin | Minimum Capacitor | Docs | Notes |
| Plugin | Capacitor | Docs | Notes |
|--------|-------------------|----------------------------------------------------------------------------------------|--------------------------------|
| 3.x | 3.0.0 | **(NOT RELEASED YET)** [README](https://github.com/moberwasserlechner/oauth2/blob/master/README.md) | Breaking changes see Changelog. XCode 12.0 needs this version |
| 2.x | 2.0.0 | [README](https://github.com/moberwasserlechner/capacitor-oauth2/blob/2.1.0/README.md) | Breaking changes see Changelog. XCode 11.4 needs this version |
| 1.x | 1.0.0 | [README](https://github.com/moberwasserlechner/capacitor-oauth2/blob/1.1.0/README.md) | |
| 3.x | 3.x.x | [README](https://github.com/moberwasserlechner/oauth2/blob/master/README.md) | Breaking changes see Changelog. XCode 12.0 needs this version |
| 2.x | 2.x.x | [README](https://github.com/moberwasserlechner/capacitor-oauth2/blob/2.1.0/README.md) | Breaking changes see Changelog. XCode 11.4 needs this version |
| 1.x | 1.x.x | [README](https://github.com/moberwasserlechner/capacitor-oauth2/blob/1.1.0/README.md) | |

For further details on what has changed see the [CHANGELOG](https://github.com/moberwasserlechner/capacitor-oauth2/blob/master/CHANGELOG.md).

Expand Down Expand Up @@ -187,18 +187,20 @@ Example:

These parameters are overrideable in every platform

| parameter | default | required | description | since |
|---------------------- |--------- |---------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |------- |
| appId | | yes | aka clientId, serviceId, ... | |
| authorizationBaseUrl | | yes | | |
| responseType | | yes | | |
| redirectUrl | | yes | | 2.0.0 |
| accessTokenEndpoint | | | If empty the authorization response incl code is returned. Known issue: Not on iOS! | |
| resourceUrl | | | If empty the tokens are return instead. If you need just the `id_token` you have to set both `accessTokenEndpoint` and `resourceUrl` to `null` or empty ``. | |
| pkceEnabled | `false` | | Enable PKCE if you need it. | |
| scope | | | | |
| state | | | The plugin always uses a state.<br>If you don't provide one we generate it. | |
| additionalParameters | | | Additional parameters for anything you might miss, like `none`, `response_mode`. <br><br>Just create a key value pair.<br>```{ "key1": "value", "key2": "value, "response_mode": "value"}``` | |
| parameter | default | required | description | since |
|---------------------- |--------- |---------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |------- |
| appId | | yes | aka clientId, serviceId, ... | |
| authorizationBaseUrl | | yes | | |
| responseType | | yes | | |
| redirectUrl | | yes | | 2.0.0 |
| accessTokenEndpoint | | | If empty the authorization response incl code is returned. Known issue: Not on iOS! | |
| resourceUrl | | | If empty the tokens are return instead. If you need just the `id_token` you have to set both `accessTokenEndpoint` and `resourceUrl` to `null` or empty ``. | |
| additionalResourceHeaders | | | Additional headers for the resource request | 3.0.0 |
| pkceEnabled | `false` | | Enable PKCE if you need it. Note: On iOS because of #111 boolean values are not overwritten. You have to explicitly define the param in the subsection. | |
| logsEnabled | `false` | | Enable extensive logging. All plugin outputs are prefixed with `I/Capacitor/OAuth2ClientPlugin: ` across all platforms. Note: On iOS because of #111 boolean values are not overwritten. You have to explicitly define the param in the subsection. | 3.0.0 |
| scope | | | | |
| state | | | The plugin always uses a state.<br>If you don't provide one we generate it. | |
| additionalParameters | | | Additional parameters for anything you might miss, like `none`, `response_mode`. <br><br>Just create a key value pair.<br>```{ "key1": "value", "key2": "value, "response_mode": "value"}``` | |

**Platform Web**

Expand Down Expand Up @@ -403,7 +405,7 @@ These are some of the providers that can be configured with this plugin. I'm hap
|-----------|------------------------|-------|
| Google | [see below](#google) | |
| Facebook | [see below](#facebook) | |
| Azure B2C | [see below](#azure-b2c)| |
| Azure AD B2C | [see below](#azure-b2c)| |
| Apple | [see below](#apple) | ios only |


Expand Down Expand Up @@ -501,16 +503,45 @@ not supported

### Azure B2C

In case of problems please read [#91](https://github.com/moberwasserlechner/capacitor-oauth2/issues/91)
and [#96](https://github.com/moberwasserlechner/capacitor-oauth2/issues/96)

See this [example repo](https://github.com/loonix/capacitor-oauth2-azure-example) by @loonix.
It's important to use the urls you see in the Azure config for the specific platform.

#### PWA

See these 2 configs that should work.
Setting up Azure B2C in July 2021 presents me with `microsoftonline.com` urls, so the config looks like:

It's important to use the urls you see in the Azure config for the specific platform.
```typescript
import {OAuth2AuthenticateOptions, OAuth2Client} from "@byteowls/capacitor-oauth2";

export class AuthService {

getAzureB2cOAuth2Options(): OAuth2AuthenticateOptions {
return {
appId: environment.oauthAppId.azureBc2.appId,
authorizationBaseUrl: `https://login.microsoftonline.com/${environment.oauthAppId.azureBc2.tenantId}/oauth2/v2.0/authorize`,
scope: "https://graph.microsoft.com/User.Read", // See Azure Portal -> API permission
accessTokenEndpoint: `https://login.microsoftonline.com/${environment.oauthAppId.azureBc2.tenantId}/oauth2/v2.0/token`,
resourceUrl: "https://graph.microsoft.com/v1.0/me/",
responseType: "code",
pkceEnabled: true,
logsEnabled: true,
web: {
redirectUrl: environment.redirectUrl,
windowOptions: "height=600,left=0,top=0",
},
android: {
redirectUrl: "msauth://{package-name}/{url-encoded-signature-hash}" // See Azure Portal -> Authentication -> Android Configuration "Redirect URI"
},
ios: {
pkceEnabled: true, // workaround for bug #111
redirectUrl: "msauth.{package-name}://auth"
}
};
}
}
```

<details>
<summary>Other configs that works in prior versions</summary>

```typescript
import {OAuth2Client} from "@byteowls/capacitor-oauth2";
Expand Down Expand Up @@ -574,8 +605,53 @@ azureLogin() {
}
```

</details>

#### Android

If you have **only** Azure B2C as identity provider you have to add a new `intent-filter` to your main activity in `AndroidManifest.xml`.

```xml
<!-- azure ad b2c -->
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="@string/azure_b2c_scheme" android:host="@string/package_name" android:path="@string/azure_b2c_signature_hash" />
</intent-filter>
```

If you have **multiple** identity providers you have to create a new Activity in `AndroidManifest.xml`.

In my case I had Google and Azure AD B2C.

Without this extra activity the result was always `RESULT_CANCELED`.

```xml
<activity android:name="net.openid.appauth.RedirectUriReceiverActivity" android:exported="true">
<!-- google -->
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="@string/custom_url_scheme" android:host="@string/custom_host" />
</intent-filter>

<!-- azure ad b2c -->
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="@string/azure_b2c_scheme" android:host="@string/package_name" android:path="@string/azure_b2c_signature_hash" />
</intent-filter>
</activity>
```

Example values
* @string/azure_b2c_scheme ... `msauth`
* @string/package_name ... `com.company.project`
* azure_b2c_signature_hash ... `/your-signature-hash` ... The leading slash is required. Copied from Azure Portal Android Config "Signature hash" field

See [Android Default Config](#android-default-config)

#### iOS
Expand All @@ -588,13 +664,20 @@ Open `Info.plist` in XCode by Right Click on that file -> Open as -> Source Code
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>msauth.BUNDLE_ID</string>
<!-- msauth.BUNDLE_ID -->
<string>msauth.com.yourcompany.yourproject</string>
</array>
</dict>
</array>
```

Do not enter `://` and part of your redirect url after those chars.
Do not enter `://` and part of your redirect url.

#### Troubleshooting
In case of problems please read [#91](https://github.com/moberwasserlechner/capacitor-oauth2/issues/91)
and [#96](https://github.com/moberwasserlechner/capacitor-oauth2/issues/96)

See this [example repo](https://github.com/loonix/capacitor-oauth2-azure-example) by @loonix.

### Google

Expand Down
Loading

0 comments on commit 1129cc9

Please sign in to comment.