when login using Auth0 Webauth in React-Native it opens the browser for login.
I want to create a smooth login so that the user should not able to experienced whether I logged in using App or Browser jut like a webview anyone any idea?
Just to be clear are you asking if Auth0 supports doing this without a browser? Given that it's likely using OAuth2 or OpenID Connect then the short answer is no.
Further to that WebAuthn is a browser-based Javascript API so by definition would require a browser with these features to be available.
That said, there's probably nothing preventing you from implementing a native WebAuthn-like experience using CTAP2 (the protocol that sits underneath WebAuthn) directly or a platform-specific wrapper around the same.
Related
I want to secure my electron app with firebase auth. The idea is that the user has to click on a button in the renderer process to "Sign up/ Login" and then a new browser window opens in his default browser (not in electron), the user signs up or in and returns back to electron app which automatically signs the user in.
I'm using the following:
Electron: 13.6.9
Angular: 12.1.2
I tried the Electron Firebase repo but to be completely honest I was totally overwhelmed. It's well documented on how to setup but not on how to implement it to an existing app.
I also found this but this seems to be highly insecure to have an auth token exposed: https://pesto.app/blog/how-to-authenticate-with-google-in-electron
Could you guys help me to figure this out in a conceptual way (if you have code examples even better)?
Thanks in advance!
I was going through this link and they mentioned that:
In a WebView, any malicious code in the page has the same rights as the application. This means you need to make sure to only load trusted content. But there is another risk–a malicious app may also have access to browser content (like cookies) and may snoop passwords or intercept OAuth codes.
I was wondering why would Facebook implement WebView then if it had security vulnerabilities.
Is it good to use WebViews in React native mobile application?
I am trying to test a react native app on android which uses a native library which does oauth-based authentication using a webview. Detox does not support webviews (yet) so I was wondering if I could tap on the keyboard using coordinates in order to get through the auth (bad I know, but gets me unstuck for now).
Since the oauth screen is outside your app, I'd recommend you do the following:
Create E2E tests for your login up to the oauth screen
Get a CLI for your oauth provider or figure out how to authenticate via node.js to get the auth token
Create a deep link path in your app that accepts the token as a param and stores it the way you'd store it normally and trigger a continuation of the login flow (you may need to reverse engineer your native lib slightly)
This is generally the approach you want to take if you are using an external authentication party. If the party providing the auth package doesn't support 2 and 3, you should raise the issue with them.
I have an app that uses OAuth. I don't want to have to use an external, unmocked server to be able to log in. Is there a way of bypassing the authentication on detox-tested applications?
Something such as: A GoTo navigational screen detox method, or a testing-only dark launched button that will navigate to the home screen.
Any help is very appreciated
The way we solved this, was by creating a mock server, implementing there a very simple OAuth and point the app there.
Another way is to create a specific implementation on the app to open directly certain page (for instance with specific test deep linking).
Just login inside before or befoleAll (if you use jest) setup method.
I have multiple ember apps, but just one of them has the login page. I want to authenticate all of them with this unique page. How can I redirect other apps to an external login page using ember-simple-auth and redirect to the corresponding app after the authentication?
You need to write custom authenticator. In it's authenticate method I suggest to not redirect, but open a child window with login page. And that login page should be able to communicate with your ember app in some way (window.postMessage for example) in order to give your app auth token. Authenticator must wait until it receive answer (promise and timer will help with waiting). I used such method with google's oauth in node-webkit application (my authenticator opens google's oauth page where user prompted to give my app an access). I don't want to share a code because its too big, complex and have code specific to nw.js but I hope my answer will help. I used code of oauth2 authenticator to develop my own, it helped me a lot.