@isitha/capacitor-oauth2
v1.0.0-beta.5
Published
Simple Capacitor OAuth 2 client plugin
Downloads
1
Maintainers
Readme
Capacitor OAuth 2 client plugin
This is a simple OAuth 2 client plugin.
It let you configure the oauth parameters yourself instead of using SDKs. Therefore it is usable with various providers.
Supported flows
Implicit flow (response type: token)
Status: ok
Code flow + PKCE (response type: code)
Status: ok
Please be aware that some providers (OneDrive, Auth0) allow Code Flow + PKCE only for native apps. Web apps have to use implicit flow.
Important
For security reasons this plugin does/will not support Code Flow without PKCE.
That would include storing your client secret in client code which is highly insecure and not recommended. That flow should only be used on the backend (server).
Installation
npm i -E @byteowls/capacitor-oauth2
Configuration
This example shows the common process of configuring this plugin.
Although it was taken from a Angular 6 application, it should work in other frameworks as well.
Register plugin
Find the init component of your app, which is in Angular app.component.ts
and register this plugin by
import {registerWebPlugin} from "@capacitor/core";
import {OAuth2Client} from '@byteowls/capacitor-oauth2';
@Component()
export class AppComponent implements OnInit {
ngOnInit() {
console.log("Register custom capacitor plugins");
registerWebPlugin(OAuth2Client);
// other stuff
}
}
Use it
import {
Plugins
} from '@capacitor/core';
@Component({
template: '<button (click)="onOAuthBtnClick()">Login with OAuth</button>' +
'<button (click)="onLogoutClick()">Logout OAuth</button>'
})
export class SignupComponent {
onOAuthBtnClick() {
Plugins.OAuth2Client.authenticate(
oauth2Options
).then(resourceUrlResponse => {
let accessToken = resourceUrlResponse["access_token"];
let oauthUserId = resourceUrlResponse["id"];
let name = resourceUrlResponse["name"];
// go to backend
}).catch(reason => {
console.error("OAuth rejected", reason);
});
}
onLogoutClick() {
Plugins.OAuth2Client.logout(
oauth2Options
).then(() => {
// do something
}).catch(reason => {
console.error("OAuth logout failed", reason);
});
}
}
Options
See the oauth2Options
interface at https://github.com/moberwasserlechner/capacitor-oauth2/blob/master/src/definitions.ts#L24
Error Codes
- ERR_PARAM_NO_APP_ID ... The appId / clientId is missing. (web, android, ios)
- ERR_PARAM_NO_AUTHORIZATION_BASE_URL ... The authorization base url is missing. (web, android, ios)
- ERR_PARAM_NO_REDIRECT_URL ... The redirect url / custom scheme url is missing. (web, android, ios)
- ERR_PARAM_NO_ACCESS_TOKEN_ENDPOINT ... The access token endpoint url is missing. It is only needed if code flow is used. (web, android, ios)
- ERR_PARAM_INVALID_RESPONSE_TYPE ... You configured a invalid responseType. Only "token" or "code" are allowed. (web, android, ios)
- ERR_NO_ACCESS_TOKEN ... No access_token found. (web, android)
- ERR_NO_AUTHORIZATION_CODE ... No authorization code was returned in the redirect response. (web, android, ios)
- ERR_STATES_NOT_MATCH ... The state included in the authorization code request does not match the one in the redirect. Security risk! (web, android, ios)
- USER_CANCELLED ... The user cancelled the login flow. (android, ios)
- ERR_CUSTOM_HANDLER_LOGIN ... Login through custom handler class failed. See logs and check your code. (android, ios)
- ERR_CUSTOM_HANDLER_LOGOUT ... Logout through custom handler class failed. See logs and check your code. (android, ios)
- ERR_ANDROID_NO_BROWSER ... On Android not suitable browser could be found! (android)
- ERR_GENERAL ... A unspecific error. Check the logs to see want exactly happened. (web, android, ios)
Platform: Web/PWA
This implementation just opens a browser window to let users enter their credentials.
As there is no provider SDK used to accomplish OAuth, no additional javascript files must be loaded and so there is no performance impact using this plugin in a web application.
Platform: Android
Register the plugin in com.companyname.appname.MainActivity#onCreate
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
List<Class<? extends Plugin>> additionalPlugins = new ArrayList<>();
// Additional plugins you've installed go here
// Ex: additionalPlugins.add(TotallyAwesomePlugin.class);
additionalPlugins.add(OAuth2ClientPlugin.class);
// Initializes the Bridge
this.init(savedInstanceState, additionalPlugins);
}
Custom OAuth Handler
Some OAuth provider (Facebook) force developers to use their SDK on Android.
This plugin should be as generic as possible so I don't want to include provider specific dependencies.
Therefore I created a mechanism which let developers integrate custom SDK features in this plugin.
Simply configure a full qualified classname in the option property android.customHandlerClass
.
This class has to implement com.byteowls.capacitor.oauth2.handler.OAuth2CustomHandler
.
See a full working example below!
Platform: iOS
On iOS the plugin is registered automatically by Capacitor.
Custom OAuth Handler
Some OAuth provider (Facebook) force developers to use their SDK on iOS.
This plugin should be as generic as possible so I don't want to include provider specific dependencies.
Therefore I created a mechanism which let developers integrate custom SDK features in this plugin.
Simply configure a the class name in the option property ios.customHandlerClass
.
This class has to implement ByteowlsCapacitorOauth2.OAuth2CustomHandler
.
See a full working example below!
Platform: Electron
- Maybe early 2019
Full examples
PWA
googleLogin() {
Plugins.OAuth2Client.authenticate({
appId: environment.oauthAppId.google.web,
authorizationBaseUrl: "https://accounts.google.com/o/oauth2/auth",
accessTokenEndpoint: "https://www.googleapis.com/oauth2/v4/token",
scope: "email profile",
resourceUrl: "https://www.googleapis.com/userinfo/v2/me",
web: {
redirectUrl: "http://localhost:4200",
windowOptions: "height=600,left=0,top=0"
},
android: {
appId: environment.oauthAppId.google.android,
responseType: "code", // if you configured a android app in google dev console the value must be "code"
customScheme: "com.companyname.appname:/" // package name from google dev console
},
ios: {
appId: environment.oauthAppId.google.ios,
responseType: "code", // if you configured a ios app in google dev console the value must be "code"
customScheme: "com.companyname.appname:/" // Bundle ID from google dev console
}
}).then(resourceUrlResponse => {
// do sth e.g. check with your backend
}).catch(reason => {
console.error("Google OAuth rejected", reason);
});
}
Android
Add the value of the android.customScheme
parameter in android/app/build.gradle
as well, but remove the suffix :/
Then in your AndroidManifest.xml
file find the line
<data android:scheme="@string/custom_url_scheme" />
and change it to
<data android:scheme="@string/custom_url_scheme" android:host="oauth" />
Note: Actually any value for android:host
will do. It does not has to be oauth
.
This will fix an issues within the oauth workflow when the application is shown twice. See Issue #15 for details what happens.
Notice: If your appAuthRedirectScheme doesn't get recognized because you are using a library that replaces it (e.g.: onesignal-cordova-plugin), you will have to add it to your buildTypes like the following:
android.buildTypes.debug.manifestPlaceholders = [
'appAuthRedirectScheme': 'com.companyname.appname'
]
android.buildTypes.release.manifestPlaceholders = [
'appAuthRedirectScheme': 'com.companyname.appname'
]
iOS
Open ios/App/App/Info.plist
in a XML editor and add the customScheme without :/
like that
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>com.companyname.appname</string>
</array>
</dict>
</array>
PWA
facebookLogin() {
let fbApiVersion = "2.11";
Plugins.OAuth2Client.authenticate({
appId: "YOUR_FACEBOOK_APP_ID",
authorizationBaseUrl: "https://www.facebook.com/v" + fbApiVersion + "/dialog/oauth",
accessTokenEndpoint: "https://graph.facebook.com/v" + fbApiVersion + "/oauth/access_token",
resourceUrl: "https://graph.facebook.com/v" + fbApiVersion + "/me",
web: {
redirectUrl: "http://localhost:4200",
windowOptions: "height=600,left=0,top=0"
},
android: {
customHandlerClass: "com.companyname.appname.YourAndroidFacebookOAuth2Handler",
},
ios: {
customHandlerClass: "App.YourIOsFacebookOAuth2Handler",
}
}).then(resourceUrlResponse => {
// do sth e.g. check with your backend
}).catch(reason => {
console.error("FB OAuth rejected", reason);
});
}
Android and iOS
Since October 2018 Strict Mode for Redirect Urls is always on.
Use Strict Mode for Redirect URIs
Only allow redirects that use the Facebook SDK or that exactly match the Valid OAuth Redirect URIs. Strongly recommended.
Before that it was able to use fb<your_app_id>:/authorize
in a Android or iOS app and get the accessToken.
Unfortunately now we have to use the SDK for Facebook Login.
I don't want to have a dependency to facebook for users, who don't need Facebook OAuth.
To address this problem I created a integration with custom code in your app customHandlerClass
Android
See https://developers.facebook.com/docs/facebook-login/android/ for more background on how to configure Facebook in your Android app.
Add
implementation 'com.facebook.android:facebook-login:4.36.0'
toandroid/app/build.gradle
as dependency.Add to
string.xml
<string name="facebook_app_id"><YOUR_FACEBOOK_APP_ID></string>
<string name="fb_login_protocol_scheme">fb<YOUR_FACEBOOK_APP_ID></string>
- Add to
AndroidManifest.xml
<meta-data android:name="com.facebook.sdk.ApplicationId" android:value="@string/facebook_app_id"/>
<activity android:name="com.facebook.FacebookActivity"
android:configChanges=
"keyboard|keyboardHidden|screenLayout|screenSize|orientation"
android:label="@string/app_name" />
<activity android:name="com.facebook.CustomTabActivity" android:exported="true">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="@string/fb_login_protocol_scheme" />
</intent-filter>
</activity>
- Create a custom handler class
package com.companyname.appname;
import android.app.Activity;
import com.byteowls.capacitor.oauth2.handler.AccessTokenCallback;
import com.byteowls.capacitor.oauth2.handler.OAuth2CustomHandler;
import com.byteowls.teamconductor.MainActivity;
import com.facebook.AccessToken;
import com.facebook.FacebookCallback;
import com.facebook.FacebookException;
import com.facebook.login.LoginManager;
import com.facebook.login.LoginResult;
import com.getcapacitor.PluginCall;
public class YourAndroidFacebookOAuth2Handler implements OAuth2CustomHandler {
@Override
public void getAccessToken(Activity activity, PluginCall pluginCall, final AccessTokenCallback callback) {
AccessToken accessToken = AccessToken.getCurrentAccessToken();
if (AccessToken.isCurrentAccessTokenActive()) {
callback.onSuccess(accessToken.getToken());
} else {
LoginManager.getInstance().logInWithReadPermissions(activity, null);
LoginManager.getInstance().registerCallback(((MainActivity) activity).getCallbackManager(), new FacebookCallback<LoginResult>() {
@Override
public void onSuccess(LoginResult loginResult) {
callback.onSuccess(loginResult.getAccessToken().getToken());
}
@Override
public void onCancel() {
callback.onCancel();
}
@Override
public void onError(FacebookException error) {
callback.onCancel();
}
});
}
}
@Override
public boolean logout(PluginCall pluginCall) {
LoginManager.getInstance().logOut();
return true;
}
}
- Change your MainActivity like
public class MainActivity extends BridgeActivity {
private CallbackManager callbackManager;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
FacebookSdk.sdkInitialize(this.getApplicationContext());
callbackManager = CallbackManager.Factory.create();
// add my plugins here
List<Class<? extends Plugin>> additionalPlugins = new ArrayList<>();
// Additional plugins you've installed go here
additionalPlugins.add(OAuth2ClientPlugin.class);
// Ex: additionalPlugins.add(TotallyAwesomePlugin.class);
// Initializes the Bridge
this.init(savedInstanceState, additionalPlugins);
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (callbackManager.onActivityResult(requestCode, resultCode, data)) {
return;
}
}
public CallbackManager getCallbackManager() {
return callbackManager;
}
}
iOS
See https://developers.facebook.com/docs/swift/getting-started and https://developers.facebook.com/docs/swift/login
- Add Facebook pods to your app's Podfile
ios/App/App
platform :ios, '10.0'
use_frameworks!
target 'App' do
# Add your Pods here
pod 'FacebookCore'
pod 'FacebookLogin'
# Automatic Capacitor Pod dependencies, do not delete
pod 'Capacitor', :path => '../../node_modules/@capacitor/ios'
pod 'CapacitorCordova', :path => '../../node_modules/@capacitor/ios'
pod 'ByteowlsCapacitorOauth2', :path => '../../node_modules/@byteowls/capacitor-oauth2'
pod 'CordovaPlugins', :path => '../../node_modules/@capacitor/cli/assets/capacitor-cordova-ios-plugins'
# Do not delete
end
- Add some Facebook configs to your
Info.plist
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>fb{your-app-id}</string>
</array>
</dict>
</array>
<key>FacebookAppID</key>
<string>{your-app-id}</string>
<key>FacebookDisplayName</key>
<string>{your-app-name}</string>
<key>LSApplicationQueriesSchemes</key>
<array>
<string>fbapi</string>
<string>fb-messenger-share-api</string>
<string>fbauth2</string>
<string>fbshareextension</string>
</array>
- Create a custom handler class
import Foundation
import FacebookCore
import FacebookLogin
import Capacitor
import ByteowlsCapacitorOauth2
@objc class YourIOsFacebookOAuth2Handler: NSObject, OAuth2CustomHandler {
var loginManager: LoginManager?;
required override init() {
}
func getAccessToken(viewController: UIViewController, call: CAPPluginCall, success: @escaping (String) -> Void, cancelled: @escaping () -> Void, failure: @escaping (Error) -> Void) {
if let accessToken = AccessToken.current {
success(accessToken.authenticationToken)
} else {
DispatchQueue.main.async {
if self.loginManager == nil {
self.loginManager = LoginManager()
}
self.loginManager!.logIn(readPermissions: [ ReadPermission.publicProfile ],
viewController: viewController, completion: { loginResult in
switch loginResult {
case .failed(let error):
failure(error)
case .cancelled:
cancelled()
case .success(_, _, let accessToken):
success(accessToken.authenticationToken)
}
})
}
}
}
func logout(call: CAPPluginCall) -> Bool {
self.loginManager?.logOut()
return true
}
}
This handler will be automatically discovered up by the plugin and handles the login using the Facebook SDK.
- Add the following to
ios/App/App/AppDelegate.swift
import UIKit
import Capacitor
@UIApplicationMain
class AppDelegate: UIResponder, UIApplicationDelegate {
var window: UIWindow?
// other methods
func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool {
// Called when the app was launched with a url. Feel free to add additional processing here,
// but if you want the App API to support tracking app url opens, make sure to keep this call
if let scheme = url.scheme, let host = url.host {
if scheme == "fb\(SDKSettings.appId)" && host == "authorize" {
return SDKApplicationDelegate.shared.application(app, open: url, options: options)
}
}
return CAPBridge.handleOpenUrl(url, options)
}
// other methods
}
This might not be needed but but users had an issue without it.
Contribute
Fix a bug or create a new feature
Please do not mix more than one issue in a feature branch. Each feature/bugfix should have its own branch and its own Pull Request (PR).
- Create a issue and describe what you want to do at Issue Tracker
- Create your feature branch (
git checkout -b feature/my-feature
orgit checkout -b bugfix/my-bugfix
) - Test your changes to the best of your ability.
- Commit your changes (
git commit -m 'Describe feature or bug'
) - Push to the branch (
git push origin feature/my-feature
) - Create a Github pull request
Code Style
This repo includes a .editorconfig file, which your IDE should pickup automatically.
If not please use the sun coding convention. Please do not use tabs at all!
Try to change only parts your feature or bugfix requires.
License
MIT. Please see LICENSE.
BYTEOWLS Software & Consulting
This plugin is powered by BYTEOWLS Software & Consulting and was build for Team Conductor - Next generation club management platform.
Commercial support and consulting
We create plugins for apps we build and share them as it is with the community.
I you have a feature request, need support how to use the plugin or need a release breaking with our normal release cycle you have the possibility to sponsor the development by paying for this custom development or support.
See the wiki page for how to request a quote.