Pass custom url scheme via state token - open this instead of a hardc…

…oded url scheme
0xsequence · Dec 14, 2023 · e222295 · e222295
1 parent ba4c085
commit e222295
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 12 deletions.
diff --git a/Assets/SequenceExamples/Scripts/UI/LoginPanel.cs b/Assets/SequenceExamples/Scripts/UI/LoginPanel.cs
@@ -9,6 +9,8 @@ namespace Sequence.Demo
 {
     public class LoginPanel : UIPanel
     {
+        public string UrlScheme = "sdk-powered-by-sequence";
+
         private TransitionPanel _transitionPanel;
         private LoginPage _loginPage;
         private MultifactorAuthenticationPage _mfaPage;
@@ -30,7 +32,7 @@ protected override void Awake()
                 "us-east-2:42c9f39d-c935-4d5c-a845-5c8815c79ee3", 
                 "arn:aws:kms:us-east-2:170768627592:key/0fd8f803-9cb5-4de5-86e4-41963fb6043d",
                 "5fl7dg7mvu534o9vfjbc6hj31p"),
-                9, "1.0.0");
+                9, "1.0.0", UrlScheme);
             SetupLoginHandler(loginHandler);
 
             _loginSuccessPage = GetComponentInChildren<LoginSuccessPage>();

diff --git a/Assets/SequenceSDK/Authentication/OauthServer/oauthServer b/Assets/SequenceSDK/Authentication/OauthServer/oauthServer
diff --git a/Assets/SequenceSDK/Authentication/OauthServer/oauthServer.go b/Assets/SequenceSDK/Authentication/OauthServer/oauthServer.go
@@ -34,7 +34,9 @@ func main() {
 				}
 
 				function sendCustomUrlScheme(idToken, state) {
-					var customURLScheme = 'sdk-powered-by-sequence://oauth2callback#?id_token=' + idToken + '&state=' + state;
+					var urlScheme = state.split('---')[0];
+					var customURLScheme = urlScheme + '://oauth2callback#?id_token=' + idToken + '&state=' + state;
+					console.log('Sending custom URL scheme: ' + customURLScheme);
 					window.location.href = customURLScheme;
 					document.body.innerHTML = '<h1 id="returnMessage"><a href="' + customURLScheme + '">Click to return to app</a></h1>';
 					document.getElementById("returnMessage").addEventListener("click", function() {

diff --git a/Assets/SequenceSDK/Authentication/OpenIdAuthenticator.cs b/Assets/SequenceSDK/Authentication/OpenIdAuthenticator.cs
@@ -26,6 +26,13 @@ public class OpenIdAuthenticator
         private string _stateToken = Guid.NewGuid().ToString();
         private readonly string _nonce = Guid.NewGuid().ToString();
 
+        private string _urlScheme;
+
+        public OpenIdAuthenticator(string urlScheme)
+        {
+            _urlScheme = urlScheme;
+        }
+
         public void GoogleSignIn()
         {
             try
@@ -84,7 +91,7 @@ public void AppleSignIn()
         private string GenerateSignInUrl(string baseUrl, string clientId, string method)
         {
             string url =
-                $"{baseUrl}?response_type=id_token&client_id={clientId}&redirect_uri={RedirectUrl.AppendTrailingSlashIfNeeded()}&scope=openid+profile+email&state={_stateToken + method}&nonce={_nonce}/";
+                $"{baseUrl}?response_type=id_token&client_id={clientId}&redirect_uri={RedirectUrl.AppendTrailingSlashIfNeeded()}&scope=openid+profile+email&state={_urlScheme + "---" + _stateToken + method}&nonce={_nonce}/";
             if (PlayerPrefs.HasKey(LoginEmail))
             {
                 url = url.RemoveTrailingSlash() + $"&login_hint={PlayerPrefs.GetString(LoginEmail)}".AppendTrailingSlashIfNeeded();
@@ -206,7 +213,7 @@ public void HandleDeepLink(string link)
             }
             if (queryParams.TryGetValue("state", out string state))
             {
-                if (!state.StartsWith(_stateToken))
+                if (!state.Contains(_stateToken))
                 {
                     Debug.LogError("State token mismatch");
                     return;

diff --git a/Assets/SequenceSDK/Authentication/Tests/DeepLinkHandlerTests.cs b/Assets/SequenceSDK/Authentication/Tests/DeepLinkHandlerTests.cs
@@ -10,7 +10,7 @@ public class DeepLinkHandlerTests
         [Test]
         public void TestNoQueryParams()
         {
-            OpenIdAuthenticator authenticator = new OpenIdAuthenticator();
+            OpenIdAuthenticator authenticator = new OpenIdAuthenticator("");
             string url = "https://sequence.app";
             authenticator.HandleDeepLink(url);
             LogAssert.Expect(LogType.Error, "Unexpected deep link: https://sequence.app");
@@ -19,7 +19,7 @@ public void TestNoQueryParams()
         [Test]
         public void TestNoStateToken()
         {
-            OpenIdAuthenticator authenticator = new OpenIdAuthenticator();
+            OpenIdAuthenticator authenticator = new OpenIdAuthenticator("");
             string url = "https://sequence.app?code=123456";
             authenticator.HandleDeepLink(url);
             LogAssert.Expect(LogType.Error, "State token missing");
@@ -28,7 +28,7 @@ public void TestNoStateToken()
         [Test]
         public void TestStateTokenMismatch()
         {
-            OpenIdAuthenticator authenticator = new OpenIdAuthenticator();
+            OpenIdAuthenticator authenticator = new OpenIdAuthenticator("");
             string url = "https://sequence.app?code=123456&state=123456";
             authenticator.HandleDeepLink(url);
             LogAssert.Expect(LogType.Error, "State token mismatch");
@@ -37,7 +37,7 @@ public void TestStateTokenMismatch()
         [Test]
         public void TestNoIdToken()
         {
-            OpenIdAuthenticator authenticator = new OpenIdAuthenticator();
+            OpenIdAuthenticator authenticator = new OpenIdAuthenticator("");
             string url = "https://sequence.app?state=123456";
             authenticator.InjectStateTokenForTesting("123456");
             authenticator.HandleDeepLink(url);
@@ -47,7 +47,7 @@ public void TestNoIdToken()
         [Test]
         public void TestValidDeepLink()
         {
-            OpenIdAuthenticator authenticator = new OpenIdAuthenticator();
+            OpenIdAuthenticator authenticator = new OpenIdAuthenticator("");
             string url = "https://sequence.app?state=123456&id_token=654321";
             authenticator.InjectStateTokenForTesting("123456");
             bool eventReceived = false;
@@ -63,7 +63,7 @@ public void TestValidDeepLink()
         [Test]
         public void TestValidDeepLink_withTrailingSlash()
         {
-            OpenIdAuthenticator authenticator = new OpenIdAuthenticator();
+            OpenIdAuthenticator authenticator = new OpenIdAuthenticator("");
             string url = "https://sequence.app?state=123456&id_token=654321/";
             authenticator.InjectStateTokenForTesting("123456");
             bool eventReceived = false;

diff --git a/Assets/SequenceSDK/WaaS/WaaSLogin.cs b/Assets/SequenceSDK/WaaS/WaaSLogin.cs
@@ -24,12 +24,12 @@ public class WaaSLogin : ILogin
         private IValidator _validator;
         private string _challengeSession;
 
-        public WaaSLogin(AWSConfig awsConfig, int waasProjectId, string waasVersion, IValidator validator = null)
+        public WaaSLogin(AWSConfig awsConfig, int waasProjectId, string waasVersion, string urlScheme, IValidator validator = null)
         {
             _awsConfig = awsConfig;
             _waasProjectId = waasProjectId;
             _waasVersion = waasVersion;
-            _authenticator = new OpenIdAuthenticator();
+            _authenticator = new OpenIdAuthenticator(urlScheme);
             _authenticator.PlatformSpecificSetup();
             Application.deepLinkActivated += _authenticator.HandleDeepLink;
             _authenticator.SignedIn += OnSocialLogin;