Skip to content

MoemenMostafa/cordova-plugin-sfauthenticationsession

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cordova Plugin SFAuthenticationSession

By Moamen Mostafa - @Moamen Mostafa

1. Description

Cordova Plugin for iOS 11 SFAuthenticationSession API.

2. Prerequisites

iOS SDK version 11+ (Important). The build will fail on SDK version 10 and below.

3. Background

Starting from iOS 11 Apple has stopped the session and cookies sharing between SFSafariViewController and Safari Browser and they introduced a new API called SFAuthenticationSession to manage authentications instead.

Before iOS 11 SFSafariViewController was used to accomplish the oAuth authentication but that created a security issue where the HTTP redirection happen after successful authentication was vulnerable to be hijacked by another application registering the same custom scheme.

Now this vulnerability is mitigated by the new API, SFAuthenticationSession, by 2 things:

  1. Asking the user for a permission to allow the application to access a certain domain.
  2. capturing the custom scheme redirection and send the location header back to the initiating application regardless of the custom scheme.

4. Installation

To install the plugin with the Cordova CLI from npm:

$ cordova plugin add cordova-plugin-sfauthenticationsession

5. Usage

You should detect first that the user is using iOS 11 and then us this plugin. To do so you should use the cordova device plugin

SFAuthSession.start(String([custom-scheme]),String([oAuth-URL]),[CallBack-Function],[errorCallBack-Function])

example

if (parseInt(device.version) >= 11 && device.platform == "iOS"){
    SFAuthSession.start("customScheme://","https://your-oauth-url",function(data){alert(data)},function(error){alert(error)})
}

6. References

7. License

MIT

About

Cordova Plugin for iOS 11 SFAuthenticationSession API

Resources

License

Stars

Watchers

Forks

Packages

No packages published