Document OAuth2 on react native

[ekryski]

It works and people have got it working but can make it easier or we should provide a guide.

@catalinmiron put together a gist showing how you can do it. We should just tighten it up a bit and add it to a guide.

[farwayer]

One note about @catalinmiron gist: it will trigger getTheDate() 3 times because title change also triggers onNavigationStateChange(). Didn't tested on iOS yet but on Android onNavigationStateChange() will be called with "", "http://.../auth/success#_=_" and "Feathers Authentication Success" titles for the same http://.../auth/success#_=_ url.

[catalinmiron]

This was testen only on iOS. About the get method, you might be right. It's a fast inplementation just to get an idea around oauth in react native. If you want I can make a full example with better code.

Sent from my iPhone

On 31 Mar 2016, at 16:01, farwayer notifications@github.com wrote:

One note about @catalinmiron gist: it will trigger getTheDate() 3 times because title change also triggers onNavigationStateChange(). Didn't tested on iOS yet but on Android onNavigationStateChange() will be called with "", "http://.../auth/success#=" and "Feathers Authentication Success" titles for the same http://.../auth/success#= url.

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub

[farwayer]

You can check if title is empty to prevent calling method several times.

It is working solution but not ideal. Some things I dislikes:

1. You need to enable REST provider on server. It is redundant if you are using sockets only
2. Native cookie module to get token
3. Checking state of WebView and hardcoded urls (/auth/facebook and /success)
4. Authentication via REST and then via socket
5. You must change server url in facebook app config every time you move featchers server to another ip/domain

I can propose more elegant way guys. But it may (and imho will) require modification of auth service to make it more flexible.
We can use internal mobile application url (or WebView state change as option) to get facebook response code and then send it via socket to feathers server. One (or two - see below) requests to our server only.

Scenario:

1. Add listener to Linking url event
2. Open WebView or even external browser with OAuth url (we can make url manually or request it from feathers server for more flexibility). We will use app scheme (myapp://auth) for redirect_url
3. Catch redirect params from Linking url callback
4. Send params via socket (or REST) to feathers server and get JWT token and user data from response

Pros:

1. REST not required
2. No external libs
3. No hardcoded server urls
4. Less browser redirects
5. One (or two) requests to feathers server only
6. Server url in facebook app config is app url and constant
7. Make things in more automatic way (without parsing cookies, checking WebView state)

Cons:

1. Config app url or checking WebView state

[sscaff1]

@farwayer can you post a simple example?

[sscaff1]

I see that to implement @farwayer suggestion it would take some changes to feathers. Here is another example for those looking for guidance on the issue.

https://github.com/sscaff1/hopePing/blob/master/src/scenes/LoginScene.js

It's very similar to @catalinmiron suggestion but CookieManager has since been updated. The above reflects the update. Also I avoid triggering this.authenticate multiple times by setting state immediately following getting my cookie values. Hope this helps.

EDIT: Also the above is an active side project for me so I will continue to work on and refine the code over the next few weeks (the above is 1 night of hacking). I'll try to write a blog about a final solution to this issue for others. Hope this helps @ekryski.

[muvhaus-sl]

Sscaff1 LoginScene is pretty accurate. It works as long as the provider supports WebViews.
This is no longer the case for Google OAuth2. If you try to launch using a WebView it returns an error message with:
403 Error
Dissalowed Agent

This became effective in September 2016 or so.

The method suggested by Farwayer, of using the App url scheme and the native browser seems to be the way to go.

[daffl]

This has also been improved in Feathers v4 authentication which allows to authenticate with an existing oAuth token the same way as with any other strategy (and without additional configuration necessary).

Please see the migration guide for more information. Closing this issue in order to archive this repository. Related issues can be opened at the new code location in the Feathers main repository.