-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Webview integration #1262
Webview integration #1262
Conversation
…y-library-for-objc into jak/webview-integration
Modify other codes to accomodate changes.
…azure-activedirectory-library-for-objc into jak/automation-update
@@ -32,8 +33,8 @@ @implementation ADAutoWebViewController | |||
- (void)viewDidLoad | |||
{ | |||
[super viewDidLoad]; | |||
|
|||
self.webView.accessibilityIdentifier = @"ADAL_SIGN_IN_WEBVIEW"; | |||
self.webView = [[WKWebView alloc] initWithFrame:[[UIScreen mainScreen] bounds]]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is fixed in your other PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes it has
@property (retain, nonatomic) NSString *redirectUri; | ||
@property (retain, nonatomic) NSString *scopesString; | ||
@property (retain, nonatomic) ADUserIdentifier *identifier; | ||
@property (retain, nonatomic) NSString *claims; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Should we add claims and extra query parameters also into the initializer?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't use the initializer in the code, I will actually remove the initializer.
@@ -328,7 +328,7 @@ + (NSDictionary *)decryptBrokerResponse:(NSDictionary *)response correlationId:( | |||
} | |||
|
|||
//now compute the hash on the unencrypted data | |||
NSString *actualHash = [ADPkeyAuthHelper computeThumbprint:decrypted isSha2:YES]; | |||
NSString *actualHash = [MSIDPkeyAuthHelper computeThumbprint:decrypted isSha2:YES]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's funny that we have Sha2 computation only inside PkeyAuthHelper :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -301,7 +309,7 @@ - (void)requestToken:(ADAuthenticationCallback)completionBlock | |||
return; | |||
} | |||
|
|||
if (_silent && !_allowSilent) | |||
if (_silent) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume allow Silent was removed because it's only used in broker?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that is correct
|
||
if (error) | ||
{ | ||
ADAuthenticationResult *result = (AD_ERROR_UI_USER_CANCEL == error.code) ? [ADAuthenticationResult resultFromCancellation:_requestParams.correlationId] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we automatically fallback to interactive flow if it's a silent request (AD_PROMPT_AUTO scenario)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is already in interactive flow. I may be misunderstanding your question, so let's sync offline
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As settled in the offline discussion, this is strictly broker flow, thus we are fine with not having this logic.
ADAL/src/ui/ADWebAuthController.m
Outdated
{ | ||
MSID_LOG_VERBOSE(_requestParams, @"-webAuthDidFinishLoad host: %@", [ADAuthorityUtils isKnownHost:url] ? url.host : @"unknown host"); | ||
MSID_LOG_VERBOSE_PII(_requestParams, @"-webAuthDidFinishLoad host: %@", url.host); | ||
NSString *authorityWithOAuthSuffix = [NSString stringWithFormat:@"%@%@", context.authority, MSID_OAUTH2_AUTHORIZE_SUFFIX]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: shouldn't we have a common core or ADAL utility to compose this url?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is being addressed in AzureAD/microsoft-authentication-library-common-for-objc#130 ,
I will at least add some comment on this to update when the above PR is merged.
ADAL/src/ui/ADWebAuthController.m
Outdated
} | ||
|
||
// The user cancelled authentication | ||
- (void)webAuthDidCancel | ||
+ (NSDictionary *)dictFromQueryString:(NSString *)query |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: if this is still not available in common core, let's move this utility there
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good point, common core's utility needs revision I think.
Query params can have key-only value and our utility does not account for this.
ADAL/src/ui/ADWebAuthController.m
Outdated
|
||
+ (ADAuthenticationResult*)responseFromInterruptedBrokerSession | ||
- (void)cancelCurrentWebAuthSession |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
isn't this duplicate with line 121?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes and removed one of them.
@@ -289,7 +289,7 @@ - (IBAction)acquireTokenInteractive:(id)sender | |||
|
|||
if ([_acquireSettingsView isHidden]) | |||
{ | |||
[_webView.mainFrame loadHTMLString:@"<html><head></head><body>done!</body></html>" baseURL:nil]; | |||
[_webView loadHTMLString:@"<html><head></head><body>Done</body></html>" baseURL:nil]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very important change :)
@@ -29,7 +29,7 @@ | |||
@interface ADTestAppAcquireTokenWindowController : NSWindowController | |||
{ | |||
IBOutlet NSView* _authView; | |||
IBOutlet WebView* _webView; | |||
IBOutlet WKWebView* _webView; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WKWebView is not supported on older OS-s as IBOutlet (in storyboard). I think you might still be using WebView in storyboard or how can it work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Found a we minor telemetry issues and url opening issues. Please check them out before merging.
ADAuthenticationResult *result = [ADAuthenticationResult resultFromError:error correlationId:_requestParams.correlationId]; | ||
[result setCloudAuthority:_cloudAuthority]; | ||
completionHandler(result); | ||
return YES; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think telemetry event gets stopped in this case
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We stopped it in line 560 before coming in here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, I missed that line :)
[ADBrokerHelper promptBrokerInstall:[NSURL URLWithString:authResponse.appInstallLink] | ||
brokerRequest:brokerRequestURL | ||
completionHandler:completionHandler]; | ||
return YES; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think telemetry event gets stopped in this case
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We stopped it in line 560 before coming in here.
[MSIDAppExtensionUtil sharedApplicationOpenURL:browserURL]; | ||
}); | ||
|
||
[MSIDAppExtensionUtil sharedApplicationOpenURL:browserURL]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we shouldn't call sharedApplicationOpenURL twice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Woops, fixed! Removed the first one as this method will check the main queue later anyways.
|
||
MSIDWebOAuth2Response *oauthResponse = (MSIDWebOAuth2Response *)response; | ||
|
||
if (oauthResponse.authorizationCode) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: should we check if it's empty too? (msidIsNilOrEmpty)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be better handled at common,
AzureAD/microsoft-authentication-library-common-for-objc#223
ADAL/src/ui/ADWebAuthController.m
Outdated
#if TARGET_OS_IPHONE | ||
[_authenticationViewController setParentController:parent]; | ||
[_authenticationViewController setFullScreen:fullScreen]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did we remove the fullScreen functionality?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replaced it with presentationStyle. Also marked it deprecated.
|
||
IBOutlet NSView *_contentWebView; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: can we call it contentView or webviewContentView?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It has 2 "views", and still sound ugly :p thus, I refuse to change this
…y-library-for-objc into jak/webview-integration
…y-library-for-objc into jak/webview-integration
15a2cc2
to
8f99b58
Compare
No description provided.