-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Post iframe auth leaves "X SSO" frame on mobile app #2758
Comments
Can you check the docs? https://docs.rocket.chat/guides/developer/iframe-integration/authentication#iframe-url Thanks! |
Thanks @diegolmello We have now looked over the docs multiple times. Here is what we are observing: on the mobile app, a logged-in user sees the mobile browser version inside of a "SSO frame", as in the above screenshot. If the user selects "Logout", it immediately calls the URL set in in Accounts > IFrame > API URL, correctly receives a login token, and re-displays the browser homepage, in mobile mode, still within the SSO frame. The URL set in "iframe URL" does not appear to be called using this path. |
@diegolmello I can confirm this issue. In my scenario I have the SSO banner stay in the APP as well. iframe url: api url: if not logged in there is a link the user clicks to go to the login page of my application. After login, the user needs to click the X on the left top of the Rocket App and click login again in the Rocket App, after which the user is logged into the app. But the SSO banner stays on the top. So we are missing a step here, or not understanding a part of the documentation. I also had the issue #2342 before, but that went away magically, without me changing anything. |
@diegolmello I can send you a test account if you wish! |
I have figured out why the SSO banner stays in the screen, what happens is that my application does log in rocket chat, so you can see the UI. But that is just the mobile version of Rocket Chat and not what the Rocket Chat app does/shows. In the end firing |
I can confirm I can also see this, using a Keycloak identity provider registered as a custom Oauth provider. I also use iFrame integration to embed this site in an app, but also need to provide native mobile access. I can share settings here, if you need to see anything. |
@barrydegraaff Do you have examples of the code that you used to implement the login page? I'd be happy to write up any solutions, given it seems to be a common issue. As far as I can see the iframe settings and oauth are OK. It just doesn't seem to recognise that the login is coming from a mobile app and redirect back to that context properly - as you say, I see the logged in mobile view inside the login redirect. |
Here is my implementation:
https://github.com/Zimbra-Community/zimbra-rocket/blob/master/extension/src/tk/barrydegraaff/rocket/Rocket.java#L428
Especially for Mobile apps and the Destkop Electron apps I do some ugly
user agent sniffing:
https://github.com/Zimbra-Community/zimbra-rocket/blob/master/extension/src/tk/barrydegraaff/rocket/Rocket.java#L333
So in case the user uses a Mobile or Electron Desktop app, I serve a
custom very simple html form that takes the Rocket Chat credentials and
logs the user in. By doing it this way, the SSO banner goes away and the
App authenticates successfully.
In case the user is using a web browser on a laptop, the user sees a
link/button to log-in to my main application Zimbra, which will then
also log them onto Rocket Chat webui.
I think for anyone running into the issue of the SSO banner sticking in
the App or being served the mobile version of Rocket Chat inside the app
the trick to making it work is to only serve out minimal javascript and
a basic html form (even without real authentication of the user) and use
that as a starting point to debug and develop.
window.parent.postMessage is difficult to debug, if someone could
provides on how to debug that, it would help a lot, cause I think that
is where the problem was in my case. (it posted to some parent, but that
was not rocket chat)
…On 5/6/21 2:31 PM, Giles Dring wrote:
@barrydegraaff <https://github.com/barrydegraaff> Do you have examples
of the code that you used to implement the login page? I'd be happy to
write up any solutions, given it seems to be a common issue. As far as
I can see the iframe settings and oauth are OK. It just doesn't seem
to recognise that the login is coming from a mobile app and redirect
back to that context properly - as you say, I see the logged in mobile
view inside the login redirect.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2758 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABBGZPIFHKJAMRWR7AHYB4TTMKD3TANCNFSM4VTVU6KQ>.
|
Description:
We have a RC server that is configured to make use of Rocket Chat's iframe authentication. Everything is working when we use the browser. But in the mobile app, we have a frame at the top that reads "X SSO", that never goes away.
Environment Information:
Steps to reproduce:
Expected behavior:
The "X SSO" frame should go away.
Actual behavior:
Thanks!
The text was updated successfully, but these errors were encountered: