How to trigger custom URL scheme calls in an IAB window opened with _blank?

[heidji]

AFAIK URLs opened with '_blank' cannot trigger custom URL scheme calls, meaning that if the website I just opened would try to call back my app using "myapp://" but would fail because that browser doesn't grant this capability.

on the other hand, URLs opened with '_system' do enjoy this functionality, but sadly cannot be closed after ending their task with "ref.close()".

there is no point of having a close() method when the browser cannot provide feedback to the app.. when should the app know to close the browser? it can't even can't receive any kind of feedback using '_blank'.

How can I work around this?

[janpio]

I took the liberty to rewrite your feature request into a question on how to make this work. Please check if this still represents what you want to do, then I can maybe give you some input.

(Please open an additional issue for the feature request that was here - a short "I want close to work with _system" or similar should be enough, link to the other two issues for context.)

[heidji]

i honestly don't care how the browser is called or what it looks like, as long as it can call custom URL schemes and i can close it after then alles ist gut

[janpio]

I assume this means that my description of your usecase is still correct ;)

So:

You can react to specific URLs being opened in the IAB window in your code. Take this snippet as an example:

      const browser = window.cordova.InAppBrowser.open(
          url,
          "_blank",
          "location=yes,clearsessioncache=yes,clearcache=yes"
      );
      browser.addEventListener("loadstart", (event) => {
        if ((event.url).indexOf("http://localhost/callback") === 0) {

          browser.removeEventListener("exit", (event) => {});
          browser.close();

          // Here is some code that extracts a param from the full `event.url`
        }
      });
      browser.addEventListener("exit", function(evt) {
        reject("Sign in flow was canceled");
      });

Instead of http://localhost/callback you could probably look for myapp://, then have a deeper look at the URL and handle the deeplink yourself.

Of course this only works if myapp:// is actually your app. If it is a third party app, you would have to execute some code here that really opens myapp:// externally somehow - maybe via _system of the IAB now.

Could this work for you?

[heidji]

yes I suppose this could work, I will give it a go and let you know in a few days. it's. a bit cheating though :P

[janpio]

It's one solution for the problem that many OAuth configurations only accept valid URLs with http or https. And as you can't (or: shouldn't) just start a webserver on the device, this workaround is used by many, many apps.

[heidji]

@janpio it's a dead end for me, the vendor we work with seems to call our app using a POST request, meaning it can't be read by loadstart. any suggestions?

[janpio]

Huh, so the external flow does a POST to submit the data back to you? That's the first time I encounter that. Can you maybe share the vendor?
And a POST does not trigger loadstart?

Here are the available events: https://github.com/apache/cordova-plugin-inappbrowser#inappbrowseraddeventlistener

• Do you control the URL used for that last POST? Maybe you can set it to a non-existant one and use loaderror?
• Maybe try beforeload?

[heidji]

i tried everything, only event i get back is 'exit'.
i would rather not post the vendor address here because so far it only belongs to me, but i could send it to you directly if possible..

[janpio]

Sure, use my last name @gmail.com or "sujan" in the Cordova Slack at slack.cordova.io.

A super hacky (=awesome!) workaround: Create a simple script at a server you control as the return URL that accepts the POST, then redirects to a URL of your choice via GET with the same parameters - that you then can catch with loadstart.

[hapidjus]

Any updates on this? I need to be able to open a third party app from inside an iab window. I can't control the page opening the app.

[t19d]

I have the same issue. Does anybody know if this problem is fixed? Or any way to close the window when use "_system" after redirect with the custom scheme?