You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 13, 2023. It is now read-only.
Is your feature request related to a problem? Please describe.
From what I can tell from the docs and examples, the current OAuth flow for SSO login is designed around web support and isn't ideal for mobile apps.
The standard mobile flow is:
Accept OAuth Prompt
Choose or Login to Account within a web dialog
Lastly, the OAuth redirect is typically a deep link to the app content, like appname://com.example.appname
Currently with Supabase Auth, the docs recommend use url_launcher to open the OAuth web page, and redirect to the site configured in the Supabase UI.
The supabase UI doesn't accept explicit app deep links as a valid redirect:
Its possible to have a website that does the redirect for you (example: https://github.com/MisterJimson/weak-plan-login-landing/blob/main/index.html), but this isn't secure implementation and results in a less than idea user experience. The user needs to leave your app and gets a strange prompt on a website. Also the tab is leftover in the user's browser, that they have to manually close later.
quick note here: I believe if the comma separated list (Additional Redirect URLs) contains whitespace, the item with whitespace does not work as a redirect (in my tests it falls back to the site url)
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Feature request
Proper Mobile OAuth Flows for Single Sign On
Is your feature request related to a problem? Please describe.
From what I can tell from the docs and examples, the current OAuth flow for SSO login is designed around web support and isn't ideal for mobile apps.
The standard mobile flow is:
![image](https://user-images.githubusercontent.com/7351329/117548164-72a7fd80-b001-11eb-9d33-9beb693983ac.png)
Accept OAuth Prompt
Choose or Login to Account within a web dialog
![image](https://user-images.githubusercontent.com/7351329/117548183-910df900-b001-11eb-8962-bf70d3b016bf.png)
Lastly, the OAuth redirect is typically a deep link to the app content, like
appname://com.example.appname
Currently with Supabase Auth, the docs recommend use url_launcher to open the OAuth web page, and redirect to the site configured in the Supabase UI.
The supabase UI doesn't accept explicit app deep links as a valid redirect:
![Screen Shot 2021-05-08 at 1 33 42 PM](https://user-images.githubusercontent.com/7351329/117548264-02e64280-b002-11eb-83bf-742a47488d64.png)
Its possible to have a website that does the redirect for you (example: https://github.com/MisterJimson/weak-plan-login-landing/blob/main/index.html), but this isn't secure implementation and results in a less than idea user experience. The user needs to leave your app and gets a strange prompt on a website. Also the tab is leftover in the user's browser, that they have to manually close later.
Here is a sample of that flow:
https://user-images.githubusercontent.com/7351329/117548393-c6671680-b002-11eb-9cc4-46c8b68c9cd8.mov
Describe the solution you'd like
A proper mobile oauth solution built in, similar to https://github.com/MaikuB/flutter_appauth/tree/master/flutter_appauth
Describe alternatives you've considered
Examples of alternatives above
The text was updated successfully, but these errors were encountered: