Skip to content
This repository has been archived by the owner on May 13, 2023. It is now read-only.

Proper Mobile OAuth Flows for Single Sign On #20

Closed
MisterJimson opened this issue May 8, 2021 · 4 comments
Closed

Proper Mobile OAuth Flows for Single Sign On #20

MisterJimson opened this issue May 8, 2021 · 4 comments
Labels
enhancement New feature or request

Comments

@MisterJimson
Copy link

Feature request

Proper Mobile OAuth Flows for Single Sign On

Is your feature request related to a problem? Please describe.

From what I can tell from the docs and examples, the current OAuth flow for SSO login is designed around web support and isn't ideal for mobile apps.

The standard mobile flow is:
Accept OAuth Prompt
image

Choose or Login to Account within a web dialog
image

Lastly, the OAuth redirect is typically a deep link to the app content, like appname://com.example.appname

Currently with Supabase Auth, the docs recommend use url_launcher to open the OAuth web page, and redirect to the site configured in the Supabase UI.

The supabase UI doesn't accept explicit app deep links as a valid redirect:
Screen Shot 2021-05-08 at 1 33 42 PM

Its possible to have a website that does the redirect for you (example: https://github.com/MisterJimson/weak-plan-login-landing/blob/main/index.html), but this isn't secure implementation and results in a less than idea user experience. The user needs to leave your app and gets a strange prompt on a website. Also the tab is leftover in the user's browser, that they have to manually close later.

Here is a sample of that flow:
https://user-images.githubusercontent.com/7351329/117548393-c6671680-b002-11eb-9cc4-46c8b68c9cd8.mov

Describe the solution you'd like

A proper mobile oauth solution built in, similar to https://github.com/MaikuB/flutter_appauth/tree/master/flutter_appauth

Describe alternatives you've considered

Examples of alternatives above
@MisterJimson MisterJimson added the enhancement New feature or request label May 8, 2021
@MisterJimson
Copy link
Author

Additionally ProviderOptions redirectTo seems to have no effect.

@awalias
Copy link
Member

awalias commented May 10, 2021
edited
Loading

this has been implemented on the auth backend and we have an internal ticket open for adding this to the dashboard: linking here for the team https://github.com/supabase/infrastructure/issues/959

@awalias
Copy link
Member

awalias commented May 13, 2021

you can now add this in the additional auth redirect but make sure you add the exact URI (including protocol and path) reverse URIs are also accepted

make sure you add the query param redirect_to or the Referer header to the URI in the SignIn request

image

@awalias awalias closed this as completed May 13, 2021
@awalias awalias mentioned this issue May 19, 2021
Closed
@jpstrikesback
Copy link

jpstrikesback commented May 28, 2021
edited
Loading

quick note here: I believe if the comma separated list (Additional Redirect URLs) contains whitespace, the item with whitespace does not work as a redirect (in my tests it falls back to the site url)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jpstrikesback @awalias @MisterJimson