I am using one of those online application builders to build an android application. But from what i have researched, online application builders are used to build hybrid mobile applications. Since these are HTML files, they use the inApp browser and are rendered in WebView. So, My question is - Is webview/inApp Browser capable of remembering the session information? suppose I have users log into a website by displaying it in a webview. Will the users be still logged in if they visit the website a second time? When I test these applications in an online environment running inside a fully-fledged browser, the application seems to remember the user. I suspect this is because the test environment itself is contained within the browser which stores the session information. So, If a user was to sign into a website on a real device, will he/she be required to sign in every time the user launches an application? or will he/she remain signed in until sign out?
It depends on Which platform you are using to create app. Each online platform carries their own implementation policy.
Android provides Javascript Interface for interaction between javascript code in html and java code.
Is webview/inApp Browser capable of remembering the session information?
Yes,Session can be stored in app itself using javascript interface.
Environment of inApp Browser and External browser is total independent until cookies are used.
If a user was to sign into a website on a real device, will he/she be required to sign in every time the user launches an application?
Depends on implementation. If app is designed to save login session then user will not be asked to sign in again.
Check if the post domain matches the original domain
I had a similar issue that took me forever to debug.
One tip I would give to anyone with the same issue is to check where the form is being posted to.
For instance if you are loading domain.com and the form is posting to www.domain.com your app will be searching for the session data in domain.com but the session info will live in www.domain.com.
Make sure your origin and post domains match up
Took me many hours and many cups of coffee to figure out this seemingly simple issue.
Related
Since a few days, users of my android mobile application are getting a warning, because the app is using sensitive data.
My app requests the daily steps count from fitnessAPI to display it.
I have read that I should go through the verification process of the oauth screen.
But I do not really know what data I should put in it. It seems rather "web" oriented, because it asks me a application homepage link, and application privacy policy link.
I do not know what I should put in these fields for a mobile app.
Should I put a link to the google play store page of the application?
Or a link to my website that shows my work?
You need to have a registered domain to host these files
Preparing for verification
The code works properly from dev portal of microsoft. But can anyone please tell me how it should behave in following use case
Consider two apps: App1 and App2
I have developed same code and installed both apps simultaneously
App1 as launched first will ask me credentials for the webview. Thats fine. as I have not cache or already logged in till date.
Once I log in successfully, The apps works properly as auto login
Now when I open App2, it still throws me Login page. Ideally it should take cache of App1 and auto login.
Please note: I have provided same 'shared id' in both apps in manifest
Please let me know about thus as i am stuck with internal Single Sign on issue since long
I see you have tagged the question with ADAL, so I'll assume that's the library you're using. ADAL uses webviews to prompt for sign in. Webviews in Android do not share much state between apps, and are pretty much completely sandboxes (isolated and do not share session cookies, etc).
Now, you most definitely can achieve SSO for Android using ADAL, you have 2 options:
Brokered SSO
Using a broker application, like the Microsoft Authenticator, the end user basically signs in here such that they're able to maintain a session inside the Broker's sandbox. This allows any app that signs in Azure AD users to share state. The article linked above explains how to enable your app to use the broker.
Non-Brokered SSO
You can configure SSO between all of the apps you own. This means an end user will get SSO between App 1, App 2, App N, but not necessarily another App in the Azure AD ecosystem. The article linked above explains how to enable your app to use non-brokered SSO.
Bonus Option: v2 with MSAL
I said earlier ADAL uses webviews for sign in, there's another way to do it that the Microsoft Authentication Library (MSAL) supports using the system's browser. Quite simply, this uses the Chrome or a Chrome custom tab browser on the device rather than the in-app webview. Then, the session cookie is set on the global browser so any app that also uses the browser (or if the end user has used the browser natively to sign in) will get SSO. The stipulation here is MSAL works against the Azure AD v2.0 endpoint which has some limitations, but also supports some sign in with Microsoft Accounts (*.outlook, *.live, etc) out of the box.
If you're interested in trying v2 + MSAL, I recommend trying the Android Guided Walkthrough which walks you through how to build an app that calls the Microsoft Graph.
For my app, users are invited by email to join.
Currently, the link in the email is opening the web-browser to a page where the user creates his password. Then, the user has to install the app, open the app, and log in with his email and the password he created.
I am trying to make the process easier. I am thinking that in the invitation email, the link can point to "an app link". I know iOS has "Universal Links". The app will most probably not be installed, so on iOS, it will open the App Store app to install the app.
I am thinking to create the registration process in the app. But the issue is after the user installs and opens the app, the "app link" is lost.
The "App Store" app does not pass the original link to the app when the user opens the app first time after install.
Without the information from the link, I am not able to know in the app the email for which the user needs to create the password. I could ask the user for email also, but I was hoping not having to ask him about that.
I guess it's the same for Android.
Any thoughts how to make sign-up process easier?
EDIT: I chose a correct answer but to anybody who might be looking for an answer, I don't think Firebase or anyone else has a 100% reliable way of making a connection between the device where the link was clicked and the device where the app is installed. All the libraries are using some accuracy value and asks you to check it in code. If you think about it, it makes sense, because when the link is clicked and gets open (and that can be in any web-browser app) the JS code needs to compute some hash of the device and it will try to compare it to the hash of the device computed by the app's code when app is open after install.
You can use Firebase Dynamic Links to achieve this.
Please refer Firebase Dynamic Links
i think you have to use Webview for this
You can do this with Appsflyer SDK.
Checkout the documentation https://www.appsflyer.com/blog/app-installation-referral-conversion-tracking/
I have seen several flavours of this question going around but nothing exactly specific nor answered so trying it myself.
I am trying to build a Facebook login experience via the browser into my Facebook-based app that will require the users to not remember their passwords as much as possible. This means that if
they log in via their desktop browser and are already logged in, it will only ask them to 'OK' the permissions
they log in from their mobile browser and are logged in via their respective native app (Android/iOS), it will simply redirect them to the native app, ask for the app permissions and redirect them back to the success page on the browser
they log in from any browser and are not currently logged onto Facebook in any form, they have to enter their password and authenticate (whether natively or via browser this does not matter)
I know how the first can be done - that is pretty straightforward using the JS SDK. The second point is the tougher bit.
I am aware of existing custom URL schemes for Android and iOS but nothing specifically really mentions how that can be used for authentication and/or authorisation of Facebook apps. Does anyone have any ideas on how this can be done?
Thanks!
In iOS use iOS facebook SDK. It will handle the login process effectively in different situations depending on the resources available. Check out this answer to know about different login flows
Integrating facebook
You're looking for Single Sign On behavior- in Facebook, use the native SDK, and instructions for setting up SSO. It includes entering your bundle id in the settings and setting up a referring url name (the name of your app usually). So what happens is- if you launch safari mobile, and log into facebook. Then, launch your app, with good integrated SSO. Then, it won't require you to login/pass, because it knows you've authenticated via browser. Same with Android.
I think what you are looking for (at least for Android) is starting an Intent on certain schema that will open Facebook app.
This is answered here Android facebook intent to show profile with class com.facebook.katana.ProfileTabHostActivity doesn't work any more
I am making an app, with a very limited audience that logs into my mini website. It uses a HTTPS login dialog box though to access the site. How would I implement a setup where the user logs in with a username and password box on the first screen, submits the info with a button, which is used to log into the website, and then the user is taken to the next screen where there is a web viewer that is logged into and viewing the protected website.
This needs to be on Android and made in App Inventor, and I am quite clueless in programming, with little experience beyond hello world! :D I can string together some basic apps but here I am stumped. Please help! I just need some clear instruction really on what to do.
Though your question is nearly one year old, I pass you a solution in case you still require it. Like you I came accross the need of creating a login dialog in AppInventor and none of the solutions I found on the web met completely my idea so I decided to develop it on my own.
The solution can be used as a template for any new app and it provides the following functionalities:
Initial login window, with buttons allowing to register or remember password (by email)
User's information stored in a tinywebDB, with basic encryption for password
Integration with Google accounts, allowing the user to inform his google account instead of having to remember yet another password
Profile window, allowing the user to modify its setting after its registration
The sources are here. I've also created a tutorial on my website. And here is a real app using this template.