Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

IITCm for Android: gapi.auth2.authorize limitation

See original GitHub issue

gapi.auth2.authorize looks ok to be used in IITC, using either the google ingress account or another google account. But, on android device, the webview seems to break the gapi auth process as long as we ask the user for a prompt (consent or select_account). Apparently, the google popup is forbidden to close itself nor to send data back to the original window.

I don’t know if this is some absolute limitation of android + gapi or if a solution exists. (android code or javascript). I explored javascript side without finding answer.

Example of authentication script (ask for a token)

// @author         jaiperdu
// @name           Authentication test
// @category       Misc
// @version        0.1.0
// @description    Simple authentication test


// use own namespace for plugin
window.plugin.authTest = function() {};

window.plugin.authTest.dialogHTML = null;

// web app client id with auth screen allowing https://intel.ingress.com as origin
window.plugin.authTest.CLIENT_ID = 'CLIENTID.apps.googleusercontent.com';

window.plugin.authTest.SCOPES = 'openid profile email';
window.plugin.authTest.TYPE = 'id_token permission';

window.plugin.authTest.authorize = function() {
  const options = {
    prompt: 'select_account', // or 'consent' (use 'none' for implicit auth if possible)
    client_id: this.CLIENT_ID,
    scope: this.SCOPES,
    response_type: this.TYPE
  };

  window.gapi.auth2.authorize(options, response => {
    if (response.error) {
      const err = `error: ${response.error}: ${response.error_subtype}`;
      alert(err);
      console.log(err);
      return;
    }

    alert(response.access_token);
    console.log(response.id_token, response.access_token);
  });
};

window.plugin.authTest.setupDialog = function() {
  $('#toolbox').append('<a id="authTest-authorize" onclick="window.plugin.authTest.authorize();">AuthTest</a> ');
};

var setup = function() {
  if (typeof window.gapi !== "undefined") {
    window.gapi.load("auth2", () => {
      window.gapi.auth2.enableDebugLogs(true);
    });
  }
  else {
    const script = document.createElement("script");
    script.type = "text/javascript";
    script.async = true;
    script.defer = true;
    script.src = "https://apis.google.com/js/platform.js";
    script.onload = () => {
      window.gapi.load("auth2", () => {
        window.gapi.auth2.enableDebugLogs(true);
      });
    };
    (document.body || document.head || document.documentElement).appendChild(
      script
    );
  }
  window.plugin.authTest.setupDialog();
};

related #277 #334

Issue Analytics

State:
Created 3 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

le-jeucommented, May 31, 2020

I found a workaround for android source. From https://stackoverflow.com/questions/23308601/android-open-pop-up-window-in-my-webview and https://stackoverflow.com/questions/23211722/window-close-not-working-in-android-webview (and some other I lost the track)

This is a PoC and aims simplicity (with the cost of safety). I almost have no idea what I am doing, but it works so far.

index 2f79167c..ab639de9 100644
--- a/mobile/app/src/main/java/org/exarhteam/iitc_mobile/IITC_WebChromeClient.java
+++ b/mobile/app/src/main/java/org/exarhteam/iitc_mobile/IITC_WebChromeClient.java
@@ -5,6 +5,7 @@ import android.content.ClipData;
 import android.content.Intent;
 import android.net.Uri;
 import android.os.Build;
+import android.os.Message;
 import android.webkit.ConsoleMessage;
 import android.webkit.GeolocationPermissions;
 import android.webkit.JsPromptResult;
@@ -210,4 +211,23 @@ public class IITC_WebChromeClient extends WebChromeClient {
         return new IITC_JsDialogHelper(IITC_JsDialogHelper.PROMPT, view, url, message, defaultValue, result)
                 .shouldInterrupt();
     }
+
+    @Override
+    public boolean onCreateWindow(WebView view, boolean isDialog,
+        boolean isUserGesture, Message resultMsg) {
+
+        IITC_WebView newWebView = new IITC_WebView(mIitc);
+        view.addView(newWebView);
+        WebView.WebViewTransport transport = (WebView.WebViewTransport) resultMsg.obj;
+        transport.setWebView(newWebView);
+        resultMsg.sendToTarget();
+
+        return true;
+    }
+
+    public void onCloseWindow(WebView w){
+        if (mIitc.getWebView() != w)
+            mIitc.getWebView().removeView(w);
+        Log.d("onCloseWindow");
+    }
 }
diff --git a/mobile/app/src/main/java/org/exarhteam/iitc_mobile/IITC_WebView.java b/mobile/app/src/main/java/org/exarhteam/iitc_mobile/IITC_WebView.java
index 8e6fa710..629550a9 100644
--- a/mobile/app/src/main/java/org/exarhteam/iitc_mobile/IITC_WebView.java
+++ b/mobile/app/src/main/java/org/exarhteam/iitc_mobile/IITC_WebView.java
@@ -51,6 +51,7 @@ public class IITC_WebView extends WebView {
         mIitc = (IITC_Mobile) c;
         mSettings = getSettings();
         mSettings.setJavaScriptEnabled(true);
+        mSettings.setSupportMultipleWindows(true);
         mSettings.setDomStorageEnabled(true);
         mSettings.setAllowFileAccess(true);
         mSettings.setGeolocationEnabled(true);

0reactions

le-jeucommented, Dec 26, 2020

I don’t know, I didn’t test against this It’s a weak relation

IITC is blocking popup while google uses ones in some cases.

after a second reading, the “Advenced Protection” looks like it needs the webview to access some device key that out of scope of this issue