fix(iOS): use ASWebAuthenticationSession instead of WKWebView for login#11
fix(iOS): use ASWebAuthenticationSession instead of WKWebView for login#11tdhooghe wants to merge 2 commits into
Conversation
tdhooghe
force-pushed
the
fix/use-aswebauthenticationsession-for-login
branch
from
dce83ee to
d89a88f
Compare
|
@i2h3 @mpivchev — would appreciate your review on this. @mpivchev: this applies the same @i2h3: the change is encapsulated in a single new |
tdhooghe
force-pushed
the
fix/use-aswebauthenticationsession-for-login
branch
5 times, most recently
from
326ae0d to
34d8f9b
Compare
WKWebView silently fails to complete cross-domain OIDC redirects (e.g. when Nextcloud delegates authentication to an external IdP like Authentik). The user authenticates successfully on the IdP side, but WKWebView drops the callback redirect back to the Nextcloud origin, leaving the login flow stuck in a polling loop that never resolves. Replace WKWebView with ASWebAuthenticationSession on iOS via a new LoginSheet view modifier that encapsulates the platform difference: - iOS: ASWebAuthenticationSession (system browser, handles OIDC/passkeys) - macOS: WKWebView sheet (unchanged behavior) ServerAddressView is now platform-agnostic — it just sets isPresented and the modifier does the right thing per platform. Credentials continue to be obtained via the host app's existing polling mechanism. Ref: nextcloud/ios#3996 (same fix applied to the main iOS app) Signed-off-by: Thomas Dhooghe <61279337+tdhooghe@users.noreply.github.com>
tdhooghe
force-pushed
the
fix/use-aswebauthenticationsession-for-login
branch
from
34d8f9b to
acfa573
Compare
i2h3
left a comment
i2h3
left a comment
There was a problem hiding this comment.
Looks fine to me, though I have only reviewed the code changes and did not test it in context of the iOS apps. Please verify, @mpivchev and @marinofaggiana.
|
I need to test this with iOS Files and if possible replace the UIKit login with this. Will update soon. |
|
@mpivchev You can also test it with Nextcloud Notes for iOS which uses this already. |
tdhooghe
force-pushed
the
fix/use-aswebauthenticationsession-for-login
branch
from
ddc0764 to
41798f7
Compare
Signed-off-by: Thomas Dhooghe <61279337+tdhooghe@users.noreply.github.com> Made-with: Cursor
tdhooghe
force-pushed
the
fix/use-aswebauthenticationsession-for-login
branch
from
41798f7 to
a51116f
Compare
|
@i2h3 that was indeed the app that caused me to raise this PR 🙂 |
3 participants
Summary
WKWebViewsilently fails to complete cross-domain OIDC redirects when Nextcloud delegates authentication to an external Identity Provider (e.g. Authentik, Keycloak, Azure AD). The user authenticates successfully on the IdP, but WKWebView drops the callback redirect back to the Nextcloud origin, leaving Login Flow v2 stuck in a polling loop that never resolves.This PR replaces
WKWebViewwithASWebAuthenticationSessionon iOS for the login flow.ASWebAuthenticationSessionuses the system browser which properly handles:Credentials continue to be obtained via the host app's existing polling mechanism — no changes to the polling API.
macOS retains the
WKWebViewsheet sinceASWebAuthenticationSessionbehaves differently on that platform.Changes
LoginSheet.swift(new): AViewModifierthat encapsulates the platform difference —ASWebAuthenticationSessionon iOS,WKWebViewsheet on macOS. The session is held in@Statefor proper lifetime management, and cancelled automatically whenisPresentedflips tofalse(e.g. when polling succeeds), so the system browser sheet doesn't linger. Includes a privateSessionCoordinatorfor the presentation anchor.ServerAddressView.swift: Replaced.webSheet(...)with.loginSheet(...). The view is now fully platform-agnostic —beginWebView()just sets state; the modifier handles presentation. No new#if os()blocks introduced.Context
This is the same approach taken in the main Nextcloud iOS app (nextcloud/ios#3996), adapted for the shared SwiftNextcloudUI package. All third-party apps consuming this package (Notes, Deck, Talk, etc.) will benefit from this fix.
Closes #10
Test plan