I am calling this API from a Chrome extension I'm developing inside of a popup context:
chrome.permissions.request({
origins: [`https://google.com/`]
}, console.log)
However, whenever Chrome asks the user via their native alert to allow or deny permissions, my extension popup is closed after Google's alert dismisses, so I cannot finish the signup flow.
If the user has already provided permission for this domain, the user isn't prompted, I get console.log(true) and my popup window does not close.
What am I doing wrong, and if nothing, is there a workaround for this issue?
I made an issue in Chromium, and their team is aware of the issue, at least. Hopefully will see released at some point!
My temporary fix is just to make *://*/ a required permission instead of optional. Then I don't need to request permissions from the user at runtime. Which tells the user "this extension can access all websites", but at least the UX isn't terrible.
Related
I have b2c_1_susi working. I am able to login. I'm using example code. However edit profile user flow is not working. I have the user flow created in the same fashion as susi. If I use redirect my app navigates back to home page. If I use popup, the popup comes up but then disappears. This is what I am getting in the console log.
Strangely, I ended up deleting and recreating the registration and it started working.
Make sure you add user attributes to your edit profile. You may already have user attributes on your sign up sign in profile but they do not get transferred over to the edit profile automatically
After upgrading Microsoft.Identity.Client within Xamarin.Forms from 1.x to 4.x, most things work much the same. However, login to iOS results in a popup that says:
"My App" Wants to Use "b2clogin.com" to Sign In
This allows the app and website to share information about you.
It's OK if user hits continue, but it's hardly seamless.
Supposedly it's associated with iOS 12, but that doesn't seem to be the trigger for me. There's a Microsoft article that says this is actually normal, stating:
On iOS, though, the user might have to give consent for the browser to call back the application, which can be annoying.
I found that it's possible to set .WithUseEmbeddedWebView(true) and this hides the URL as well as removing the popup, and this works with Facebook sign in, but Google sign in is a hard no.
There's the potential path of Universal Links instead of URL Schemes and Associated Domains.
Investigating that path, it appears that I simply need to set the URL https://myapp.b2clogin.com/.well-known/apple-app-site-association with the following JSON:
{
"webcredentials": {
"apps": [
"MYTEAMID.com.mycompany.myapp"
]
}
}
Unfortunately, I don't have control of that URL.
Any other ideas?
The short answer is -- it can't be done today as this alert pop-up is built into the iOS framework. Any authentication provider, library, etc. will trigger this alert if they use the ASWebAuthentication API in iOS
You can choose to use different embedded-browser pop-up APIs which do not cause this alert, however they will have sandboxed cookies and the user may not experience SSO. There is an MSAL docs page which discusses this in a bit more detail:
https://learn.microsoft.com/en-us/azure/active-directory/develop/customize-webviews
The best user experience:
I use ROPC for signIn only (native username/password fields or could be with biometry).
So I don't have any popup at simple Sign In.
For the rest I use commons Flows (Reset password, Google provider etc..)
that open the WebView with unfortunately the warning popup.
I'm testing edge cases for my chrome extension; handling cases where the user has not yet granted the permissions I need.
My popup calls chrome.identity.getAuthToken and, as expected, the user is show the chrome permissions screen and asked to approve.
But, as a side-effect, this closes my popup. I'd like to either keep the popup open, or re-open it after permission has been granted. Is this possible?
'Popup' is ambiguous.
A page action can be triggered dynamically using chrome.pageAction.show(integer tabId).
A browser action cannot.
I don't know about chrome.identity.getAuthToken but e. g. chrome.permissions.request does not close a page action.
I don't think there is a way to stop it closing either. E. g. a beforeUnload event listener does not seem to work.
Similar to this question, but in my case I am the web developer. How can I get the browser to ask the user again if they want to allow geolocation? I was hoping I could put some text in the page, something like, "This page's features are only available when geolocation services are active, but you have denied them for this site. Click here to try again."
I know how to change the browser to accept this, but how do I help the visitors to the page from any browser to simply turn it on at the click of a button.
What you are looking for is Permissions API. Unfortunately at the moment it only allows to get the status of a permission, and mandatory requesting a permission for given API is not supported in any browser.
An example would be if my extension overrides the newtab page and the user installs another extension that also overrides the newtab page. Currently, only one newtab extension shows up and it usually isn't mine.
What can I do to detect when such a conflict occurs and inform the user of such?
The management API doesn't tell me if the extensions override any pages, so I sadly can't use that.
This doesn't seem to be an exant feature of the API. I'd suggest you open a bug at http://crbug.com.
Failing that, you can perform the following nasty hack (which I haven't tested):
Have your new tab page send a message to your background page whenever it loads.
Listen for chrome.webNavigation.onBeforeNavigate events that deal with chrome://newtab:
chrome.webNavigation.onBeforeNavigate.addListener(function(details) {
/* send message */
}, { url: [{ urlEquals: 'chrome://newtab/' }] });
When webNavigation sees the browser load chrome://newtab but you don't see a message to your background page shortly afterwards, your new tab page is probably not being used. From there, you can send a notification, or open another tab/window with a notice.
Unfortunately, this requires the webNavigation permission, which is unfortunate if your extension doesn't otherwise need it. The warning that it carries ("This extension can access your tabs and browsing activity") might scare away some potential users, especially if there's no reason for it that is obvious to the user. (Then again, perhaps I'm being too optimistic about the security-conscientiousness of users.) If your extension currently uses the tabs API, then it already carries this notice anyway.