Weird login behaviour using Azure AD B2C with Xamarin iOS - xamarin.forms

We have a Xamarin Forms app that uses Azure AD B2C for login. I have followed this example code https://github.com/Azure-Samples/active-directory-b2c-xamarin-native
The Android version works perfectly. The workflow is seamless and works as expected.
On the iOS version we are getting some weird behaviour though.
Here is the flow on the iOS version of the app.
User launches the app and is presented with the Azure AD B2C login screen (correct)
User enters their credentials (correct)
The app redirects the user back to the login screen (with the username and password fields blank) (wrong)
After a few seconds the app then logs them in and navigates them to the main screen
After entering their credentials the user should be immediately navigated to the app main screen, NOT back to the login screen.
Once they are logged in, subsequently launching the app correctly logs them in. The problem is only on first login.
I can't seem to find any help on this anywhere. Is it the Safari browser, the token cache, something else? The code and workflow are correct as the Android version works perfectly, so it's something specific to the iOS app.
UPDATE
After some investigation it seems that this method may be causing the issue.
public override bool OpenUrl(UIApplication app, NSUrl url, NSDictionary options)
{
AuthenticationContinuationHelper.SetAuthenticationContinuationEventArgs(url);
return true;
}
According to the docs
this logic is meant to ensure that once the interactive portion of the
authentication flow is concluded, the flow goes back to MSAL
But it doesn't. It redirects the user back to the OnAppearing() method of the login page where it attempts (again) to acquire a token (which it does).
Is there any way to fix the behaviour of this method?
AuthenticationContinuationHelper.SetAuthenticationContinuationEventArgs(url)
UPDATE2
Here is the login code (simplified for clarity)
protected override async void OnAppearing()
{
base.OnAppearing();
// Check to see if we have a User in the cache already.
try
{
IEnumerable<IAccount> accounts = await AuthenticationService.PCA().GetAccountsAsync();
var account = this.GetAccountByPolicy(accounts, ApplicationConstants.SignUpSignInPolicy);
AuthenticationResult ar = await AuthenticationService.PCA().AcquireTokenSilentAsync(ApplicationConstants.Scopes, account, ApplicationConstants.Authority, false);
}
catch (Exception)
{
// Doesn't matter, we go in interactive mode
this.OnSignIn();
}
}
private async void OnSignIn()
{
try
{
IEnumerable<IAccount> accounts = await AuthenticationService.PCA().GetAccountsAsync();
var account = this.GetAccountByPolicy(accounts, ApplicationConstants.SignUpSignInPolicy);
AuthenticationResult ar = await AuthenticationService.PCA().AcquireTokenAsync(ApplicationConstants.Scopes, account, App.UiParent);
}
catch (Exception ex)
{
InstanceManager.LoggingHelper().TrackError(ex);
// Checking the exception message
// should ONLY be done for B2C
// reset and not any other error.
if (ex.Message.Contains("AADB2C90118"))
{
this.OnPasswordReset();
}
else
{
await DisplayAlert(StringConstants.ExceptionText, StringConstants.AuthenticationError, StringConstants.CloseDialog);
this.OnSignIn();
}
}
}

Related

iOS Push Notifications with Azure Notification Hub

I am having absolutely no luck getting push notifications to work in iOS in a Xamarin Forms project.
In AppDelegate.cs, I am calling the following in the FinishedLaunching override:
MSNotificationHub.Start("Endpoint=sb://[redacted].servicebus.windows.net/;SharedAccessKeyName=DefaultListenSharedAccessSignature;SharedAccessKey=[redacted]",
"[redacted]");
After the user logs in further in the app lifecycle, I also register the user with their user tag as follows:
public async Task UpdateTags(string token)
{
await Task.Run(() =>
{
try
{
// No point registering tags until the user has signed in and we have a device token
if (CurrentAccount == null)
{
Console.WriteLine($"UpdateTags cancelled: Account is null");
return;
}
var tag = $"user:{CurrentAccount.UserName}";
Console.WriteLine($"Registering tag: {tag}");
MSNotificationHub.AddTag(tag);
}
catch (Exception e)
{
Console.WriteLine($"Error registering tag: {e.ToString()}");
}
});
}
I have properly configured the Apple (APNS) settings in the notification hub, using the Token authentication mode (verified the four fields several times). The certificate (signing identity) is "iOS Distribution", the identifier bundle matches exactly what I have in the configuration (not using wildcard), the key has Apple Push Notifications service (APNs) enabled, and the provisioning profile has Platform: iOS and Type: App Store.
I pushed the application to TestFlight, as I don't have access to a physical Mac (we use a Cloud mac for development). When I view the device logs from my personal iPhone with the app installed, I see the following when I run it:
<Notice>: Registered for push notifications with token: [redacted]
<Notice>: Registering tag: user:[redacted]
There are no instances of "Error registering tag" or "UpdateTags cancelled" in the logs at all, which tells me that the method calls are succeeding without an exception. However, when I attempt to send a test notification to either a blank/empty tag, or the specific tag for my test user, no notifications are received and the messaging simply shows "Message was successfully sent, but there were no matching targets."
Also, when I pull all of the registrations with var registrations = await hub.GetAllRegistrationsAsync(0);, I only see the FCM (Firebase/Android) registrations from my successful testing on the Android side of things.
I am at a complete loss and have hit a wall, as there are no exceptions being thrown, and seemingly no way to troubleshoot what is going on behind the scenes.
This is also my 2nd attempt - I was using a more complex SBNotificationHub implementation and had the same results - no exceptions and everything looked fine at face value.
Thanks to a comment pointing to another question, I have determined that all I needed to do was to ensure that my tag registration ran on the main UI thread. My updated code below is working:
public async Task UpdateTags(string token)
{
await Task.Run(() =>
{
Device.BeginInvokeOnMainThread(() =>
{
try
{
// No point registering tags until the user has signed in and we have a device token
if (CurrentAccount == null)
{
Console.WriteLine($"UpdateTags cancelled: Account: {Trico.OrbitalApp.App.CurrentAccount};");
return;
}
var tag = $"user:{CurrentAccount.UserName}";
Console.WriteLine($"Registering tag: {tag}");
MSNotificationHub.AddTag(tag);
}
catch (Exception e)
{
Console.WriteLine($"Error registering device: {e.ToString()}");
}
});
});
}
You can try implementing the MSInstallationLifecycleDelegate interface which will allow you to check and see if the installation is being saved on the back end with either success or failure.
// Set a listener for lifecycle management
MSNotificationHub.SetLifecycleDelegate(new InstallationLifecycleDelegate());
// Implementation of the lifecycle listener.
public class InstallationLifecycleDelegate : MSInstallationLifecycleDelegate
{
public InstallationLifecycleDelegate()
{
}
public override void DidFailToSaveInstallation(MSNotificationHub notificationHub, MSInstallation installation, NSError error)
{
Console.WriteLine($"Save installation failed with exception: {error.LocalizedDescription}");
}
public override void DidSaveInstallation(MSNotificationHub notificationHub, MSInstallation installation)
{
Console.WriteLine($"Installation successfully saved with Installation ID: {installation.InstallationId}");
}
}

Firebase gets logged out after long time in Flutter Web

I'm developing a web app and I use Firebase Authentication for the authentication service.
The project seems to store the authentication, since if I refresh the page, or close the browser, the user is still logged in.
However I noticed that if I don't access the app for a long time (more than 1 hour, after the night for example), the authentication gets lost.
I don't know how to debug this and how to solve this.
Following some snippets of code to better understand my implementation:
This is the function I have in my startup view to redirect the user to the right page based on auth status.
bool isUserLoggedIn() {
var user = _firebaseAuth.currentUser;
return user != null;
}
void handleStartupBasedOnAuthStatus() {
Future.delayed(const Duration(milliseconds: 1000), () async {
bool loggedInShared =
await sharedPreferences.getBoolSharedPreferences("loggedIn");
if (isUserLoggedIn() || loggedInShared) {
String ruoloValue =
await sharedPreferences.getSharedPreferences('ruolo');
(ruoloValue == Ruolo.ADMIN)
? navigationService.replaceWith(Routes.admin)
: navigationService.replaceWith(Routes.messages);
} else {
navigationService.replaceWith(Routes.login);
}
});
}
In the following function I call the onAuthStateChange to set sharedpreferences accordingly. I have the check on the timestamp because I noticed that it is triggered more time once the page is refreshed.
void listenToAuthChangesSharedPref() {
FirebaseAuth.instance.authStateChanges().listen((firebaseUser) async {
var datetimeNow = (DateTime.now().millisecondsSinceEpoch);
String oldDatetimeString =
await sharedPreferences.getSharedPreferences('previous_timestamp');
if (oldDatetimeString != null) {
var oldDatetime = (new DateTime.fromMillisecondsSinceEpoch(
int.parse(oldDatetimeString)))
.millisecondsSinceEpoch;
if (datetimeNow - oldDatetime > 1000) {
if (firebaseUser == null) {
await sharedPreferences.setBoolSharedPreferences('loggedIn', false);
} else {
await sharedPreferences.setBoolSharedPreferences('loggedIn', true);
}
await sharedPreferences.setSharedPreferences(
'previous_timestamp', datetimeNow.toString());
}
} else {
if (firebaseUser == null) {
await sharedPreferences.setBoolSharedPreferences('loggedIn', false);
} else {
await sharedPreferences.setBoolSharedPreferences('loggedIn', true);
}
await sharedPreferences.setSharedPreferences(
'previous_timestamp', datetimeNow.toString());
}
});
}
My question is: is possible that after long time currentUser and also the onAuthStateChanges gets called and the user is not logged in?
Persisting authentication state#
The Firebase SDKs for all platforms provide out of the box support for ensuring that your user's authentication state is persisted across app restarts or page reloads.
On native platforms such as Android & iOS, this behaviour is not configurable and the user's authentication state will be persisted on-device between app restarts. The user can clear the apps cached data via the device settings which will wipe any existing state being stored.
On web platforms, the user's authentication state is stored in local storage. If required, you can change this default behaviour to only persist authentication state for the current session, or not at all. To configure these settings, call the setPersistence() method (note; on native platforms an UnimplementedError will be thrown):
// Disable persistence on web platforms
await FirebaseAuth.instance.setPersistence(Persistence.NONE);
for more info:
for more info:

Xamarin Forms iOS - Saving a user tag in Azure Notification Hubs works in AppDelegate but not in a service

I'm currently trying to get push notifications working for my mobile app using Azure Notification Hubs. Android is working fine and the initial iOS set up in AppDelegate works ok with a sample tag.
public override void RegisteredForRemoteNotifications(UIApplication application, NSData deviceToken)
{
if (deviceToken == null)
{
return;
}
SBNotificationHub hub = new SBNotificationHub(CommonConstants.LISTEN_CONNECTION_STRING, CommonConstants.NOTIFICATION_HUB_NAME);
// update registration with Azure Notification Hub
hub.UnregisterAll(deviceToken, async (error) =>
{
if (error != null)
{
System.Diagnostics.Debug.WriteLine($"Unable to call unregister {error}");
return;
}
string[] tags = new[] { "iostestpush" };
NSSet userTags = new NSSet(tags);
hub.RegisterNative(deviceToken, userTags, (error) =>
{
if (error != null)
{
System.Diagnostics.Debug.WriteLine($"Unable to call register {error}");
return;
}
});
var templateExpiration = DateTime.Now.AddDays(120).ToString(System.Globalization.CultureInfo.CreateSpecificCulture("en-US"));
hub.RegisterTemplate(deviceToken, "defaultTemplate", CommonConstants.APN_TEMPLATE_BODY, templateExpiration, userTags, (errorCallback) =>
{
if (errorCallback != null)
{
System.Diagnostics.Debug.WriteLine($"RegisterTemplateAsync error: {errorCallback}");
}
});
});
}
The issue I'm having is I need to register the UserId after a successful login. So I set up a service with the above code, saved the token to the device as string so it can be retrieved in the service and turned back into an NSData token
NSData deviceToken = new NSData(token, NSDataBase64DecodingOptions.None);
After a successful login I send the token string and the tag array to my service.
string[] userTag = new[] { loginResponse.UserId.ToString() };
await this._azureReg.SendRegistrationToServer(deviceToken, userTag);
Which, other than turning the token back into NSData and the user tag into an NSSet, is the same as above other than the name change. But Azure is claiming there is no registration even though my output shows
Registered for push notifications with token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I thought it was the string conversion back and forth, so tested that in the AppDelegate and it worked fine.
So, I'm at a loss at how to register the UserId after a successful login and why it works in one place but not the other.
I hope that's clear and thanks for any advice in advance.
You probably ran into the same bug as me and several others.
Basically SBNotificationHub method overloads like UnregisterAll and RegisterTemplate with the callback signature do not work when you use them off the main thread, using the libraries to date. I was also using a Service for the same purpose (to handle push across platforms with different tags, especially for user id) but my implementation involved switching off the main thread for this.
The bug we logged and is now being addressed is here: https://github.com/Azure/azure-notificationhubs-ios/issues/95
The solution, for now, is to ditch SBNotificationHub completely. The Xamarin / Azure documentation is out of date, and SBNOtificationHub is legacy code. The recommended library is MSNotificationHub. https://github.com/azure/azure-notificationhubs-xamarin
As workarounds you can use the SBNotificationHub method overloads that do not involve callbacks (they return an error message instead) or the workaround in the 95 issue above.

IAP items not showing using the Xamarin IAP nuget package

I have two IAPs set up on for my iOS app on iTunes Connect. All of the information is in there and they marry up to what I have set for Android. On iTunes, they are set as non-renewing subscriptions (mainly as this is what the review said they should be). There are no errors shown on the IAP screen and have been submitted for review (this makes no difference, the ones I had there previously didn't show either)
I'm using the Xamarin In App Purchase nuget package to get this working. When I run the app on Android, the packages show correctly. When I run the same code on iOS, nothing is showing.
I have a user set on the sandbox and have followed the instructions on the iTunes website on logging out of the store, but I'm seeing nothing - it's not even asking me to log into the store.
My code for interrogating the store is this
async Task<List<InAppBillingProduct>> GetItems()
{
var billing = CrossInAppBilling.Current;
try
{
var productIds = new string[] { "monthly_renewals", "yearly_subscriptions" };
//You must connect
var connected = await billing.ConnectAsync();
if (!connected)
{
//Couldn't connect
return new List<InAppBillingProduct>();
}
//check purchases
var items = await billing.GetProductInfoAsync(ItemType.Subscription, productIds);
return items.ToList();
}
catch (InAppBillingPurchaseException)
{
return new List<InAppBillingProduct>();
}
catch (Exception)
{
return new List<InAppBillingProduct>();
}
finally
{
await billing.DisconnectAsync();
}
}
It makes no difference if I set the ItemType to Subscription or InAppPurchase. All of the licences on iTunesConnect are correct, IAP is set to work in the provisioning profile too.
Given the store isn't asking for a login for the sandbox user, I'm wondering if something else needs to be done - I just don't know what.

How to use DotNetOpenAuth to login to websites?

I want to do is, if the users are logged into gmail and if they go to my website they automatically get logged in.
I am doing it in the following way... maybe there is a better way of doing it.
In my website I have a place for uses to give their gmail address so my website knows gamil address of the registered user.
So when they go to my website I want to know whether they are logged into gmail and what is their gmail address.
How should I find this information using DotNetOpenAuth?
I found following code from the web and it is authenticating the user. But i have to press the button and go to gmail login every time.
if the user is already using gmail I don’t have to ask the user for login i can use it.
How do i modify this code to achieve that?
static string openidurl = "https://www.google.com/accounts/o8/id";
protected void Page_Load(object sender, EventArgs e)
{
//The Response
OpenIdRelyingParty openid = new OpenIdRelyingParty();
var response = openid.GetResponse();
if (response != null)
{
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
var fetch = response.GetExtension<FetchResponse>();
string email = "";
if (fetch != null)
{
email = fetch.GetAttributeValue(WellKnownAttributes.Contact.Email);
}
break;
}
}
}
protected void Button1_Click(object sender, EventArgs e)
{
using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
{
IAuthenticationRequest request = openid.CreateRequest(openidurl);
var fetch = new FetchRequest();
fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
request.AddExtension(fetch);
// Send your visitor to their Provider for authentication.
request.RedirectToProvider();
}
}
It sounds like what you're asking for is "single-sign-on", where a visitor to your site who is already logged into Google is immediately logged into your site when they first visit it, rather than after clicking a "Google Login" button on your site.
The short answer is you can't do this. The longer answer is that you can get close.
The first and hard restriction is that first-time visitors to your site will never get automatically signed in, because Google and the user don't yet trust your site. Every user has to explicitly log in once, with Google asking the user "do you want to log into this site and remember this choice?" If they say yes, then in the future when the user is already logged into Google and visits your site, they can click the Google Login button on your site and they'll never see Google -- they'll just be immediately logged into your site.
So the next question is how do you remove the requirement on the user to click "google Login". You can accomplish this by when an unauthenticated user visits your site, you can immediately redirect them to your log in page, which will immediately initiate the "Google Login" flow (the OpenIdRelyingParty.CreateRequest(google).RedirectToProvider() call), using "immediate mode". This will fail if the user isn't logged into Google and trust your site, but the impact will be the user won't see a Google login screen if they do trust your site, but will rather be immediately logged in.
You might find my answer useful: What OpenID solution is really used by Stack Overflow?
I've also made a simple blog post about it: http://codesprout.blogspot.com/2011/03/using-dotnetopenauth-to-create-simple.html
My examples are with MyOpenID, but gmail should work the same way. The OpenID provider basically takes care of the log in, including the case when they're already logged in with the provider.
Update:
In an ASP.NET (in this case ASP.NET MVC) application you would create a cookie when the user is successfully logged in and you would check the cookie to determine if the user is logged in. As I said, please see the links above for detailed code examples and an explanation of how it all works. Here are two code samples from the Controller where I demonstrate how to check if the user is logged in:
// **************************************
// URL: /User/LogIn
// **************************************
public ActionResult LogIn()
{
if (User.Identity.IsAuthenticated) // <--- CHECKS IF THE USER IS LOGGED IN
{
return RedirectToAction("Profile", "User");
}
Identifier openID;
if (Identifier.TryParse(Request.QueryString["dnoa.userSuppliedIdentifier"], out openID))
{
return LogIn(new User { OpenID = openID }, Request.QueryString["ReturnUrl"]);
}
else
{
return View();
}
}
[HttpPost]
public ActionResult LogIn(User model, string returnUrl)
{
string openID = ModelState.IsValid?model.OpenID:Request.Form["openid_identifier"];
if (User.Identity.IsAuthenticated)//<--- CHECKS IF THE USER IS LOGGED IN
{
return RedirectToAction("Profile", "User");
}
else if (!string.IsNullOrEmpty(openID))
{
return Authenticate(openID, returnUrl);
}
else if(ModelState.IsValid)
{
ModelState.AddModelError("error", "The OpenID field is required.");
}
// If we got this far, something failed, redisplay form
return View(model);
}

Resources