如果使用Webview完成身份验证，如何使用Intent过滤器处理OAuth URL回调? [英] How to handle OAuth URL callbacks with Intent filters if authentication is done with webview?

问题描述

我正在开发一个使用OAuth进行身份验证的应用，但是在处理OAuth回调时遇到了一些问题.

I am developing an app which uses OAuth for authentication but I have a little problem handling OAuth callbacks.

身份验证

我的应用程序的登录屏幕为 webview ，并为我提供了一个URL，以将 auth表单加载到我的webview中.假设网址是:

My app has a webview as the login screen and I am given a url to load the auth form in my webview. Let's say that the url is :

https://myoauthhost.com/oauth/auth?response_type=code&client_id=XXXXXXX&redirect_uri=YYYYYYYY&scope=ZZZZZZZZZZ

，在auth活动(AuthActivity.java)中，我具有以下内容:

and in the auth activity (AuthActivity.java), I have the following :

    String authURL = https://myoauthhost.com/oauth/auth?response_type=code&client_id=XXXXXXX&redirect_uri=YYYYYYYY&scope=ZZZZZZZZZZ
    myWebView.loadUrl(authURL);

在manifest.xml中，我有以下用于oauth回调处理的方法:

in the manifest.xml, I have the following for oauth callback handling :

<activity
            android:name=".AuthActivity"
            android:label="@string/app_name"
            android:screenOrientation="portrait" >

            <intent-filter>
                <action android:name="android.intent.action.VIEW" />

                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />

                <data
                    android:host="authprovider"
                    android:scheme="auth" />
            </intent-filter>
</activity>

问题

此网址在webview中使用(通过loadURL()方法)时，将重定向到另一个包含 REAL OAUTH WEB FROM 的网址(应在webview中加载).问题在于，此重定向在Android中自动启动意图选择:由于该网址应由网络浏览器处理，因此Android允许您选择以下一种可用的网络浏览器:手机打开网址.

This url when used in the webview (with loadURL() method) redirects to another url containing the REAL OAUTH WEB FROM (that should be loaded in the webview). The problem is that this redirection launches automatically the intent selection in Android : since the URL should be handled by a web browser, Android lets you choose one of the available web browser on the phone to open the url.

由于这不是我想要的，因此我必须包含以下代码，以便在Webview中处理重定向，但不会启动Web浏览器(或其他):

Since this is not what I want, I have to include the following code so that the redirection is handled within the webview but does not launch a web browser (or whatever) :

myWebView.setWebViewClient(new WebViewClient());

因此，使用此代码，可以在"webview内"处理重定向，并且显示登录屏幕.

so with this code, the redirection is handled "within the webview" and I have the login screen displayed.

然后我可以输入凭据(例如:通过Twitter的oauth)，但是在完成身份验证后，会收到回调，但随后应该处理回调的活动(配置为在清单中接收回调的AuthActivity)是没有推出.取而代之的是，我在Web视图中显示了一条消息，指出找不到URL回调(在本例中为:清单中配置的authprovider://auth/XXX?xxx = yyy).

I can then enter the credentials (e.g : oauth via Twitter) but when the authentication is done, the call back is received but then the activity which is supposed to handle the callback (AuthActivity configured to receive callback in the manifest) is not launched. Instead, I have the webview displaying a message saying that the url callback (in our case : authprovider://auth/XXX?xxx=yyy as configured in the manifest) can not be found.

原因可能是以下代码:

myWebView.setWebViewClient(new WebViewClient());

前面介绍的

告诉Android，Web视图可以处理所有内容.因此，现在，由于回调网址不是Web网址，因此它很难处理它，甚至无法启动可以处理它的意图.

introduced earlier, tells Android that the webview handles everything. So now, since the callback url is not a web url, it has trouble to handle it and can not even launch the intent which can handle it.

问题

我该如何解决这个问题? 我应该能够让活动处理回调，但不能让Webview尝试加载它.

How can I solve this problem ? I should be able to let the activity handle the callback but not let the webview try to load it.

任何帮助将不胜感激

预先感谢

推荐答案

首先，在清单中，将这些属性设置为启动WebView的活动

First of all in your manifest, set these properties to your activity that launches the WebView

android:launchMode="singleInstance" 

并向其中添加一个意图过滤器

and add an intent filter to that as

<intent-filter>
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
    <data android:scheme="oauth-testing" />
</intent-filter>

然后，当用户单击登录按钮时，在代码中

then in your code when the user clicks on the login button

mReqToken = mTwitter.getOAuthRequestToken(CALLBACK_URL);
WebView webView = new WebView(this);
webView.requestFocus(View.FOCUS_DOWN);
webView.setOnTouchListener(new View.OnTouchListener() {
    @Override
    public boolean onTouch(View v, MotionEvent event) {
        switch (event.getAction()) {
            case MotionEvent.ACTION_DOWN:
            case MotionEvent.ACTION_UP:
            if (!v.hasFocus()) {
                v.requestFocus();
            }
            break;
        }
        return false;
    }
});
webView.loadUrl(mReqToken.getAuthenticationURL());
mainLayout.removeAllViews();
mainLayout.addView(webView);

此处的回调网址为
private static final String CALLBACK_URL = "oauth-testing:///";
并且您正在创建动态Web视图并向用户显示.并在登录Web视图后关闭，代码进入onNewIntent().在此登录后，您需要实现您的功能.

Here the callback url is
private static final String CALLBACK_URL = "oauth-testing:///";
and you are creating a dynamic webview and displaying to the user. And after logging in the webview is closed and the code comes to the onNewIntent(). You need to implement your functionality after logging in there.

@Override
protected void onNewIntent(Intent intent) {
    super.onNewIntent(intent);
    dealWithTwitterResponse(intent);
}  
private void dealWithTwitterResponse(Intent intent) {
    Uri uri = intent.getData();
    System.out.println("URI=" + uri);
    if (uri != null && uri.toString().startsWith(CALLBACK_URL)) {
        String oauthVerifier = uri.getQueryParameter("oauth_verifier");
        authoriseNewUser(oauthVerifier);
    }
}

我知道我添加了很多代码段，其中一些可能不相关，但是我希望有一天能对某人有所帮助.

I know I have added a lot of code snippet, some of which might not be relevant, but i hope it will help someone someday.

这篇关于如果使用Webview完成身份验证，如何使用Intent过滤器处理OAuth URL回调?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！