Auth0 Home Blog Docs

My Xamarin iOS OIDC SDK improvements


#1

I used to use the non OIDC conformant SDK for Xamarin, but then recently switched and was frustrated with the user experience. The new SDK uses the SFSafariViewController which does a couple things I don’t like:

  1. Displays a URL
  2. Has a refresh button
  3. Has a done buton
  4. Has a toolbar at the bottom, that, among other things, lets the user open new page tabs, open the login page in safari, etc
  5. Zooms in when you select a text field to enter your username/pw

I spent a couple hours looking at the source code for it, located here: link

and made my own improvements. Here’s what the stuff I added does:

  1. Uses WKWebView so no more toolbar and nav bar at the top (with the done/refresh/url stuff)
  2. Lets you specify a custom frame for the login widget so that it doesn’t have to be the full size of your containing UIViewController
  3. Lets you disable zooming (so that when you enter your info it doesn’t get all weird)
  4. Lets you disable scrolling the web page
  5. Lets you disable the bounce scrolling the web page, if you have scrolling enabled
  6. Lets you specify if you want the widget to auto close on cancel/success
  7. Lets you specify optional callbacks to be called on cancel/success (passing in the WKWebView). You could use this to change how the widget disappears when successfully logging in, for example, instead of the standard view dismissal, etc.

The one caveat is that since there’s no safari “Done” button at the top, to implement canceling you need to make 2 small changes to your hosted login page. One is turning on the option to display the cancel button, the other is raising a javascript event that gets called when that button is pressed, which is then handled by the iOS C# code I wrote to handle cancelation. In depth info on this is in the comments of the code. It’s not hard, it’s a few lines of code.

In order to use this, you need to clone Auth0’s source code for the Xamarin iOS OIDC client. That’s located in the link I posted above. If you’re paranoid you can just view your current OIDC NuGet package and click the “project url” link and it’ll take you to the same repository. I personally removed the projects that I wasn’t going to use as I had some issues getting the non UWP/Android/iOS stuff compiling but that’s totally optional. The only thing we need to keep here is the iOS project (and the test ios project if you like).

Step 1: Grab my new class and add it to the Auth0.Oidc.Client.Xamarin.iOS project: PlatformWKWebView.cs.txt (5.6 KB)
(note that the forum made me use a .txt extension so remove that)
If you look at the existing PlatformWebView.cs class you can see I based it off of it.

Step 2: grab my modified client options file: Auth0ClientOptions.cs.txt (2.8 KB)
and replace the existing Auth0ClientOptions.cs file (which is in the Auth0.Oidc.Client.Shared project). If you do a diff you’ll see that I only added one small addition which is a boolean named “UseWKWebView”. If set to true it uses my code, if false it uses the existing solution.

Step 3: grab my modified Auth0Client.cs file and replace the existing one (also in shared): Auth0Client.cs.txt (10.0 KB)
This adds methods to set all the options I mentioned at the top. There’s a lengthy comment regarding handling hitting the close button on the lock widget. It’s above the method “SetOnHideCallbackHandler”.

Compile. Remove your current OIDC NuGet package from just your iOS project. Take the .DLL that was output and add it to your project and add a reference to it and you can now use the new features.

If you want to do a quick test with it, you can modify the XamariniOSTestApp project that comes with the git repository. In MyViewController.cs. Try adding the following:

_client.SetAutoClose(true);
_client.SetWKWebViewFrame(new CGRect(50, 50, View.Frame.Width - 100, View.Frame.Height - 100));
_client.DisableZooming(true);
_client.DisableBouncing(true);
_client.DisableScrolling(true);

Note that it’s late and I’m tired and while I did some testing and things worked, I haven’t yet moved things into production. I’d suggest playing around with it yourself if you want to use it.


#2

Hey there @Architekt. Thank you for your contribution. Please note however that using WKWebView could be problematic when using some 3rd party identity providers. Google, for example, is already blocking its usage, and others may also follow suit.

Due to this limitation, Auth0 can therefore not integrate your solution into the official Auth0 library.

Also note that there is an update coming to the Auth0 OIDC Client in the next month or so which will replace the usage of SFSafariViewController with the new SFAuthenticationSession which is the preferred way by Apple to handle authenticaiton with external services.


#3

Gotcha. For me I don’t use social providers so WKWebview was preferable. If the client will be replacing the SFSafariViewController with something that functionally looks like the WKWebView and not an actual Safari browser in my app then I’m all for it.