Use ASWebAuthenticationSession to display OIDC account management URL (#7671)

Co-authored-by: Doug <douglase@element.io>
2026-04-17 06:58:28 +02:00 · 2023-09-12 18:05:52 +01:00
parent a7c8905b10
commit dde602beac
7 changed files with 158 additions and 19 deletions
--- a/Riot/Modules/Authentication/SSO/SSOAccountService.swift
+++ b/Riot/Modules/Authentication/SSO/SSOAccountService.swift
@@ -0,0 +1,48 @@
+// 
+// Copyright 2020 New Vector Ltd
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+import Foundation
+
+@objcMembers
+/// A service for the SSOAuthenticationPresenter that allows to open an OIDC account management URL.
+///
+/// Both `callBackURLScheme` and `loginToken` are unneeded for this use case and return `nil`.
+final class SSOAccountService: NSObject, SSOAuthenticationServiceProtocol {
+    
+    // MARK: - Properties
+    
+    private let accountURL: URL
+        
+    let callBackURLScheme: String? = nil
+    
+    // MARK: - Setup
+    
+    init(accountURL: URL) {
+        self.accountURL = accountURL
+        super.init()
+    }
+    
+    // MARK: - Public
+    
+    func authenticationURL(for identityProvider: String?, transactionId: String) -> URL? {
+        accountURL
+    }
+    
+    func loginToken(from url: URL) -> String? {
+        MXLog.error("The account service shouldn't receive a completion callback.")
+        return nil
+    }
+}
--- a/Riot/Modules/Authentication/SSO/SSOAuthenticationPresenter.swift
+++ b/Riot/Modules/Authentication/SSO/SSOAuthenticationPresenter.swift
@@ -37,7 +37,7 @@ final class SSOAuthenticationPresenter: NSObject {
    
    // MARK: - Properties
    
-    private let ssoAuthenticationService: SSOAuthenticationService
+    private let ssoAuthenticationService: SSOAuthenticationServiceProtocol
    
    // MARK: Private
    
@@ -53,7 +53,7 @@ final class SSOAuthenticationPresenter: NSObject {
    
    // MARK: - Setup
    
-    init(ssoAuthenticationService: SSOAuthenticationService) {
+    init(ssoAuthenticationService: SSOAuthenticationServiceProtocol) {
        self.ssoAuthenticationService = ssoAuthenticationService
        super.init()
    }
--- a/Riot/Modules/Authentication/SSO/SSOAuthenticationService.swift
+++ b/Riot/Modules/Authentication/SSO/SSOAuthenticationService.swift
@@ -22,8 +22,16 @@ enum SSOAuthenticationServiceError: Error {
    case unknown
 }

+@objc protocol SSOAuthenticationServiceProtocol {
+    var callBackURLScheme: String? { get }
+
+    func authenticationURL(for identityProvider: String?, transactionId: String) -> URL?
+
+    func loginToken(from url: URL) -> String?
+}
+
@objcMembers
-final class SSOAuthenticationService: NSObject {
+final class SSOAuthenticationService: NSObject, SSOAuthenticationServiceProtocol {
    
    // MARK: - Constants
    
--- a/Riot/Modules/Settings/Security/ManageSession/ManageSessionViewController.m
+++ b/Riot/Modules/Settings/Security/ManageSession/ManageSessionViewController.m
@@ -45,7 +45,7 @@ enum {
 };


-@interface ManageSessionViewController () <UserVerificationCoordinatorBridgePresenterDelegate>
+@interface ManageSessionViewController () <UserVerificationCoordinatorBridgePresenterDelegate, SSOAuthenticationPresenterDelegate>
 {
    // The device to display
    MXDevice *device;
@@ -64,6 +64,8 @@ enum {

@property (nonatomic, strong) ReauthenticationCoordinatorBridgePresenter *reauthenticationCoordinatorBridgePresenter;

+@property (nonatomic, strong) SSOAuthenticationPresenter *ssoAuthenticationPresenter;
+
@end

@implementation ManageSessionViewController
@@ -679,17 +681,19 @@ enum {
 {
    UIAlertController *alert = [UIAlertController alertControllerWithTitle: [VectorL10n manageSessionRedirect] message: nil preferredStyle:UIAlertControllerStyleAlert];
    
-    __weak typeof(self) weakSelf = self;
+    MXWeakify(self);
    UIAlertAction *action = [UIAlertAction actionWithTitle:[VectorL10n ok]
                                                     style:UIAlertActionStyleDefault
                                                   handler: ^(UIAlertAction * action) {
-        [UIApplication.sharedApplication openURL:url options:@{} completionHandler:^(BOOL success) {
-            if (success && weakSelf)
-            {
-                [weakSelf withdrawViewControllerAnimated:YES completion:nil];
-            }
-        }];
+        MXStrongifyAndReturnIfNil(self);
+        SSOAccountService *service = [[SSOAccountService alloc] initWithAccountURL:url];
+        SSOAuthenticationPresenter *presenter = [[SSOAuthenticationPresenter alloc] initWithSsoAuthenticationService:service];
+        presenter.delegate = self;
+        self.ssoAuthenticationPresenter = presenter;
+        
+        [presenter presentForIdentityProvider:nil with:@"" from:self animated:YES];
    }];
+    
    [alert addAction: action];
    [self presentViewController:alert animated:YES completion:nil];
 }
@@ -755,4 +759,27 @@ enum {
    [self reloadDeviceWithCompletion:^{}];
 }

+#pragma mark - SSOAuthenticationPresenterDelegate
+
+- (void)ssoAuthenticationPresenterDidCancel:(SSOAuthenticationPresenter *)presenter
+{
+    self.ssoAuthenticationPresenter = nil;
+    MXLogDebug(@"OIDC account management complete.")
+    [self withdrawViewControllerAnimated:YES completion:nil];
+}
+
+- (void)ssoAuthenticationPresenter:(SSOAuthenticationPresenter *)presenter authenticationDidFailWithError:(NSError *)error
+{
+    self.ssoAuthenticationPresenter = nil;
+    MXLogError(@"OIDC account management failed.")
+}
+
+- (void)ssoAuthenticationPresenter:(SSOAuthenticationPresenter *)presenter
+  authenticationSucceededWithToken:(NSString *)token
+             usingIdentityProvider:(SSOIdentityProvider *)identityProvider
+{
+    self.ssoAuthenticationPresenter = nil;
+    MXLogWarning(@"Unexpected callback after OIDC account management.")
+}
+
@end
--- a/Riot/Modules/Settings/SettingsViewController.m
+++ b/Riot/Modules/Settings/SettingsViewController.m
@@ -204,7 +204,8 @@ SettingsIdentityServerCoordinatorBridgePresenterDelegate,
 ServiceTermsModalCoordinatorBridgePresenterDelegate,
 TableViewSectionsDelegate,
 ThreadsBetaCoordinatorBridgePresenterDelegate,
-ChangePasswordCoordinatorBridgePresenterDelegate>
+ChangePasswordCoordinatorBridgePresenterDelegate,
+SSOAuthenticationPresenterDelegate>
 {
    // Current alert (if any).
    __weak UIAlertController *currentAlert;
@@ -300,6 +301,8 @@ ChangePasswordCoordinatorBridgePresenterDelegate>
@property (nonatomic) BOOL isPreparingIdentityService;
@property (nonatomic, strong) ServiceTermsModalCoordinatorBridgePresenter *serviceTermsModalCoordinatorBridgePresenter;

+@property (nonatomic, strong) SSOAuthenticationPresenter *ssoAuthenticationPresenter;
+
@property (nonatomic) AnalyticsScreenTracker *screenTracker;

@end
@@ -3926,7 +3929,12 @@ ChangePasswordCoordinatorBridgePresenterDelegate>
 {
    NSURL *url = [NSURL URLWithString: self.mainSession.homeserverWellknown.authentication.account];
    if (url) {
-        [UIApplication.sharedApplication openURL:url options:@{} completionHandler:nil];
+        SSOAccountService *service = [[SSOAccountService alloc] initWithAccountURL:url];
+        SSOAuthenticationPresenter *presenter = [[SSOAuthenticationPresenter alloc] initWithSsoAuthenticationService:service];
+        presenter.delegate = self;
+        self.ssoAuthenticationPresenter = presenter;
+        
+        [presenter presentForIdentityProvider:nil with:@"" from:self animated:YES];
    }
 }

@@ -4602,4 +4610,26 @@ ChangePasswordCoordinatorBridgePresenterDelegate>
    [self.userSessionsFlowCoordinatorBridgePresenter pushFrom:self.navigationController animated:YES];
 }

+#pragma mark - SSOAuthenticationPresenterDelegate
+
+- (void)ssoAuthenticationPresenterDidCancel:(SSOAuthenticationPresenter *)presenter
+{
+    self.ssoAuthenticationPresenter = nil;
+    MXLogDebug(@"OIDC account management complete.")
+}
+
+- (void)ssoAuthenticationPresenter:(SSOAuthenticationPresenter *)presenter authenticationDidFailWithError:(NSError *)error
+{
+    self.ssoAuthenticationPresenter = nil;
+    MXLogError(@"OIDC account management failed.")
+}
+
+- (void)ssoAuthenticationPresenter:(SSOAuthenticationPresenter *)presenter
+  authenticationSucceededWithToken:(NSString *)token
+             usingIdentityProvider:(SSOIdentityProvider *)identityProvider
+{
+    self.ssoAuthenticationPresenter = nil;
+    MXLogWarning(@"Unexpected callback after OIDC account management.")
+}
+
@end
--- a/RiotSwiftUI/Modules/UserSessions/Coordinator/UserSessionsFlowCoordinator.swift
+++ b/RiotSwiftUI/Modules/UserSessions/Coordinator/UserSessionsFlowCoordinator.swift
@@ -32,6 +32,7 @@ final class UserSessionsFlowCoordinator: NSObject, Coordinator, Presentable {
    private var errorPresenter: MXKErrorPresentation
    private var indicatorPresenter: UserIndicatorTypePresenterProtocol
    private var loadingIndicator: UserIndicator?
+    private var ssoAuthenticationPresenter: SSOAuthenticationPresenter?
    
    /// The root coordinator for user session management.
    private weak var sessionsOverviewCoordinator: UserSessionsOverviewCoordinator?
@@ -199,12 +200,14 @@ final class UserSessionsFlowCoordinator: NSObject, Coordinator, Presentable {
    private func openDeviceLogoutRedirectURL(_ url: URL) {
        let alert = UIAlertController(title: VectorL10n.manageSessionRedirect, message: nil, preferredStyle: .alert)
        alert.addAction(UIAlertAction(title: VectorL10n.ok, style: .default) { [weak self] _ in
-            UIApplication.shared.open(url) { [weak self] success in
-                guard success else {
-                    return
-                }
-                self?.popToSessionsOverview()
-            }
+            guard let self else { return }
+            
+            let service = SSOAccountService(accountURL: url)
+            let presenter = SSOAuthenticationPresenter(ssoAuthenticationService: service)
+            presenter.delegate = self
+            self.ssoAuthenticationPresenter = presenter
+            
+            presenter.present(forIdentityProvider: nil, with: "", from: self.toPresentable(), animated: true)
        })
        alert.popoverPresentationController?.sourceView = toPresentable().view
        navigationRouter.present(alert, animated: true)
@@ -549,3 +552,25 @@ private extension UserOtherSessionsFilter {
        }
    }
 }
+
+// MARK: ASWebAuthenticationPresentationContextProviding
+
+extension UserSessionsFlowCoordinator: SSOAuthenticationPresenterDelegate {
+    func ssoAuthenticationPresenterDidCancel(_ presenter: SSOAuthenticationPresenter) {
+        ssoAuthenticationPresenter = nil
+        MXLog.info("OIDC account management complete.")
+        popToSessionsOverview()
+    }
+    
+    func ssoAuthenticationPresenter(_ presenter: SSOAuthenticationPresenter, authenticationDidFailWithError error: Error) {
+        ssoAuthenticationPresenter = nil
+        MXLog.error("OIDC account management failed.")
+    }
+    
+    func ssoAuthenticationPresenter(_ presenter: SSOAuthenticationPresenter,
+                                    authenticationSucceededWithToken token: String,
+                                    usingIdentityProvider identityProvider: SSOIdentityProvider?) {
+        ssoAuthenticationPresenter = nil
+        MXLog.warning("Unexpected callback after OIDC account management.")
+    }
+}
--- a/changelog.d/7671.bugfix
+++ b/changelog.d/7671.bugfix
@@ -0,0 +1 @@
+Show OIDC account management UI using embedded browser instead of system browser.
				`@@ -0,0 +1 @@`
				`Show OIDC account management UI using embedded browser instead of system browser.`