Skip to main content

Interface: IWebBrowser

Methods

openAuthSessionAsync

openAuthSessionAsync(url, redirectUrl, browserParams?): Promise<WebBrowserAuthSessionResult>

On iOS:

Opens the url with Safari in a modal using SFAuthenticationSession on iOS 11 and greater, and falling back on a SFSafariViewController. The user will be asked whether to allow the app to authenticate using the given url.

On Android:

This will be done using a "custom Chrome tabs" browser, AppState, and Linking APIs.

On web:

This API can only be used in a secure environment (https). You can use expo start:web --https to test this. Otherwise, an error with code ERR_WEB_BROWSER_CRYPTO will be thrown. This will use the browser's window.open() API.

  • Desktop: This will create a new web popup window in the browser that can be closed later using WebBrowser.maybeCompleteAuthSession().
  • Mobile: This will open a new tab in the browser which can be closed using WebBrowser.maybeCompleteAuthSession().

How this works on web:

  • A crypto state will be created for verifying the redirect.
    • This means you need to run with expo start:web --https
  • The state will be added to the window's localstorage. This ensures that auth cannot complete unless it's done from a page running with the same origin as it was started. Ex: if openAuthSessionAsync is invoked on https://localhost:19006, then maybeCompleteAuthSession must be invoked on a page hosted from the origin https://localhost:19006. Using a different website, or even a different host like https://128.0.0.*:19006 for example will not work.
  • A timer will be started to check for every 1000 milliseconds (1 second) to detect if the window has been closed by the user. If this happens then a promise will resolve with { type: 'dismiss' }.

On mobile web, Chrome and Safari will block any call to window.open() which takes too long to fire after a user interaction. This method must be invoked immediately after a user interaction. If the event is blocked, an error with code ERR_WEB_BROWSER_BLOCKED will be thrown.

Parameters

NameTypeDescription
urlstringThe url to open in the web browser. This should be a login page.
redirectUrlstringOptional - The url to deep link back into your app. By default, this will be Constants.linkingUrl.
browserParams?WebBrowserOpenOptionsOptional - An object with the same keys as WebBrowserOpenOptions. If there is no native AuthSession implementation available (which is the case on Android) these params will be used in the browser polyfill. If there is a native AuthSession implementation, these params will be ignored.

Returns

Promise<WebBrowserAuthSessionResult>

  • If the user does not permit the application to authenticate with the given url, the Promise fulfills with { type: 'cancel' } object.
  • If the user closed the web browser, the Promise fulfills with { type: 'cancel' } object.
  • If the browser is closed using dismissBrowser, the Promise fulfills with { type: 'dismiss' } object.

Defined in

node_modules/@web3auth/react-native-sdk/dist/types/types/IWebBrowser.d.ts:260