Use a webview for WP.com login #21414
Conversation
Generated by 🚫 Danger |
|
| App Name |  WordPress |
|
| Flavor | Jalapeno | |
| Build Type | Debug | |
| Version | pr21414-355774f | |
| Commit | 355774f | |
| Direct Download | wordpress-prototype-build-pr21414-355774f.apk |
|
| App Name |  Jetpack |
|
| Flavor | Jalapeno | |
| Build Type | Debug | |
| Version | pr21414-355774f | |
| Commit | 355774f | |
| Direct Download | jetpack-prototype-build-pr21414-355774f.apk |
|
|
||
| runBlocking { | ||
| val tokenResult = loginClient.exchangeAuthCodeForToken(code, BuildConfig.OAUTH_REDIRECT_URI) | ||
| accountStore.updateAccessToken(tokenResult.getOrThrow()) |
There was a problem hiding this comment.
I think you'd want to check if the token belongs to the current user before saving it. Users can log in with any account from the login webpage.
There was a problem hiding this comment.
This should be for first-time authentication only – I'm thinking we'll want a reauthenticate method that does what you say – forces login to a specific account
|
@jkmassel I'm running into some issues with this. When I try to login with a 2FA account, I see this screen and can't go any further:
If I try with a non-2FA account, after I login I'm not redirected to the app - instead I'm still in the browser. Is this intended? I also did not expect to be taken to the browser to login. Is it not possible to do this in a WebView within the app? wplogin.mp4 |
| @@ -113,7 +113,18 @@ | |||
| <activity | |||
| android:name=".ui.accounts.LoginActivity" | |||
| android:theme="@style/LoginTheme.TransparentSystemBars" | |||
| android:windowSoftInputMode="adjustResize" /> | |||
| android:windowSoftInputMode="adjustResize" | |||
| android:exported="true"> | |||
There was a problem hiding this comment.
Sonarcloud flags this as a security risk. Does it need to be exported?
There was a problem hiding this comment.
My understanding is that this was required in order to handle custom URL schemes, but I might be incorrect!
There was a problem hiding this comment.
Ah, I suspect you're right about that. This Sonarcloud page mentions ways to fix this warning.
That's really odd – I wonder if maybe the app needs to be fully uninstalled? You're being redirected to
Good question! I had assumed that we'd want to use the default browser for password managers, etc – if we can do it in an in-app browser that would be nicer for sure. |
I tried again, this time using a new emulator instance (so no previous install), and I'm still seeing this behavior. |
Project dependencies changesThe following changes in project dependencies were detected (configuration listtree+\--- androidx.browser:browser:1.5.0 -> 1.8.0 (*) |
jkmassel
force-pushed
the
use/webview-for-dotcom-login
branch
from
eb5c5a5 to
d93b1f8
Compare
|
@nbradbury – could you give this a try again? It now uses Chrome Tabs in-app, which should share all of password management goodness we need. I tried it with a Google-synced passkey and it worked, and I tried with a Yubikey and that worked too (on my ancient Galaxy S9) so I'm hopeful it works for you too! |
@jkmassel Chrome Custom tabs is a much better solution, but I'm still seeing issues. With a non-2FA account, I end up being redirected to the Automattic home page. redirect.mp4With a 2FA account, I still get stuck in some sort of passkey loop which I don't understand. passkey.mp4 |
| @@ -9,6 +9,7 @@ androidx-activity = '1.9.3' | |||
| androidx-annotation = '1.9.1' | |||
| androidx-appcompat = '1.7.0' | |||
| androidx-arch-core = '2.2.0' | |||
| androidx-browser = '1.5.0' | |||
There was a problem hiding this comment.
Note that this is an outdated version of the library. The latest is 1.8.0.
| public void showEmailLoginScreen(@NonNull Context context) { | ||
| CustomTabsIntent intent = new CustomTabsIntent.Builder() | ||
| .setShareState(CustomTabsIntent.SHARE_STATE_OFF) | ||
| .setStartAnimations(this, R.anim.activity_slide_up_from_bottom, R.anim.activity_slide_up_from_bottom) |
There was a problem hiding this comment.
For consistency with the other login screens, WDYT about changing this to slide in from the right, slide out to the left?
jkmassel
force-pushed
the
use/webview-for-dotcom-login
branch
from
e8ffbf9 to
bd142eb
Compare
jkmassel
force-pushed
the
use/webview-for-dotcom-login
branch
from
bd142eb to
917cb9b
Compare
jkmassel
force-pushed
the
use/webview-for-dotcom-login
branch
from
ebe5b84 to
0fbfecd
Compare
|
Version |
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## trunk #21414 +/- ##
==========================================
- Coverage 39.44% 39.38% -0.06%
==========================================
Files 2119 2125 +6
Lines 99556 99711 +155
Branches 15313 15333 +20
==========================================
+ Hits 39269 39273 +4
- Misses 56806 56957 +151
Partials 3481 3481 ☔ View full report in Codecov by Sentry. |
|
@jkmassel I continue to see this passkey issue when trying to login using an account with 2FA. I'm not sure what this is about but we'll definitely want to address this before merging. passkey.mp4 |
|
Version |
Fixes a fairly common login issue reported in https://a8c.slack.com/archives/C02AVAR9B/p1728576885606729.
To Test:
Regression Notes
Potential unintended areas of impact
Could be other issues around login – I tried very narrowly address the issue in this PR – nothing has been removed, so everything should work like it did before (for instance, use re-authentication).
What I did to test those areas of impact (or what existing automated tests I relied on)
n/a
What automated tests I added (or what prevented me from doing so)
There wouldn't be a lot of benefit to automated tests at this point.
PR Submission Checklist:
RELEASE-NOTES.txtif necessary.Testing Checklist (strike-out the not-applying and unnecessary ones):