breautek commented on issue #1049: URL: https://github.com/apache/cordova-plugin-inappbrowser/issues/1049#issuecomment-1964739016
I think that's because [capacitor's browser](https://capacitorjs.com/docs/apis/browser) uses SFSafariViewController behind the scenes. Which is similar to an embedded webview but with far more restrictions. These restrictions however makes it safer for OAuth usage. The inappbrowser plugin uses WKWebView for legacy reasons, it's configured in such a way that it doesn't have access to the cordova bridge making it safe to load in untrusted content, but it has APIs for the host app to inject content into the loaded document, breaching trust for OAuth service providers, which I suspect is related to your compliance status. Many OAuth providers started blocking OAuth usage from embeddable webviews like WKWebView and android's Webkit webview. There are no plans to implement Safari View Controller in this plugin because it would destroy a lot of features that other users rely on, but there is a community plugin available [cordova-plugin-safariviewcontroller](https://www.npmjs.com/package/cordova-plugin-safariviewcontroller) that does implement the Safari View Controller. Despite the name, it also supports Chrome Tabs for android, which is android's direct equivalent feature to iOS's Safari View Controller. I've haven't used this plugin myself, but it sounds like the exact thing you need if Capacitor's module doesn't work on Cordova. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
