Error in crypto.subtle on iOS preview

Hi,

I’m configuring an AppGyver app for OAuth using authorization flow with PKCE, as documented here:

https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/a721157cd40544eb9bad40085cf8ec15.html

This requires the client to provide a signed key in lieu of having the client secret accessible to every user in a Basic header. I found this nice GitHub sample on implementing using ES6 JS:

This works perfectly from Chrome on my laptop. However, when I embed this code into a WebView component so that it works on iOS, I get an error in the preview app:

Some research suggests this is by a break in the HTTPS communication somewhere in the chain:

I can provide steps to reproduce if needed. Appreciate any input on this as it would be great to utilize OAuth without sharing the client secret.

Best,
Jim

I recreated this problem in App 347278 on the community edition.

1 Like

Hi,

The issue seems to be that crypto.subtle is undefined because iOS WebView uses Safari, and it only supports the subtle API in secure contexts (Crypto.subtle - Web APIs | MDN).

So you’ll only have access to the API on a page loaded under https, not in e.g. locally defined html. Unfortunately crypto.subtle does not seem to be available in the general engine (JavaScriptCore) outside the WebView context either, so that leaves few options.

I’d suggest one of the following:

  • Host a page that generates the verifier and challenge for the host app with the subtle API, and point the WebView there initially. The code is still run on the client, but should work now if the page is loaded under https.
  • Do the challenge hashing remotely through an API if you have access to or can create one.
  • If you’re comfortable with JS, use a shim or polyfill for the digest API (or another implementation).

This should be easier than it is currently, and would be great to have as a formula for example. But for having something working right now, I’d look at one of the alternative methods.

-Pekka

Thanks a lot for the reply. Hope to see this become easier in the future, but understand the constraints for now. Much appreciated @Pekka_Aaltonen !!

Hi @Pekka_Aaltonen,

We managed to Polyfill and implement a sample on iOS. I’ll leave it here as a reference in case anybody else wants to try it out:

Thanks again for the help!

Best,
Jim

1 Like