Firebase iOS sdk, login with oauth provider (fb, google, etc) causing app rejection by Apple

[Luke Hubbard]

Hi, 

We are using the iOS sdk and firebase login (authWithOauthProvider) to let users login using Facebook and Google+. Unfortunately Apple doesn't seem to like how its implemented and have rejected our app, specifically they don't like mobile Safari opening to show the login form for facebook / google+. The rejection and issue seem the same as https://code.google.com/p/google-plus-platform/issues/detail?id=900

The workaround is to use a webview to load the login form rather then opening safari, however since we don't have access to the SDK source code I'm not sure if thats possible. 

If there some way to stop authWithOauthProvider opening Safari and keep the flow within our app? Has anyone else faced this issue?

It seems quite a critical issue to be as it means apps using firebase for login will be rejected by Apple. 

Thanks,

- Luke

[Katherine Fang]

Hi Luke,

Thanks for bringing this up and linking to the issue! Sad to hear your app got rejected, though. :( 

A brief scan of that issue suggests that it's okay for Facebook to jump to Safari and back, but not for Google+. It looks like there are a couple of suggestions on Stack Overflow on how to do Google+ Login without leaving the app. 

We'll also look into it further and see what we can do to improve Firebase Login, but I wouldn't hold out for anything short term.

Hope you find something that works for you! :) I'd be curious to hear what you end up doing to get around the issue.

- Kat

[Michael Lehenbauer]

Hey Luke,

I just wanted to clarify one thing real quick.  You mentioned it's authWithOauthProvider that's opening the popup, but actually I think it's the Google SDK (you're probably calling GoogleAuthUtil.getToken() or something, which I assume is triggering the popup).  authWithOauthProvider just auths you to Firebase using a token you got through some other means.  This means you definitely could implement a webview-based login flow to get the oauth token and then pass that to authWithOauthProvider, though of course that would be inconvenient.

I'm surprised to hear that Apple is rejecting vanilla apps using the Google SDK for login.  I'll reach out to some teams internally and see if I can poke the right folks to get some action on that bug.  But I don't have much context at this time. :-/

Certainly sounds like an unfortunate situation.  Sorry it's affecting you and your app!

-Michael

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/be8a5134-2ea6-4918-9694-ea33aad2f1e2%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Michael Lehenbauer]

Er, minor brain fart...  GoogleAuthUtil.getToken() is the android API.  On iOS, you're probably using [GPPSignIn authenticate] or similar, and that's what's launching mobile safari.

[Michael Lehenbauer]

Hey Luke (and anybody else who ran into this).

I just wanted to follow up real quick and let you know that there's now a new version of the Google Sign In SDK which uses a webview to authenticate, so should hopefully avoid app store rejections!  More details here.

-Michael

On Fri, Apr 24, 2015 at 8:56 AM, Michael Lehenbauer <mike...@google.com> wrote: