Google+ login using web browser is rejected on the App Store.
calvingferrando opened this issue · 54 comments
Reasons from App Strore:
We found the following issues with the user interface of your app:
The app opens a web page in mobile Safari for logging into Google+, then returns the user to the app. The user should be able to log in without opening Safari first.
The plugin is fine and working but didn't passed app standard using a web page. If user already installed the Google+ app then the authentication is on the app which is good otherwise it will open a web browser to do the authentication. To solve this one is we need to wrap it inside inappbrowser.
agree !!
We could also add a "Has google plug app" flag so we can offer alternative logins if the google plus app doesn't exist.
But seriously that is not a point to reject an app?!
The reason sounds more like a "suggestion".
Has somebody additionally to the social login an ordinary one?
Like entering mail and password to login?
Does this problem exists there too?
Hello! I've the same problem. Do you solve the problem?
Thanks
Same problem here! Apple is rejecting my App because of this:
- Upon launching the app, a web page in mobile Safari opens for logging in to google plus, then returns the user to the app. The user should be able to log in without opening Safari first (Ex. in a webview within the app)
Any thoughts or workarounds?
Same here. Just got rejected for the same reason, as stated by the review team:
"In order for the app to be reconsidered for the App Store, it would be appropriate to ensure that Google+ users can authenticate from within the app."
I guess that no one here was able to resolve yet.
Oh boy, this is a shame. Sorry to hear this guys.
I will look into this today.
@EddyVerbruggen thanks!
Thaaaaaanks!!!
Sent from my iPhone
On 5/3/2015, at 16:16, Eddy Verbruggen notifications@github.com wrote:
Oh boy, this is a shame. Sorry to hear this guys.
I will look into this today.
—
Reply to this email directly or view it on GitHub.
Hey guys, I found this issue where Google seems a bit disappointed with Apple reviewers not allowing the Safari OAuth flow (where they accept it for Facebook).
I think the quickest way to fix this is by adding a check to your app which confirms the native app can be used so the redirect won't happen. To this end I just added the isAvailable function to release 1.1.0.
If the new method returns true you can safely show a 'Sign in with Google+' button.
Thanks for the workaround @EddyVerbruggen.
Say, what about what using inappbrowser for users without G+ app? Is that an option?
Unfortunately InAppBrowser is not a pluggable option because the Safari fallback is triggered from native code. There are ways to intercept the native URL launch and launch your own webview (much like the InAppBrowser plugin), but it's considered a hack by Google if you read this discussion.
So technically that's possible but requiring the G+ app on the iOS device is considered the best way to do it according to those two tech giants.
Do i run in the same Problem when there are other auth merhods in my app linke facebook or custom normal login at my Backend?
So Google is only one signin method?
Greetz and thanks for your work!
Yes, Apple will still likely reject your app. You better check G+ availability beforehand.
what is with this method?
http://stackoverflow.com/questions/15281386/google-iphone-api-sign-in-and-share-without-leaving-app
@do-web that's the thing I referred to above when I said "but it's considered a hack by Google if you read this discussion."
With the check "isAvailable" it will be approved in app store? so if i hide the googeplus login if gplus app is not available?
Correct, that's what folks are saying in that thread I mentioned.
Hey,
Just being rejected for that ! Thanks for the isAvailable, will try a new submit.
Suggestion : put an /!\ IMPORTANT warning on that in your Readme :)
Please send a PR
Hello! At Google I/O today, we released a new version of the Sign In library for iOS that includes several updates relevant to this thread and project.
Google Sign In SDK 2.0 is documented on our new dev site: https://developers.google.com/identity/sign-in/ios
Updates:
- New (but familiar) API surface, focusing on Google accounts. Google+ scopes still supported but not required.
- Support for Sign In completion through numerous Google apps, not just Google+. As of today, YouTube and the Google app include support in addition to G+. Several more are on the way.
- Native support for Sign In via WebView when no Sign In app is present. We hope this will stem the issue of app rejections discussed here.
- Button branding based on requested scopes. If plus.*, then red Google+. Otherwise, blue Google.
- Programmatically drawn button supporting flexible height/width.
- New packaging, based on Cocoapods. Google announced today that it is adopting this standard across as many APIs as we can.
- Packaged separately from the Google+ SDK for smaller code size.
- Canonical method "checkGoogleSignInAppInstalled" returning whether a Sign In app is installed for "direct" (non-WebView) sign in.
We'd love to hear your experience with the new SDK, and encourage everyone (including those using G+ APIs) to upgrade.
In particular, @EddyVerbruggen -- I'd love to see this plugin updated to use the new API. It would be great to change the implementation of isAvailable to "return true"!
@johnfargo Thanks John, that SDK and site look awesome, I will definitely consider switching the iOS implementation.
@johnfargo maybe in isAvailable will call checkGoogleSignInAppInstalled. From the readme of this plugin I can asume that this plugin only works for sign in with google plus. I think that if @EddyVerbruggen switch to Google Sign In SDK (I hope so), the plugin should be called cordova-plugin-googlesingnin or something like that.
@EddyVerbruggen First, I'd like to thank you for making this great plugin. I don't want to sound demanding or anything, but Google Sign In SDK 2.0 would really be appreciated. The isAvailable function is a good workaround to get the app approved, but that pretty much prevent most iOS users from signing in to the app using Google+. I have never seen a single iOS users, who has G+ installed.
SDK 2.0 has isAvailable, but what's more, has WebView-based Sign In,
allowing use of Google accounts without the G+ app installed. It's also
worth noting that additional apps host Google Sign In now as well, in
particular YouTube and the Google search app.
On Sat, Jul 4, 2015 at 11:58 PM Pan K. notifications@github.com wrote:
@EddyVerbruggen https://github.com/EddyVerbruggen First, I'd like to
thank you for making this great plugin. I don't want to sound demanding or
anything, but Google Sign In SDK 2.0 would really be appreciated. The
isAvailable function is a good workaround to get the app approved, but that
pretty much prevent most iOS users from signing in to the app using
Google+. I have never seen a single iOS users, who has G+ installed.—
Reply to this email directly or view it on GitHub
#37 (comment)
.
@johnfargo I'm not sure what you meant by "additional apps host Google Sign In now as well, in
particular YouTube and the Google search app", but I have YouTube installed on my phone, and G+ sign in still redirects me to Safari.
@pan, have you updated your app to the Google Sign In SDK?
https://developers.google.com/identity/sign-in/ios
On Mon, Jul 6, 2015 at 12:01 PM Pan K. notifications@github.com wrote:
@johnfargo https://github.com/johnfargo I'm not sure what you meant by
"additional apps host Google Sign In now as well, in
particular YouTube and the Google search app", but I have YouTube
installed on my phone, and G+ sign in still redirects me to Safari.—
Reply to this email directly or view it on GitHub
#37 (comment)
.
@johnfargo Thank you for your suggestion. As far as I understand, I have to make change to iOS native code, which I don't have problem doing. But we're talking about this Phonegap plugin, which wraps around the native code. That's why I mentioned @EddyVerbruggen at first.
Indeed, that makes sense. The plugin does need to update to take advantage
of the changes we've made to support WebView-based Sign In, thus avoiding
app rejection issues.
On Mon, Jul 6, 2015 at 1:29 PM Pan K. notifications@github.com wrote:
@johnfargo https://github.com/johnfargo Thank you for your suggestion.
As far as I understand, I have to make change to iOS native code, which I
don't have problem doing. But we're talking about this Phonegap plugin,
which wraps around the native code. That's why I mentioned @EddyVerbruggen
https://github.com/EddyVerbruggen at first.—
Reply to this email directly or view it on GitHub
#37 (comment)
.
@zphingphong I'd love to do it soon, it's just that this plugin is pure hobby which I love to work on but I'm a liiiiitle short on time these days. Rest assured I intend to upgrade it.
@EddyVerbruggen I understand. Could I be of any help? If you like, add me as a collaborator, and I'll try my best to update the plugin. Of course, that's only if you're comfortable.
Hi @zphingphong that would be very welcome indeed. You've been added.
Please try and keep the JS API stable unless you have absolutely no other choice. Then still, adding a new method next to the old ones is preferred.
Hi @EddyVerbruggen ,
I refactored iOS to use Google Sign-In SDK. I commented out the old methods, in case we need it back. Could you please maybe do a code review and publish it to pgb or plugins.cordova.io? I'll update README sometimes next week.
Thanks!
@zphingphong just updated my app with the new code but the fallback is still being handled by safari, which won't avoid app rejection. Might I be missing something? No changes needed in the JS side, right?
@mhcarneiro How did you upgrade your app with the new code, since we haven't publish this plugin yet?
@zphingphong Hmmm, the code is definitely different, with a lot of mentions to the Google Sign In SDK. Weird. I removed the previous plugin by executing cordova plugin rm nl.x-services.plugins.googleplus and then cordova plugin add nl.x-services.plugins.googleplus. It took me a while to install Google Sign In SDK dependencies, but the code now compiles and runs, although nothing different happens. I've checked and this code includes the files listed as changed 4 days ago in the repository. What do you mean when you say published?
@zphingphong @EddyVerbruggen Can you guys please review and publish the plugin to pgb/npm/plugins.cordova.io soon? I assume that is the only way we can use the latest for submission to PhoneGap Build, right? Thanks
Hi @zphingphong I'm back from a little break and will review the changes during the next few days.
@wongjoh Yes, you'll need it to be in the cordova plugins registry or npm indeed. Once the review is finished I will publish an update to npm.
@mhcarneiro Do you have YouTube installed? Reading @johnfargo correctly that app should be able to handle sign-in as well. I'll be checking it myself soon.
4.0.0 is on npm, enjoy!
Please see the readme for install instructions.
Hi I got so same problem Any solution please mail me sreenu.ram2@gmail.com
Thanks in Advance
Hi @sreeram780
Just hide the G+ button if the user hasn't installed G+ app on his iPhone.
You can detect this easily.
Hi! im using isAvailable function but it always returns true. My example
$ionicPlatform.ready(function() {
window.plugins.googleplus.isAvailable(
function (available) {
$scope.isGoogleAvailable = available;
}
);
});
any solution? Thanks!
All,
So long as you're using Google Sign In API 2.3 or above, there should no
longer be risk of rejection from Apple, as this SDK uses the Apple-approved
SFSafariViewController mechanism to achieve Sign In and OAuth consent.
Note as well that this release completely obviates the need to use
GooglePlus.framework. @eddy, our documentation has changed (and simplified
a bit) as well. Sign In homepages are Android (
https://developers.google.com/identity/sign-in/android/) and iOS (
https://developers.google.com/identity/sign-in/ios/). In particular, enabling
the Google+ API is no longer required if you don't use Google+ APIs
(instead using basic Sign In with name, email, and profile URL).
On a broader level, I suppose the plugin overall could be renamed, though
that's a much more invasive change. Sign In with Google+ account and
credentials still works as it always did, so dropping the + is only an
option.
On Tue, Nov 17, 2015 at 2:28 AM iyussupov notifications@github.com wrote:
Hi! im using isAvailable function but it always returns true. My example
$ionicPlatform.ready(function() {
window.plugins.googleplus.isAvailable(
function (available) {
$scope.isGoogleAvailable = available;
}
);});
any solution? Thanks!—
Reply to this email directly or view it on GitHub
#37 (comment)
.
@johnfargo I was hoping you could clarify something. When the app is not available, the current Web View flow that I am see happen does not allow the user to back out or "cancel" trying to log in. Which then leaves the user w/o a way to get back to the app, is this correct?
Can you check this link,
http://technogerms.com/login-with-google-using-oauth-2-0-for-ios-xcode-objective-c/
I think it will solve your problems
I'm noticing that even with the Google+ app installed on iOS, this plugin 4.0.6 on npm is favoring use of the webview. I can't get it to use Google+ app to login at all anymore. If Apple will approve the use of the webview even when the Google+ app is available, then this is good enough. But I worry that they will reject it.
@celwell I'm experience the same behaviour. No matter what I try it doesn't want to use the Google+ app anymore
@celwell @patternott I've just had an app that was succesfully approved using the new setup. Mine too no longer will Auth using the application, however as noted by @johnfargo this appears to be perfectly acceptable now.
@visormatt Great to hear that it is acceptable. I hope still that this could be improved since the inappbrowser doesn't save login sessions: every time you have to type in your username and password. Oh well, I hope I pass Apple review.
@celwell if you all up to date and also using the SafariWebView it does seem to save the session as long as you have not called logout. I wish I could point you to my app for an example but not realeasing it until the weekend. However a quick check, If you have not added https://github.com/EddyVerbruggen/cordova-plugin-safariviewcontroller it would be worth giving that a add, it's a much safer and faster anyhow.
@EddyVerbruggen i'm using version 5.0.2 of the plugin and still have the same issue, The app opens a web page in mobile Safari for logging into Google+, then returns the user to the app.
@mahmoudkhalafallah It's supposed to do that! The Google Sign In SDK makes use of the SafariViewController to log the user. Think of it as a sign-in pop-up.
Also, that is no longer grounds for rejection from the app store.
@sammuggPS Thanks, my app has been accepted.