{"id":19315323,"url":"https://github.com/capacitor-community/generic-oauth2","last_synced_at":"2026-01-12T02:26:48.658Z","repository":{"id":33097389,"uuid":"147642523","full_name":"capacitor-community/generic-oauth2","owner":"capacitor-community","description":"Generic Capacitor OAuth 2 client plugin. Stop the war in Ukraine!","archived":false,"fork":false,"pushed_at":"2024-09-24T03:30:29.000Z","size":1463,"stargazers_count":251,"open_issues_count":59,"forks_count":119,"subscribers_count":15,"default_branch":"main","last_synced_at":"2025-04-27T08:38:05.905Z","etag":null,"topics":["authentication","capacitor","capacitor-plugin","oauth2","oauth2-client","social-login"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/capacitor-community.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-09-06T08:31:41.000Z","updated_at":"2025-04-16T19:24:18.000Z","dependencies_parsed_at":"2024-01-02T23:09:45.717Z","dependency_job_id":"558b1325-ab66-4139-9c47-14ce7f4cd4e2","html_url":"https://github.com/capacitor-community/generic-oauth2","commit_stats":{"total_commits":211,"total_committers":23,"mean_commits":9.173913043478262,"dds":0.5924170616113744,"last_synced_commit":"3d11ba28271b14c24166361c276264e9403a67ad"},"previous_names":["tafelnl/capacitor-oauth2","capacitor-community/generic-oauth2"],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capacitor-community%2Fgeneric-oauth2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capacitor-community%2Fgeneric-oauth2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capacitor-community%2Fgeneric-oauth2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capacitor-community%2Fgeneric-oauth2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/capacitor-community","download_url":"https://codeload.github.com/capacitor-community/generic-oauth2/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254518384,"owners_count":22084374,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","capacitor","capacitor-plugin","oauth2","oauth2-client","social-login"],"created_at":"2024-11-10T01:05:58.225Z","updated_at":"2026-01-12T02:26:48.651Z","avatar_url":"https://github.com/capacitor-community.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003cbr\u003e\u003cimg src=\"https://user-images.githubusercontent.com/236501/85893648-1c92e880-b7a8-11ea-926d-95355b8175c7.png\" width=\"128\" height=\"128\" /\u003e\u003c/p\u003e\n\u003ch3 align=\"center\"\u003eGeneric OAuth 2\u003c/h3\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e\u003ccode\u003e@capacitor-community/generic-oauth2\u003c/code\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n Generic Capacitor OAuth 2 client plugin.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://img.shields.io/maintenance/yes/2025?style=flat-square\" /\u003e\n \u003ca href=\"https://github.com/capacitor-community/generic-oauth2/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/capacitor-community/generic-oauth2/ci.yml?branch=main\u0026style=flat-square\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://www.npmjs.com/package/@capacitor-community/generic-oauth2\"\u003e\u003cimg src=\"https://img.shields.io/npm/l/@capacitor-community/generic-oauth2?style=flat-square\" /\u003e\u003c/a\u003e\n\u003cbr\u003e\n \u003ca href=\"https://www.npmjs.com/package/@capacitor-community/generic-oauth2\"\u003e\u003cimg src=\"https://img.shields.io/npm/dw/@capacitor-community/generic-oauth2?style=flat-square\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://www.npmjs.com/package/@capacitor-community/generic-oauth2\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/@capacitor-community/generic-oauth2?style=flat-square\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Introduction\n\nThis is a **generic OAuth 2 client** plugin. It lets you configure the oauth parameters yourself instead of using SDKs.\nTherefore, it is usable with various providers. See [identity providers](#list-of-providers) the community has already\nused this plugin with.\n\n## Installation\n\n```bash\nnpm install @capacitor-community/generic-oauth2\nnpx cap sync\n```\n\n## Versions\n\n| Plugin | For Capacitor | Docs | Notes |\n|--------|---------------|---------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|\n| 7.x | 7.x.x | [README](./README.md) | Xcode 16.0+ required! |\n| 6.x | 6.x.x | [README](https://github.com/capacitor-community/generic-oauth2/blob/6.1.0/README.md) | Breaking changes. As of this version the changelog will be available in the Releases tab in GitHub. XCode 15.0 needs this version |\n| 5.x | 5.x.x | [README](https://github.com/capacitor-community/generic-oauth2/blob/5.0.0/README.md) | Breaking changes see Changelog. XCode 14.1 needs this version |\n\n## Supported flows\n\nSee the excellent article about OAuth2 response type combinations.\n\nhttps://medium.com/@darutk/diagrams-of-all-the-openid-connect-flows-6968e3990660\n\nThe plugin on the other will behave differently depending on the existence of certain config parameters:\n\nThese parameters are:\n\n- `accessTokenEndpoint`\n- `resourceUrl`\n\ne.g.\n\n1. If `responseType=code`, `pkceDisable=true` and `accessTokenEndpoint` is missing the `authorizationCode` will be\n resolve along with the whole authorization response.\n This only works for the Web and Android. On iOS the used lib does not allows to cancel after the authorization\n request see #13.\n\n2. If you just need the `id_token` JWT you have to set `accessTokenEndpoint` and `resourceUrl` to `null`.\n\n### Tested / working flows\n\nThese flows are already working and were tested by me.\n\n#### Implicit flow\n\n```\nresponseType: \"token\"\n```\n\n#### Code flow + PKCE\n\n```\n...\nresponseType: \"code\"\npkceEnabled: true\n...\n```\n\nSupported on Web with the new method `redirectFlowCodeListener` which should be called on your app init process\nso it watches for the URL queryString `code` to generate an `access_token` correctly.\n\nPlease be aware that some providers (OneDrive, Auth0) allow **Code Flow + PKCE** only for native apps. Web apps have to\nuse implicit flow.\n\n### Important\n\nFor security reasons this plugin does/will not support Code Flow without PKCE.\n\nThat would include storing your **client secret** in client code which is highly insecure and not recommended.\nThat flow should only be used on the backend (server).\n\n## Configuration\n\n### Use it\n\n```typescript\nimport {GenericOAuth2} from '@capacitor-community/generic-oauth2';\n\n@Component({\n template:\n '\u003cbutton (click)=\"onOAuthBtnClick()\"\u003eLogin with OAuth\u003c/button\u003e' +\n '\u003cbutton (click)=\"onOAuthRefreshBtnClick()\"\u003eRefresh token\u003c/button\u003e',\n})\nexport class SignupComponent {\n accessToken: string;\n refreshToken: string;\n\n onOAuthBtnClick() {\n GenericOAuth2.authenticate(oauth2Options)\n .then(response =\u003e {\n this.accessToken = response['access_token'];\n this.refreshToken = response['refresh_token'];\n\n // only if you include a resourceUrl protected user values are included in the response!\n let oauthUserId = response['id'];\n let name = response['name'];\n\n // go to backend\n })\n .catch(reason =\u003e {\n console.error('OAuth rejected', reason);\n });\n }\n\n // Refreshing tokens only works on iOS/Android for now\n onOAuthRefreshBtnClick() {\n if (!this.refreshToken) {\n console.error('No refresh token found. Log in with OAuth first.');\n }\n\n GenericOAuth2.refreshToken(oauth2RefreshOptions)\n .then(response =\u003e {\n this.accessToken = response['access_token'];\n // Don't forget to store the new refresh token as well!\n this.refreshToken = response['refresh_token'];\n // Go to backend\n })\n .catch(reason =\u003e {\n console.error('Refreshing token failed', reason);\n });\n }\n}\n```\n\n### Options\n\nSee the `oauth2Options` and `oauth2RefreshOptions` interfaces\nat https://github.com/capacitor-community/generic-oauth2/blob/main/src/definitions.ts for details.\n\nExample:\n\n```\n{\n authorizationBaseUrl: \"https://accounts.google.com/o/oauth2/auth\",\n accessTokenEndpoint: \"https://www.googleapis.com/oauth2/v4/token\",\n scope: \"email profile\",\n resourceUrl: \"https://www.googleapis.com/userinfo/v2/me\",\n logsEnabled: true,\n web: {\n appId: environment.oauthAppId.google.web,\n responseType: \"token\", // implicit flow\n accessTokenEndpoint: \"\", // clear the tokenEndpoint as we know that implicit flow gets the accessToken from the authorizationRequest\n redirectUrl: \"http://localhost:4200\",\n windowOptions: \"height=600,left=0,top=0\"\n },\n android: {\n appId: environment.oauthAppId.google.android,\n responseType: \"code\", // if you configured a android app in google dev console the value must be \"code\"\n redirectUrl: \"com.companyname.appname:/\" // package name from google dev console\n },\n ios: {\n appId: environment.oauthAppId.google.ios,\n responseType: \"code\", // if you configured a ios app in google dev console the value must be \"code\"\n redirectUrl: \"com.companyname.appname:/\" // Bundle ID from google dev console\n }\n }\n```\n\n#### authenticate()\n\n**Overrideable Base Parameter**\n\nThese parameters are overrideable in every platform\n\n| parameter | default | required | description | since |\n|---------------------------|---------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|\n| appId | | yes | aka clientId, serviceId, ... | |\n| authorizationBaseUrl | | yes | | |\n| responseType | | yes | | |\n| redirectUrl | | yes | | 2.0.0 |\n| accessTokenEndpoint | | | If empty the authorization response incl code is returned. Known issue: Not on iOS! | |\n| resourceUrl | | | If empty the tokens are return instead. If you need just the `id_token` you have to set both `accessTokenEndpoint` and `resourceUrl` to `null` or empty ``. | |\n| additionalResourceHeaders | | | Additional headers for the resource request | 3.0.0 |\n| pkceEnabled | `false` | | Enable PKCE if you need it. Note: On iOS because of #111 boolean values are not overwritten. You have to explicitly define the param in the subsection. | |\n| logsEnabled | `false` | | Enable extensive logging. All plugin outputs are prefixed with `I/Capacitor/GenericOAuth2Plugin: ` across all platforms. Note: On iOS because of #111 boolean values are not overwritten. You have to explicitly define the param in the subsection. | 3.0.0 |\n| scope | | | | |\n| state | | | The plugin always uses a state.\u003cbr\u003eIf you don't provide one we generate it. | |\n| additionalParameters | | | Additional parameters for anything you might miss, like `none`, `response_mode`. \u003cbr\u003e\u003cbr\u003eJust create a key value pair.\u003cbr\u003e`{ \"key1\": \"value\", \"key2\": \"value, \"response_mode\": \"value\"}` | |\n\n**Platform Web**\n\n| parameter | default | required | description | since |\n|------------------------|----------|----------|-------------------------------------------------------------------------------------------------|-------|\n| windowOptions | | | e.g. width=500,height=600,left=0,top=0 | |\n| windowTarget | `_blank` | | | |\n| windowReplace | | | | 3.0.0 |\n| sendCacheControlHeader | true | | Whether to send the cache control header with the token request, unsupported by some providers. | 6.1.0 |\n\n**Platform Android**\n\n| parameter | default | required | description | since |\n|------------------------------|---------|----------|--------------------------------------------------------------------------------------------------------------------------|-------|\n| customHandlerClass | | | Provide a class name implementing `com.getcapacitor.community.genericoauth2.handler.OAuth2CustomHandler` | |\n| handleResultOnNewIntent | `false` | | Alternative to handle the activity result. The `onNewIntent` method is only call if the App was killed while logging in. | |\n| handleResultOnActivityResult | `true` | | | |\n\n**Platform iOS**\n\n| parameter | default | required | description | since |\n|--------------------|---------|----------|------------------------------------------------------------------------------------------------|-------|\n| customHandlerClass | | | Provide a class name implementing `CapacitorCommunityGenericOauth2.OAuth2CustomHandler` | |\n| siwaUseScope | | | SiWA default scope is `name email` if you want to use the configured one set this param `true` | 2.1.0 |\n\n#### logout()\n\nThe existing `logout()` method has some issues and is not currently functional.\nSee [Issue #97](https://github.com/capacitor-community/generic-oauth2/issues/97) for possible workarounds.\n\n#### refreshToken()\n\n| parameter | default | required | description | since |\n|---------------------|---------|----------|------------------------------|-------|\n| appId | | yes | aka clientId, serviceId, ... | |\n| accessTokenEndpoint | | yes | | |\n| refreshToken | | yes | | |\n| scope | | | | |\n\n### Error Codes\n\n#### authenticate()\n\n- ERR_PARAM_NO_APP_ID ... The appId / clientId is missing. (web, android, ios)\n- ERR_PARAM_NO_AUTHORIZATION_BASE_URL ... The authorization base url is missing. (web, android, ios)\n- ERR_PARAM_NO_RESPONSE_TYPE ... The response type is missing. (web, android, ios)\n- ERR_PARAM_NO_REDIRECT_URL ... The redirect url is missing. (web, android, ios)\n- ERR_STATES_NOT_MATCH ... The state included in the authorization code request does not match the one in the redirect.\n Security risk! (web, android, ios)\n- ERR_AUTHORIZATION_FAILED ... The authorization failed.\n- ERR_NO_ACCESS_TOKEN ... No access_token found. (web, android)\n- ERR_NO_AUTHORIZATION_CODE ... No authorization code was returned in the redirect response. (web, android, ios)\n- USER_CANCELLED ... The user cancelled the login flow. (web, android, ios)\n- ERR_CUSTOM_HANDLER_LOGIN ... Login through custom handler class failed. See logs and check your code. (android, ios)\n- ERR_CUSTOM_HANDLER_LOGOUT ... Logout through custom handler class failed. See logs and check your code. (android, ios)\n- ERR_ANDROID_NO_BROWSER ... No suitable browser could be found! (Android)\n- ERR_ANDROID_RESULT_NULL ... The auth result is null. The intent in the ActivityResult is null. This might be a valid\n state but make sure you configured Android part correctly! See [Platform Android](#platform-android)\n- ERR_GENERAL ... A unspecific error. Check the logs to see want exactly happened. (web, android, ios)\n\n#### refreshToken()\n\n- ERR_PARAM_NO_APP_ID ... The appId / clientId is missing. (android, ios)\n- ERR_PARAM_NO_ACCESS_TOKEN_ENDPOINT ... The access token endpoint url is missing. It is only needed on refresh, on\n authenticate it is optional. (android, ios)\n- ERR_PARAM_NO_REFRESH_TOKEN ... The refresh token is missing. (android, ios)\n- ERR_NO_ACCESS_TOKEN ... No access_token found. (web, android)\n- ERR_GENERAL ... A unspecific error. Check the logs to see want exactly happened. (android, ios)\n\n## Platform: Web/PWA\n\nThis implementation just opens a browser window to let users enter their credentials.\n\nAs there is no provider SDK used to accomplish OAuth, no additional javascript files must be loaded and so there is no\nperformance\nimpact using this plugin in a web application.\n\n## Platform: Android\n\nThere are two options when configuring an OAuth 2 protocol:\n\n1. Some OAuth providers allow using their service _without_ implementing their SDK. For these providers, you can use the\n default config available,\n2. Other OAuth providers (e.g. Facebook) force developers to use their SDK. For these providers, you can implement a\n _Custom OAuth Handler_.\n\n### 1. Android Default Config\n\n\u003e [!NOTE]\n\u003e You can skip this, if you're only exclusively configuring providers using a _Custom OAuth Handler_.\n\n\u003e [!NOTE]\n\u003e For more information about configuring your Android app, refer to\n\u003e the [offical Capacitor documentation](https://capacitor.ionicframework.com/docs/android/configuration)\n\n#### android/app/src/main/res/AndroidManifest.xml\n\nThe `AndroidManifest.xml` in your Capacitor Android project already contains\n\n```xml\n\n\u003cintent-filter\u003e\n \u003caction android:name=\"android.intent.action.VIEW\"/\u003e\n \u003ccategory android:name=\"android.intent.category.DEFAULT\"/\u003e\n \u003ccategory android:name=\"android.intent.category.BROWSABLE\"/\u003e\n \u003cdata android:scheme=\"@string/custom_url_scheme\"/\u003e\n\u003c/intent-filter\u003e\n```\n\nFind the following line in your `AndroidManifest.xml`\n\n```xml\n\n\u003cdata android:scheme=\"@string/custom_url_scheme\"/\u003e\n```\n\nand change it to\n\n```xml\n\n\u003cdata android:scheme=\"@string/custom_url_scheme\" android:host=\"oauth\"/\u003e\n```\n\n\u003e [!NOTE]\n\u003e Actually any value for `android:host` will do. It does not have to be `oauth`.\n\u003e\n\u003e This will fix an issues within the oauth workflow where the application is shown twice.\n\u003e\n\u003e See [Issue #15](https://github.com/capacitor-community/generic-oauth2/issues/15) for details what happens.\n\n#### android/app/src/main/res/values/strings.xml\n\nIn your `strings.xml` change the `custom_url_scheme` string to your actual scheme value. Do NOT include\n`://oauth/redirect` or other endpoint urls here!\n\n```xml\n\n\u003cstring name=\"custom_url_scheme\"\u003ecom.example.yourapp\u003c/string\u003e\n\n \u003c!-- wrong --\u003e\n \u003c!-- \u003cstring name=\"custom_url_scheme\"\u003ecom.example.yourapp://endpoint/path\u003c/string\u003e --\u003e\n```\n\n#### android/app/build.gradle\n\n```groovy\nandroid.defaultConfig.manifestPlaceholders = [\n // change to the 'custom_url_scheme' value in your strings.xml. They need to be the same. e.g.\n \"appAuthRedirectScheme\": \"com.example.yourapp\"\n]\n```\n\n**Troubleshooting**\n\n1. If your `appAuthRedirectScheme` does not get recognized because you are using a library that replaces it\n (e.g.: onesignal-cordova-plugin), you will have to add it to your `buildTypes` like the following:\n\n```groovy\nandroid.buildTypes.debug.manifestPlaceholders = [\n 'appAuthRedirectScheme': '\u003c@string/custom_url_scheme from string.xml\u003e' // e.g. com.companyname.appname\n]\nandroid.buildTypes.release.manifestPlaceholders = [\n 'appAuthRedirectScheme': '\u003c@string/custom_url_scheme from string.xml\u003e' // e.g. com.companyname.appname\n]\n```\n\n2. \"ERR_ANDROID_RESULT_NULL\":\n See [Issue #52](https://github.com/capacitor-community/generic-oauth2/issues/52#issuecomment-525715515) for details.\n I cannot reproduce this behaviour. Moreover, there might be situation this state is valid. In other cases e.g. in the\n linked issue a configuration tweak fixed it.\n\n3. To prevent some logout issues on certain OAuth2 providers (like Salesforce for example), you should provide the\n `id_token` parameter on the `logout(...)` function.\n This ensures that not only the cookies are deleted, but also the logout link is called from the OAuth2 provider.\n Also, it uses the system browser that the plugin uses (and not the user's default browser) to call the logout URL.\n This additionally ensures that the cookies are deleted in the correct browser.\n\n### 2. Custom OAuth Handler\n\nSome OAuth providers (e.g. Facebook) force developers to use their SDK.\n\nThis plugin should be as generic as possible, so I don't want to include provider specific dependencies.\n\nTherefore, I created a mechanism which let developers integrate custom SDK features in this plugin.\nSimply configure a full qualified classname in the option property `android.customHandlerClass`.\nThis class has to implement `com.getcapacitor.community.genericoauth2.handler.OAuth2CustomHandler`.\n\nRefer to the [Facebook example below](#facebook) for a reference implementation.\n\n## Platform: iOS\n\nThere are two options when configuring an OAuth 2 protocol:\n\n1. Some OAuth providers allow using their service _without_ implementing their SDK. For these providers, you can use the\n default config available,\n2. Other OAuth providers (e.g. Facebook) force developers to use their SDK. For these providers, you can implement a\n _Custom OAuth Handler_.\n\n### 1. iOS Default Config\n\n\u003e [!NOTE]\n\u003e You can skip this, if you're only exclusively configuring providers using a _Custom OAuth Handler_.\n\nOpen `ios/App/App/Info.plist` in XCode (Context menu -\u003e Open as -\u003e Source) and add the value of `redirectUrl` from your\nconfig without `:/` like that\n\n```xml\n\n\u003ckey\u003eCFBundleURLTypes\u003c/key\u003e\n\u003carray\u003e\n\u003cdict\u003e\n \u003ckey\u003eCFBundleURLSchemes\u003c/key\u003e\n \u003carray\u003e\n \u003cstring\u003ecom.companyname.appname\u003c/string\u003e\n \u003c/array\u003e\n\u003c/dict\u003e\n\u003c/array\u003e\n```\n\n### 2. Custom OAuth Handler\n\nSome OAuth providers (e.g. Facebook) force developers to use their SDK.\n\nThis plugin should be as generic as possible, so I don't want to include provider specific dependencies.\n\nTherefore, I created a mechanism which let developers integrate custom SDK features in this plugin.\nSimply configure the class name in the option property `ios.customHandlerClass`.\nThis class has to implement `CapacitorCommunityGenericOauth2.OAuth2CustomHandler`.\n\nRefer to the [Facebook example below](#facebook) for a reference implementation.\n\n## Platform: Electron\n\n- No timeline.\n\n## Where to store access tokens?\n\nYou can use the [capacitor-secure-storage](https://www.npmjs.com/package/capacitor-secure-storage-plugin) plugin for\nthis.\n\nThis plugin stores data in secure locations for natives devices.\n\n- For Android, it will store data in a [`AndroidKeyStore`](https://developer.android.com/training/articles/keystore) and\n a [`SharedPreferences`](https://developer.android.com/reference/android/content/SharedPreferences).\n- For iOS, it will store data in a [`SwiftKeychainWrapper`](https://github.com/jrendel/SwiftKeychainWrapper).\n\n## List of Providers\n\nThese are some of the providers that can be configured with this plugin. I'm happy to add others ot the list, if you let\nme know.\n\n| Name | Example (config,...) | Notes |\n|----------|----------------------------------------------------|----------|\n| Google | [see below](#google) | |\n| Facebook | [see below](#facebook) | |\n| Azure | [see below](#azure-active-directory--azure-ad-b2c) | |\n| Apple | [see below](#apple) | ios only |\n\n## Examples\n\n### Apple\n\n#### iOS 13+\n\nMinimum config\n\n```typescript\nappleLogin()\n{\n GenericOAuth2.authenticate({\n appId: \"xxxxxxxxx\",\n authorizationBaseUrl: \"https://appleid.apple.com/auth/authorize\",\n });\n}\n```\n\nThe plugin requires `authorizationBaseUrl` as it triggers the native support and because it is needed for other\nplatforms anyway. Those platforms are not supported yet.\n\n`appId` is required as well for internal, generic reasons and any not blank value is fine.\n\nIt is also possible to control the scope although Apple only supports `email` and/or `fullName`. Add\n`siwaUseScope: true` to the ios section.\nThen you can use `scope: \"fullName\"`, `scope: \"email\"` or both but the latter is the default one if `siwaUseScope` is\nnot set or false.\n\n```typescript\nappleLogin()\n{\n GenericOAuth2.authenticate({\n appId: \"xxxxxxxxx\",\n authorizationBaseUrl: \"https://appleid.apple.com/auth/authorize\",\n ios: {\n siwaUseScope: true,\n scope: \"fullName\"\n }\n });\n}\n```\n\nAs \"Signin with Apple\" is only supported since iOS 13 you should show the according button only in that case.\n\nIn Angular do sth like\n\n```typescript\nimport {Component, OnInit} from '@angular/core';\nimport {Device, DeviceInfo} from '@capacitor/device';\nimport {GenericOAuth2} from '@capacitor-community/generic-oauth2';\n\n@Component({\n templateUrl: './siwa.component.html',\n})\nexport class SiwaComponent implements OnInit {\n ios: boolean;\n siwaSupported: boolean;\n deviceInfo: DeviceInfo;\n\n async ngOnInit() {\n this.deviceInfo = await Device.getInfo();\n this.ios = this.deviceInfo.platform === 'ios';\n if (this.ios) {\n const majorVersion: number = +this.deviceInfo.osVersion.split('.')[0];\n this.siwaSupported = majorVersion \u003e= 13;\n }\n }\n}\n```\n\nAnd show the button only if `siwaSupported` is `true`.\n\nThe response contains these fields:\n\n```\n\"id\"\n\"given_name\"\n\"family_name\"\n\"email\"\n\"real_user_status\"\n\"state\"\n\"id_token\"\n\"code\"\n```\n\n#### iOS \u003c12\n\nnot supported\n\n#### PWA\n\nnot supported\n\n#### Android\n\nnot supported\n\n### Azure Active Directory / Azure AD B2C\n\nIt's important to use the urls you see in the Azure portal for the specific platform.\n\nNote: Don't be confused by the fact that the Azure portal shows \"Azure Active Directory\" and \"Azure AD B2C\" services.\nThey share the same core features and therefore the plugin should work either way.\n\n#### PWA\n\n```typescript\nimport {\n OAuth2AuthenticateOptions,\n GenericOAuth2,\n} from '@capacitor-community/generic-oauth2';\n\nexport class AuthService {\n getAzureB2cOAuth2Options(): OAuth2AuthenticateOptions {\n return {\n appId: environment.oauthAppId.azureBc2.appId,\n authorizationBaseUrl: `https://login.microsoftonline.com/${environment.oauthAppId.azureBc2.tenantId}/oauth2/v2.0/authorize`,\n scope: 'https://graph.microsoft.com/User.Read', // See Azure Portal -\u003e API permission\n accessTokenEndpoint: `https://login.microsoftonline.com/${environment.oauthAppId.azureBc2.tenantId}/oauth2/v2.0/token`,\n resourceUrl: 'https://graph.microsoft.com/v1.0/me/',\n responseType: 'code',\n pkceEnabled: true,\n logsEnabled: true,\n web: {\n redirectUrl: environment.redirectUrl,\n windowOptions: 'height=600,left=0,top=0',\n },\n android: {\n redirectUrl: 'msauth://{package-name}/{url-encoded-signature-hash}', // See Azure Portal -\u003e Authentication -\u003e Android Configuration \"Redirect URI\"\n },\n ios: {\n pkceEnabled: true, // workaround for bug #111\n redirectUrl: 'msauth.{package-name}://auth',\n },\n };\n }\n}\n```\n\n##### Custom Scopes\n\nIf you need to use **custom scopes** configured in \"API permissions\" and created in \"Expose an API\" in Azure Portal you\nmight need\nto remove the `resourceUrl` parameter if your scopes are not included in the response. I can not give a clear advise on\nthose Azure specifics.\nTry to experiment with the config until Azure includes everything you need in the response.\n\n\u003cdetails\u003e\n\u003csummary\u003eA configuration with custom scopes might look like this:\u003c/summary\u003e\n\n```typescript\nimport {GenericOAuth2} from \"@capacitor-community/generic-oauth2\";\n\ngetAzureB2cOAuth2Options()\n:\nOAuth2AuthenticateOptions\n{\n return {\n appId: environment.oauthAppId.azureBc2.appId,\n authorizationBaseUrl: `https://login.microsoftonline.com/${environment.oauthAppId.azureBc2.tenantId}/oauth2/v2.0/authorize`,\n scope: \"api://uuid-created-by-azure/scope.name1 api://uuid-created-by-azure/scope.name2\", // See Azure Portal -\u003e API permission / Expose an API\n accessTokenEndpoint: `https://login.microsoftonline.com/${environment.oauthAppId.azureBc2.tenantId}/oauth2/v2.0/token`,\n // no resourceURl!\n responseType: \"code\",\n pkceEnabled: true,\n logsEnabled: true,\n web: {\n redirectUrl: environment.redirectUrl,\n windowOptions: \"height=600,left=0,top=0\",\n },\n android: {\n redirectUrl: \"msauth://{package-name}/{url-encoded-signature-hash}\" // See Azure Portal -\u003e Authentication -\u003e Android Configuration \"Redirect URI\"\n },\n ios: {\n pkceEnabled: true, // workaround for bug #111\n redirectUrl: \"msauth.{package-name}://auth\"\n }\n };\n}\n}\n```\n\n\u003c/details\u003e\n\n##### Prior configs\n\n\u003cdetails\u003e\n\u003csummary\u003eOther configs that works in prior versions\u003c/summary\u003e\n\n```typescript\nimport {GenericOAuth2} from \"@capacitor-community/generic-oauth2\";\n\nazureLogin()\n{\n GenericOAuth2.authenticate({\n appId: \"xxxxxxxxx\",\n authorizationBaseUrl: \"https://tenantb2c.b2clogin.com/tfp/tenantb2c.onmicrosoft.com/B2C_1_SignUpAndSignIn/oauth2/v2.0/authorize\",\n accessTokenEndpoint: \"\",\n scope: \"openid offline_access https://tenantb2c.onmicrosoft.com/capacitor-api/demo.read\",\n responseType: \"token\",\n web: {\n redirectUrl: \"http://localhost:8100/auth\"\n },\n android: {\n pkceEnabled: true,\n responseType: \"code\",\n redirectUrl: \"com.tenant.app://oauth/auth\", // Use the value from Azure config. Platform \"Android\"\n accessTokenEndpoint: \"https://tenantb2c.b2clogin.com/tfp/tenantb2c.onmicrosoft.com/B2C_1_SignUpAndSignIn/oauth2/v2.0/token\",\n handleResultOnNewIntent: true,\n handleResultOnActivityResult: true\n },\n ios: {\n pkceEnabled: true,\n responseType: \"code\",\n redirectUrl: \"msauth.BUNDLE_ID://oauth\", // Use the value from Azure config. Platform \"iOS/Mac\"\n accessTokenEndpoint: \"https://tenantb2c.b2clogin.com/tfp/tenantb2c.onmicrosoft.com/B2C_1_SignUpAndSignIn/oauth2/v2.0/token\",\n }\n });\n}\n```\n\n```typescript\nimport {GenericOAuth2} from \"@capacitor-community/generic-oauth2\";\n\nazureLogin()\n{\n GenericOAuth2.authenticate({\n appId: 'XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX',\n authorizationBaseUrl: 'https://TENANT.b2clogin.com/tfp/TENANT.onmicrosoft.com/B2C_1_policy-signin-signup-web/oauth2/v2.0/authorize',\n accessTokenEndpoint: '',\n scope: 'https://XXXXXXX.onmicrosoft.com/TestApi4/demo.read',\n responseType: 'token',\n web: {\n redirectUrl: 'http://localhost:8100/'\n },\n android: {\n pkceEnabled: true,\n responseType: 'code',\n redirectUrl: 'com.company.project://oauth/redirect',\n accessTokenEndpoint: 'https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/B2C_1_policy-signin-signup-web',\n handleResultOnNewIntent: true,\n handleResultOnActivityResult: true\n },\n ios: {\n pkceEnabled: true,\n responseType: 'code',\n redirectUrl: 'com.company.project://oauth',\n accessTokenEndpoint: 'https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/B2C_1_policy-signin-signup-web',\n }\n });\n}\n```\n\n\u003c/details\u003e\n\n#### Android\n\nIf you have **only** Azure B2C as identity provider you have to add a new `intent-filter` to your main activity in\n`AndroidManifest.xml`.\n\n```xml\n\u003c!-- azure ad b2c --\u003e\n\u003cintent-filter\u003e\n \u003caction android:name=\"android.intent.action.VIEW\"/\u003e\n \u003ccategory android:name=\"android.intent.category.DEFAULT\"/\u003e\n \u003ccategory android:name=\"android.intent.category.BROWSABLE\"/\u003e\n \u003cdata android:scheme=\"@string/azure_b2c_scheme\" android:host=\"@string/package_name\"\n android:path=\"@string/azure_b2c_signature_hash\"/\u003e\n\u003c/intent-filter\u003e\n```\n\nIf you have **multiple** identity providers **or** your logins always ends in a `USER_CANCELLED` error like\nin [#178](https://github.com/capacitor-community/generic-oauth2/issues/178)\nyou have to create an additional Activity in `AndroidManifest.xml`.\n\nThese are both activities! Make sure to replace `com.company.project.MainActivity` with your real qualified class path!\n\n```xml\n\n\u003cactivity\n android:configChanges=\"orientation|keyboardHidden|keyboard|screenSize|locale|smallestScreenSize|screenLayout|uiMode\"\n android:name=\"com.company.project.MainActivity\"\n android:label=\"@string/title_activity_main\"\n android:launchMode=\"singleTask\"\n android:theme=\"@style/AppTheme.NoActionBarLaunch\"\u003e\n\n \u003cintent-filter\u003e\n \u003caction android:name=\"android.intent.action.MAIN\"/\u003e\n \u003ccategory android:name=\"android.intent.category.LAUNCHER\"/\u003e\n \u003c/intent-filter\u003e\n\n \u003cintent-filter\u003e\n \u003caction android:name=\"android.intent.action.VIEW\"/\u003e\n \u003ccategory android:name=\"android.intent.category.DEFAULT\"/\u003e\n \u003ccategory android:name=\"android.intent.category.BROWSABLE\"/\u003e\n \u003cdata android:scheme=\"@string/custom_url_scheme\" android:host=\"@string/custom_host\"/\u003e\n \u003c/intent-filter\u003e\n\n\u003c/activity\u003e\n\n\u003cactivity android:name=\"net.openid.appauth.RedirectUriReceiverActivity\" android:exported=\"true\"\u003e\n\u003cintent-filter\u003e\n \u003caction android:name=\"android.intent.action.VIEW\"/\u003e\n \u003ccategory android:name=\"android.intent.category.DEFAULT\"/\u003e\n \u003ccategory android:name=\"android.intent.category.BROWSABLE\"/\u003e\n \u003cdata android:scheme=\"@string/custom_url_scheme\" android:host=\"@string/custom_host\"/\u003e\n\u003c/intent-filter\u003e\n\n\u003cintent-filter\u003e\n \u003caction android:name=\"android.intent.action.VIEW\"/\u003e\n \u003ccategory android:name=\"android.intent.category.DEFAULT\"/\u003e\n \u003ccategory android:name=\"android.intent.category.BROWSABLE\"/\u003e\n \u003cdata android:scheme=\"@string/azure_b2c_scheme\" android:host=\"@string/package_name\"\n android:path=\"@string/azure_b2c_signature_hash\"/\u003e\n\u003c/intent-filter\u003e\n\u003c/activity\u003e\n```\n\nValues for `android/app/src/main/res/values/string.xml`. Replace the example values!\n\n```\n \u003cstring name=\"title_activity_main\"\u003eYour Project's Name/string\u003e\n \u003cstring name=\"custom_url_scheme\"\u003ecom.company.project\u003c/string\u003e\n \u003cstring name=\"custom_host\"\u003efoo\u003c/string\u003e\u003c!-- any value is fine --\u003e\n \u003cstring name=\"package_name\"\u003ecom.company.project\u003c/string\u003e\n \u003cstring name=\"azure_b2c_scheme\"\u003emsauth\u003c/string\u003e\n \u003cstring name=\"azure_b2c_signature_hash\"\u003e/your-signature-hash\u003c/string\u003e\u003c!-- The leading slash is required. Copied from Azure Portal Android Config \"Signature hash\" field --\u003e\n```\n\nSee [Android Default Config](#android-default-config)\n\n#### iOS\n\nOpen `Info.plist` in XCode by clicking right on that file -\u003e Open as -\u003e Source Code. Note: XCode does not \"like\" files\nopened and changed externally.\n\n```xml\n\n\u003ckey\u003eCFBundleURLTypes\u003c/key\u003e\n\u003carray\u003e\n\u003cdict\u003e\n \u003ckey\u003eCFBundleURLSchemes\u003c/key\u003e\n \u003carray\u003e\n \u003c!-- msauth.BUNDLE_ID --\u003e\n \u003cstring\u003emsauth.com.yourcompany.yourproject\u003c/string\u003e\n \u003c/array\u003e\n\u003c/dict\u003e\n\u003c/array\u003e\n```\n\n**Important:**\n\n- Do not enter `://` as part of your redirect url\n- Make sure the `msauth.` prefix is present\n\n#### Troubleshooting\n\nIn case of problems please read [#91](https://github.com/capacitor-community/generic-oauth2/issues/91)\nand [#96](https://github.com/capacitor-community/generic-oauth2/issues/96)\n\nSee this [example repo](https://github.com/loonix/capacitor-oauth2-azure-example) by @loonix.\n\n### Google\n\n#### PWA\n\n```typescript\nimport {GenericOAuth2} from \"@capacitor-community/generic-oauth2\";\n\ngoogleLogin()\n{\n GenericOAuth2.authenticate({\n authorizationBaseUrl: \"https://accounts.google.com/o/oauth2/auth\",\n accessTokenEndpoint: \"https://www.googleapis.com/oauth2/v4/token\",\n scope: \"email profile\",\n resourceUrl: \"https://www.googleapis.com/userinfo/v2/me\",\n web: {\n appId: environment.oauthAppId.google.web,\n responseType: \"token\", // implicit flow\n accessTokenEndpoint: \"\", // clear the tokenEndpoint as we know that implicit flow gets the accessToken from the authorizationRequest\n redirectUrl: \"http://localhost:4200\",\n windowOptions: \"height=600,left=0,top=0\"\n },\n android: {\n appId: environment.oauthAppId.google.android,\n responseType: \"code\", // if you configured a android app in google dev console the value must be \"code\"\n redirectUrl: \"com.companyname.appname:/\" // package name from google dev console\n },\n ios: {\n appId: environment.oauthAppId.google.ios,\n responseType: \"code\", // if you configured a ios app in google dev console the value must be \"code\"\n redirectUrl: \"com.companyname.appname:/\" // Bundle ID from google dev console\n }\n }).then(resourceUrlResponse =\u003e {\n // do sth e.g. check with your backend\n }).catch(reason =\u003e {\n console.error(\"Google OAuth rejected\", reason);\n });\n}\n```\n\n#### Android\n\nSee [Android Default Config](#android-default-config)\n\n#### iOS\n\nSee [iOS Default Config](#ios-default-config)\n\n### Facebook\n\n#### PWA\n\n```typescript\nimport {GenericOAuth2} from \"@capacitor-community/generic-oauth2\";\n\nfacebookLogin()\n{\n let fbApiVersion = \"2.11\";\n GenericOAuth2.authenticate({\n appId: \"YOUR_FACEBOOK_APP_ID\",\n authorizationBaseUrl: \"https://www.facebook.com/v\" + fbApiVersion + \"/dialog/oauth\",\n resourceUrl: \"https://graph.facebook.com/v\" + fbApiVersion + \"/me\",\n web: {\n responseType: \"token\",\n redirectUrl: \"http://localhost:4200\",\n windowOptions: \"height=600,left=0,top=0\"\n },\n android: {\n customHandlerClass: \"com.companyname.appname.YourAndroidFacebookOAuth2Handler\",\n },\n ios: {\n customHandlerClass: \"App.YourIOsFacebookOAuth2Handler\",\n }\n }).then(resourceUrlResponse =\u003e {\n // do sth e.g. check with your backend\n }).catch(reason =\u003e {\n console.error(\"FB OAuth rejected\", reason);\n });\n}\n```\n\n**Android and iOS**\n\nSince October 2018 Strict Mode for Redirect Urls is always on.\n\n\u003e Use Strict Mode for Redirect URIs\n\n\u003e Only allow redirects that use the Facebook SDK or that exactly match the Valid OAuth Redirect URIs. Strongly\n\u003e recommended.\n\nBefore that it was able to use `fb\u003cyour_app_id\u003e:/authorize` in a Android or iOS app and get the accessToken.\n\nUnfortunately now we have to use the SDK for Facebook Login.\n\nI don't want to have a dependency to facebook for users, who don't need Facebook OAuth.\n\nTo address this problem I created a integration with custom code in your app `customHandlerClass`\n\n#### Android\n\nSee https://developers.facebook.com/docs/facebook-login/android/ for more background on how to configure Facebook in\nyour Android app.\n\n1. Add `implementation 'com.facebook.android:facebook-login:4.36.0'` to `android/app/build.gradle` as dependency.\n\n2. Add to `string.xml`\n\n```xml\n\n\u003cstring name=\"facebook_app_id\"\u003e\n \u003cYOUR_FACEBOOK_APP_ID\u003e\n\u003c/string\u003e\n\u003cstring name=\"fb_login_protocol_scheme\"\u003efb\n\u003cYOUR_FACEBOOK_APP_ID\u003e\n\u003c/string\u003e\n```\n\n3. Add to `AndroidManifest.xml`\n\n```xml\n\n\u003cmeta-data android:name=\"com.facebook.sdk.ApplicationId\" android:value=\"@string/facebook_app_id\"/\u003e\n\n\u003cactivity android:name=\"com.facebook.FacebookActivity\"\n android:configChanges=\n \"keyboard|keyboardHidden|screenLayout|screenSize|orientation\"\n android:label=\"@string/app_name\"/\u003e\n\n\u003cactivity android:name=\"com.facebook.CustomTabActivity\" android:exported=\"true\"\u003e\n\u003cintent-filter\u003e\n \u003caction android:name=\"android.intent.action.VIEW\"/\u003e\n \u003ccategory android:name=\"android.intent.category.DEFAULT\"/\u003e\n \u003ccategory android:name=\"android.intent.category.BROWSABLE\"/\u003e\n \u003cdata android:scheme=\"@string/fb_login_protocol_scheme\"/\u003e\n\u003c/intent-filter\u003e\n\u003c/activity\u003e\n```\n\n4. Create a custom handler class\n\n```java\npackage com.companyname.appname;\n\nimport android.app.Activity;\nimport com.companyname.appname.MainActivity;\nimport com.facebook.AccessToken;\nimport com.facebook.FacebookCallback;\nimport com.facebook.FacebookException;\nimport com.facebook.login.DefaultAudience;\nimport com.facebook.login.LoginBehavior;\nimport com.facebook.login.LoginManager;\nimport com.facebook.login.LoginResult;\nimport com.getcapacitor.PluginCall;\nimport com.getcapacitor.community.genericoauth2.handler.AccessTokenCallback;\nimport com.getcapacitor.community.genericoauth2.handler.OAuth2CustomHandler;\n\nimport java.util.Collections;\n\npublic class YourAndroidFacebookOAuth2Handler implements OAuth2CustomHandler {\n\n @Override\n public void getAccessToken(\n Activity activity,\n PluginCall pluginCall,\n final AccessTokenCallback callback\n ) {\n AccessToken accessToken = AccessToken.getCurrentAccessToken();\n if (AccessToken.isCurrentAccessTokenActive()) {\n callback.onSuccess(accessToken.getToken());\n } else {\n LoginManager l = LoginManager.getInstance();\n l.logInWithReadPermissions(\n activity,\n Collections.singletonList(\"public_profile\")\n );\n l.setLoginBehavior(LoginBehavior.WEB_ONLY);\n l.setDefaultAudience(DefaultAudience.NONE);\n LoginManager\n .getInstance()\n .registerCallback(\n ((MainActivity) activity).getCallbackManager(),\n new FacebookCallback\u003cLoginResult\u003e() {\n @Override\n public void onSuccess(LoginResult loginResult) {\n callback.onSuccess(loginResult.getAccessToken().getToken());\n }\n\n @Override\n public void onCancel() {\n callback.onCancel();\n }\n\n @Override\n public void onError(FacebookException error) {\n callback.onCancel();\n }\n }\n );\n }\n }\n\n @Override\n public boolean logout(Activity activity, PluginCall pluginCall) {\n LoginManager.getInstance().logOut();\n return true;\n }\n}\n\n```\n\n5. Change your MainActivity like\n\n```java\npublic class MainActivity extends BridgeActivity {\n\n private CallbackManager callbackManager;\n\n @Override\n public void onCreate(Bundle savedInstanceState) {\n super.onCreate(savedInstanceState);\n // Initialize Facebook SDK\n FacebookSdk.sdkInitialize(this.getApplicationContext());\n callbackManager = CallbackManager.Factory.create();\n }\n\n @Override\n protected void onActivityResult(\n int requestCode,\n int resultCode,\n Intent data\n ) {\n super.onActivityResult(requestCode, resultCode, data);\n if (callbackManager.onActivityResult(requestCode, resultCode, data)) {\n return;\n }\n }\n\n public CallbackManager getCallbackManager() {\n return callbackManager;\n }\n}\n\n```\n\n**iOS**\n\nSee https://developers.facebook.com/docs/swift/getting-started and https://developers.facebook.com/docs/swift/login\n\n1. Add Facebook pods to `ios/App/Podfile` and run `pod install` afterwards\n\n```\nplatform :ios, '13.0'\nuse_frameworks!\n\n# workaround to avoid Xcode caching of Pods that requires\n# Product -\u003e Clean Build Folder after new Cordova plugins installed\n# Requires CocoaPods 1.6 or newer\ninstall! 'cocoapods', :disable_input_output_paths =\u003e true\n\ndef capacitor_pods\n pod 'Capacitor', :path =\u003e '../../node_modules/@capacitor/ios'\n pod 'CapacitorCordova', :path =\u003e '../../node_modules/@capacitor/ios'\n pod 'CapacitorCommunityGenericOauth2', :path =\u003e '../../node_modules/@capacitor-community/generic-oauth2'\n # core plugins\n pod 'CapacitorApp', :path =\u003e '../../node_modules/@capacitor/app'\n pod 'CapacitorDevice', :path =\u003e '../../node_modules/@capacitor/device'\n pod 'CapacitorKeyboard', :path =\u003e '../../node_modules/@capacitor/keyboard'\n pod 'CapacitorSplashScreen', :path =\u003e '../../node_modules/@capacitor/splash-screen'\n pod 'CapacitorStatusBar', :path =\u003e '../../node_modules/@capacitor/status-bar'\nend\n\ntarget 'App' do\n capacitor_pods\n # Add your Pods here\n pod 'FacebookCore'\n pod 'FacebookLogin'\nend\n```\n\n2. Add some Facebook configs to your `Info.plist`\n\n```xml\n\n\u003ckey\u003eCFBundleURLTypes\u003c/key\u003e\n\u003carray\u003e\n\u003cdict\u003e\n \u003ckey\u003eCFBundleURLSchemes\u003c/key\u003e\n \u003carray\u003e\n \u003cstring\u003efb{your-app-id}\u003c/string\u003e\n \u003c/array\u003e\n\u003c/dict\u003e\n\u003c/array\u003e\n\u003ckey\u003eFacebookAppID\u003c/key\u003e\n\u003cstring\u003e{your-app-id}\u003c/string\u003e\n\u003ckey\u003eFacebookDisplayName\u003c/key\u003e\n\u003cstring\u003e{your-app-name}\u003c/string\u003e\n\u003ckey\u003eLSApplicationQueriesSchemes\u003c/key\u003e\n\u003carray\u003e\n\u003cstring\u003efbapi\u003c/string\u003e\n\u003cstring\u003efb-messenger-share-api\u003c/string\u003e\n\u003cstring\u003efbauth2\u003c/string\u003e\n\u003cstring\u003efbshareextension\u003c/string\u003e\n\u003c/array\u003e\n```\n\n3. Create a custom handler class\n\n```swift\nimport Foundation\nimport FacebookCore\nimport FacebookLogin\nimport Capacitor\nimport CapacitorCommunityGenericOauth2\n\n@objc class YourIOsFacebookOAuth2Handler: NSObject, OAuth2CustomHandler {\n\n required override init() {\n }\n\n func getAccessToken(viewController: UIViewController, call: CAPPluginCall, success: @escaping (String) -\u003e Void, cancelled: @escaping () -\u003e Void, failure: @escaping (Error) -\u003e Void) {\n if let accessToken = AccessToken.current {\n success(accessToken.tokenString)\n } else {\n DispatchQueue.main.async {\n let loginManager = LoginManager()\n // I only need the most basic permissions but others are available\n loginManager.logIn(permissions: [ .publicProfile ], viewController: viewController) { result in\n switch result {\n case .success(_, _, let accessToken):\n success(accessToken.tokenString)\n case .failed(let error):\n failure(error)\n case .cancelled:\n cancelled()\n }\n }\n }\n }\n }\n\n func logout(viewController: UIViewController, call: CAPPluginCall) -\u003e Bool {\n let loginManager = LoginManager()\n loginManager.logOut()\n return true\n }\n}\n```\n\nThis handler will be automatically discovered up by the plugin and handles the login using the Facebook SDK.\nSee https://developers.facebook.com/docs/swift/login/#custom-login-button for details.\n\n4. The users that have redirect problem after success grant add the following code to `ios/App/App/AppDelegate.swift`.\n This code correctly delegate the FB redirect url to be managed by Facebook SDK.\n\n```swift\nimport UIKit\nimport FacebookCore\nimport FacebookLogin\nimport Capacitor\n\n@UIApplicationMain\nclass AppDelegate: UIResponder, UIApplicationDelegate {\n\n var window: UIWindow?\n\n // other methods\n\n func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -\u003e Bool {\n // Called when the app was launched with a url. Feel free to add additional processing here,\n // but if you want the App API to support tracking app url opens, make sure to keep this call\n\n if let scheme = url.scheme, let host = url.host {\n let appId: String = Settings.appID!\n if scheme == \"fb\\(appId)\" \u0026\u0026 host == \"authorize\" {\n return ApplicationDelegate.shared.application(app, open: url, options: options)\n }\n }\n\n return CAPBridge.handleOpenUrl(url, options)\n }\n\n // other methods\n}\n```\n\n## Contribute\n\nSee [Contribution Guidelines](https://github.com/capacitor-community/generic-oauth2/blob/main/.github/CONTRIBUTING.md).\n\n## License\n\nMIT. See [LICENSE](https://github.com/capacitor-community/generic-oauth2/blob/main/LICENSE).\n\n## Disclaimer\n\nWe have no business relation to Ionic.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapacitor-community%2Fgeneric-oauth2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcapacitor-community%2Fgeneric-oauth2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapacitor-community%2Fgeneric-oauth2/lists"}