This question is locked. New answers and comments are not allowed.
We are using a partner web site to manage log in chores (membership and stuff), so when a user "log in" the app, we show the user a browser (window.open with the "_system" target) in which there's a form where the user can login (kinda like a flow you can see in OAuth).
Now, I think that by using the target _self or _blank, which turns out as using respectively a webview or the inAppBrowser, the developer of the app can "sniff" what's going on that web page by inserting and executing JavaScript in the webview/inAppBrowser. That is the reason why we use _self, this indicates to the app to use the "official" browser of the platform, Safari on iOS and Chrome or whatever comes with Android on an Android platform.
That is all well and nice but when the login chores are done, and that the app is back on view (through a call to the custom scheme we configured for the app), the browser still is at whatever page it landed on when the login process occured. Is there a way to "Close" the current browser page on Safari or Chrome ?
A collateral question to this one would also be, what's the proper way to use a login provider on this mobile platform. A way that would prevent unscrupulous developers to "steal" credentials from the user of the app ? Not that we have a problem with our devs :), I only want to build as safely as I can!
Thanks!
Now, I think that by using the target _self or _blank, which turns out as using respectively a webview or the inAppBrowser, the developer of the app can "sniff" what's going on that web page by inserting and executing JavaScript in the webview/inAppBrowser. That is the reason why we use _self, this indicates to the app to use the "official" browser of the platform, Safari on iOS and Chrome or whatever comes with Android on an Android platform.
That is all well and nice but when the login chores are done, and that the app is back on view (through a call to the custom scheme we configured for the app), the browser still is at whatever page it landed on when the login process occured. Is there a way to "Close" the current browser page on Safari or Chrome ?
A collateral question to this one would also be, what's the proper way to use a login provider on this mobile platform. A way that would prevent unscrupulous developers to "steal" credentials from the user of the app ? Not that we have a problem with our devs :), I only want to build as safely as I can!
Thanks!