• 6
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I need to receive the token on my Android aplication. I created and API on Laravel, and i need to receive an authentication token, but i don't know how to do it on Android. I did some code but it doesn't work.

public class LoginActivity extends AppCompatActivity {

    WebView webView;
    private final String URL = "https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.login);

        webView = findViewById(R.id.webView);
        webView.setWebViewClient(new WebViewClient());
        webView.loadUrl(URL);

        // Cria problemas de XSS na aplicação. Usar com cuidado
        webView.getSettings().setJavaScriptEnabled(true);


        if (URL.length() == 0) {
            getToken("https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust");
        }
    }

    private void getToken(String url) {

        StringBuilder strBuild = new StringBuilder();

        String authURL = "https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust";
        String redirect_uri = "urn:ietf:wg:oauth:2.0:oob";
        strBuild.append("&redirect_uri=").append(redirect_uri);

        try{
            java.net.URL obj = new URL(authURL);

            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setDoOutput(true);
            con.setRequestMethod("POST");

            con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

            DataOutputStream wr = new DataOutputStream(con.getOutputStream());
            wr.writeBytes(strBuild.toString());
            wr.flush();
            wr.close();

            System.out.println(con.getResponseCode());
            System.out.println(con.getResponseMessage());

        }catch (Exception e)
        {
            System.out.println("Error.");
        }
        System.out.println(strBuild.toString());
    }
}
    • The token is stored in my localstorage.. and when i login from the webview i want to receive the respective token in a variable.
      • 1
    • If I understand you correctly: You ware loading the WebView and once the user is authenticated get the token of the authentication? What I meant by my first question, sorry for not properly explaining was: You are logging in via a regular browser. The client then gets a token from the server -> where is this token stored on the client side? I assume the token has to be sent for every request to authorize

Ok you have two options:

First one
The first one is the better one. You can do this if you have access to the code of the Web frontend. Basically you just add a WebAppInterface. The documentation describes it really well. Your android function should accept the token as a parameter and it should be called by your frontend after the user successfully logged in and has gotten his token.

So yours could look like this:

class WebAppInterface(private val mContext: Context) {

    /** Show a toast from the web page  */
    @JavascriptInterface
    fun consumeToken(token: String) {
        //do whatever you want to do with the token.
    }
}

You must register it like this: webView.addJavascriptInterface(WebAppInterface(this), "Android")

Then your Web frontend (the javascript side) can invoke the function like that: Android.consumeToken(token);

Second one
This one is a bit more complicated. Load your url like usual and set a WebViewClient to your WebView. Like this:

webView.webViewClient = object: WebViewClient() {
    override fun onPageFinished(view: WebView?, url: String?) {
        super.onPageFinished(view, url)
        webView.evaluateJavascript("(function() { return JSON.stringify(localStorage); })();") { s ->
            if (s != "\"{}\"") {
                var jsonAsStr = s.substring(1, s.length - 1).replace("\\", "")
                val obj = JSONObject(jsonAsStr)
                val token = obj.getString("token")
            }
        }

    }
}
webView.loadUrl("https://www.google.com/")

So onPageFinished is called when a new site loads. This way you know that the user completed the login (yes if there where any other buttons or so that he could click those would trigger this function as well). However you could catch those errors by checking the url in the onPageStarted and see if this matches the page the user should see after login. So like this: onPageStarted gets called -> if the url matches the url of the page the user should see after the login then its the correct one and you can invoke the evaluateJavascript. But maybe my simple example is enough for your usecase.

Anyway the evaluateJavascript then injects javascript in the client which will read the localStorage. This is then checked if it's empty or not and afterwards parsed to a jsonObject. Then just retrieve the token from the jsonified localstorage. Thats it :)

Same thing in Java:

    webView.setWebViewClient(new WebViewClient() {
    @Override
    public void onPageFinished(WebView view, String url) {
        super.onPageFinished(view, url);
        webView.evaluateJavascript("(function() { return JSON.stringify(localStorage); })();", new ValueCallback<String>() {
            @Override
            public void onReceiveValue(String s) {
                if (s != "\"{}\"") {
                    String jsonAsStr = s.substring(1, s.length() - 1).replace("\\", "");
                    try {
                        JSONObject obj = new JSONObject(jsonAsStr);
                        String token = obj.getString("token");
                    } catch (JSONException e) {

                    }
                }
            }
        });
    }
});
  • 1
Reply Report