cordova-plugin-oauth 4.0.1 → 4.1.0

package/README.md

@@ -38,11 +38,11 @@ Installation
 ------------
 
 ```
-cordova plugin add cordova-plugin-oauth [--variable URL_SCHEME=mycoolapp]
+cordova plugin add cordova-plugin-oauth [--variable URL_SCHEME=mycoolapp] [--variable URL_HOSTNAME=callback]
 ```
 
 By default, the plugin registers the app ID as a scheme to be used as the
-OAuth callback URL, and expects a host of `oauth_callback` (i.e., if your
+OAuth callback URL, and expects a default host of `oauth_callback` (i.e., if your
 app's ID is `com.example.foo`, your OAuth redirect URL should be
 `com.example.foo://oauth_callback`).
 
@@ -50,6 +50,9 @@ The scheme for the OAuth callback URL can be changed by providing a
 `URL_SCHEME` variable when installing. If your `URL_SCHEME` is `mycoolapp`,
 then your OAuth redirect URL should be `mycoolapp://oauth_callback`.
 
+The hostname endpoint can be changed by providing a `URL_HOSTNAME` variable
+when installing.
+
 
 Supported Platforms
 -------------------
@@ -69,13 +72,22 @@ Usage
     window.open(endpoint, 'oauth:google', '');
     ```
 
+    Alternatively, you can include `oauth=yes` in the window features string:
+
+    ```javascript
+    var endpoint = 'https://accounts.google.com/o/oauth2/v2/auth?....';
+    window.open(endpoint, '_self', 'oauth=yes');
+    ```
+
 2.  The plugin will open the OAuth login page in a new browser window.
 
 3.  When the OAuth process is complete and it redirects to your app scheme, the
     plugin will send a message to the Cordova app.
 
     The message begins with `oauth::` and is followed by a JSON object
-    containing all of the key/value pairs from the OAuth redirect query string.
+    containing all of the key/value pairs from the OAuth redirect query string
+    or fragment parameters. The complete OAuth callback URL is available in a
+    `oauth_callback_url` property.
 
     ```javascript
     // Called from a callback URL like
@@ -113,4 +125,9 @@ Licence
 Released under the Apache 2.0 Licence.  
 Copyright © 2020-2022 Ayogo Health Inc.
 
+This project includes the [EventTarget polyfill][etpoly], copyright © 2018,
+Andrea Giammarchi under the [ISC Licence][isc].
+
 [coc]: https://github.com/AyogoHealth/cordova-plugin-oauth/blob/main/CODE_OF_CONDUCT.md
+[etpoly]: https://github.com/ungap/event-target
+[isc]: https://github.com/ungap/event-target/blob/master/LICENSE

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cordova-plugin-oauth",
-  "version": "4.0.1",
+  "version": "4.1.0",
   "author": "Ayogo Health Inc. <info@ayogo.com>",
   "contributors": [
     "Darryl Pogue <darryl@dpogue.ca>",
@@ -9,10 +9,7 @@
   ],
   "description": "Cordova plugin for performing OAuth login flows.",
   "license": "Apache-2.0",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/AyogoHealth/cordova-plugin-oauth.git"
-  },
+  "repository": "github:AyogoHealth/cordova-plugin-oauth.git",
   "keywords": [
     "cordova",
     "ecosystem:cordova",
@@ -24,21 +21,44 @@
     "www",
     "plugin.xml"
   ],
+  "scripts": {
+    "version": "sed -i -e \"s/\\(<plugin [^>]*id=\\\"$npm_package_name\\\" [^>]*version=\\\"\\)[^\\\"]*\\\"/\\1$npm_package_version\\\"/\" plugin.xml && git add plugin.xml"
+  },
   "cordova": {
+    "id": "cordova-plugin-oauth",
     "platforms": [
       "ios",
       "android"
     ]
   },
-  "engines": [
-    {
-      "name": "cordova-android",
-      "version": ">= 9.0.0"
-    },
-    {
-      "name": "cordova-ios",
-      "version": ">= 6.1.0"
+  "engines": {
+    "cordovaDependencies": {
+      "1.0.0": {
+        "cordova-android": ">= 8.0.0",
+        "cordova-ios": ">= 5.0.0"
+      },
+      "2.0.0": {
+        "cordova-android": ">= 8.0.0",
+        "cordova-ios": ">= 5.0.0"
+      },
+      "3.0.0": {
+        "cordova-android": ">= 8.0.0",
+        "cordova-ios": ">= 6.1.0"
+      },
+      "4.0.0": {
+        "cordova-android": ">= 9.0.0",
+        "cordova-ios": ">= 6.1.0"
+      },
+      "5.0.0": {
+        "cordova": ">100"
+      }
     }
-  ],
-  "dependencies": {}
+  },
+  "dependencies": {},
+  "devEngines": {
+    "packageManager": {
+      "name": "npm",
+      "onFail": "ignore"
+    }
+  }
 }

package/plugin.xml

@@ -14,7 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 -->
-<plugin xmlns="http://apache.org/cordova/ns/plugins/1.0" xmlns:android="http://schemas.android.com/apk/res/android" id="cordova-plugin-oauth" version="4.0.1">
+<plugin xmlns="http://apache.org/cordova/ns/plugins/1.0" xmlns:android="http://schemas.android.com/apk/res/android" id="cordova-plugin-oauth" version="4.1.0">
   <name>cordova-plugin-oauth</name>
   <description>Cordova plugin for performing OAuth login flows.</description>
   <keywords>cordova,ios,android,oauth</keywords>
@@ -23,6 +23,7 @@ limitations under the License.
   <issues>https://github.com/AyogoHealth/cordova-plugin-oauth/issues</issues>
 
   <preference name="URL_SCHEME" default="$PACKAGE_NAME" />
+  <preference name="URL_HOSTNAME" default="oauth_callback" />
 
   <engines>
     <engine name="cordova-ios" version=">= 6.1.0" />
@@ -35,6 +36,7 @@ limitations under the License.
 
   <config-file target="config.xml" parent="/*">
     <preference name="OAuthScheme" value="$URL_SCHEME"/>
+    <preference name="OAuthHostname" value="$URL_HOSTNAME"/>
   </config-file>
 
   <platform name="ios">
@@ -66,6 +68,7 @@ limitations under the License.
     <config-file target="res/xml/config.xml" parent="/*">
       <feature name="OAuth">
         <param name="android-package" value="com.ayogo.cordova.oauth.OAuthPlugin" />
+        <param name="onload" value="true" />
       </feature>
     </config-file>
 
@@ -76,7 +79,7 @@ limitations under the License.
         <category android:name="android.intent.category.DEFAULT" />
         <category android:name="android.intent.category.BROWSABLE" />
 
-        <data android:scheme="$URL_SCHEME" android:host="oauth_callback" />
+        <data android:scheme="$URL_SCHEME" android:host="$URL_HOSTNAME" />
       </intent-filter>
     </config-file>
 

package/src/android/OAuthPlugin.java

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Ayogo Health Inc.
+ * Copyright 2019 - 2022 Ayogo Health Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,20 +16,17 @@
 
 package com.ayogo.cordova.oauth;
 
-import android.app.Activity;
-import android.content.Context;
 import android.content.Intent;
-import android.content.IntentFilter;
-import android.content.pm.PackageManager;
-import android.content.pm.ResolveInfo;
 import android.net.Uri;
 import androidx.browser.customtabs.CustomTabsIntent;
 import android.text.TextUtils;
+import java.net.URLDecoder;
 
 import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.cordova.CallbackContext;
+import org.apache.cordova.CordovaArgs;
 import org.apache.cordova.CordovaInterface;
 import org.apache.cordova.CordovaPlugin;
 import org.apache.cordova.CordovaWebView;
@@ -37,29 +34,15 @@ import org.apache.cordova.CordovaWebViewEngine;
 import org.apache.cordova.LOG;
 import org.apache.cordova.PluginResult;
 
-import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
 
 
 public class OAuthPlugin extends CordovaPlugin {
     private final String TAG = "OAuthPlugin";
-
-    // Taken from Google's CustomTabsHelper
-    // https://github.com/GoogleChrome/custom-tabs-client/blob/da65829d7d4b80c00809c6c4aa7f61f88fc7ca26/shared/src/main/java/org/chromium/customtabsclient/shared/CustomTabsHelper.java
-    static final String STABLE_PACKAGE = "com.android.chrome";
-    static final String BETA_PACKAGE = "com.chrome.beta";
-    static final String DEV_PACKAGE = "com.chrome.dev";
-    static final String LOCAL_PACKAGE = "com.google.android.apps.chrome";
-    private static final String EXTRA_CUSTOM_TABS_KEEP_ALIVE = "android.support.customtabs.extra.KEEP_ALIVE";
-    private static final String ACTION_CUSTOM_TABS_CONNECTION = "android.support.customtabs.action.CustomTabsService";
-
-
-    /**
-     * The name of the package to use for the custom tab service.
-     */
-    private String tabProvider = null;
-
+    private CallbackContext oauthCallback = null;
+    private boolean didFinishLoading = false;
+    private String lastOAuthResult = null;
 
     /**
      * Executes the request.
@@ -76,14 +59,14 @@ public class OAuthPlugin extends CordovaPlugin {
      * @return                Whether the action was valid.
      */
     @Override
-    public boolean execute(String action, JSONArray args, CallbackContext callbackContext) {
+    public boolean execute(String action, CordovaArgs args, CallbackContext callbackContext) {
         if ("startOAuth".equals(action)) {
             try {
                 String authEndpoint = args.getString(0);
+                oauthCallback = callbackContext;
 
                 this.startOAuth(authEndpoint);
 
-                callbackContext.sendPluginResult(new PluginResult(PluginResult.Status.OK));
                 return true;
             } catch (JSONException e) {
                 callbackContext.sendPluginResult(new PluginResult(PluginResult.Status.ERROR));
@@ -96,6 +79,14 @@ public class OAuthPlugin extends CordovaPlugin {
     }
 
 
+    /**
+     * Called when the activity is becoming visible to the user.
+     */
+    @Override
+    public void onStart() {
+        onNewIntent(cordova.getActivity().getIntent());
+    }
+
 
     /**
      * Called when the activity receives a new intent.
@@ -110,26 +101,40 @@ public class OAuthPlugin extends CordovaPlugin {
         }
 
         final Uri uri = intent.getData();
+        String callbackHost = preferences.getString("oauthhostname", "oauth_callback");
 
-        if (uri.getHost().equals("oauth_callback")) {
+        if (uri.getHost().equals(callbackHost)) {
             LOG.i(TAG, "OAuth called back with parameters.");
 
             try {
                 JSONObject jsobj = new JSONObject();
+                jsobj.put("oauth_callback_url", uri.toString());
+
+                // Parse fragment parameters
+                if (uri.getFragment() != null) {
+                    String fragment = uri.getFragment();
+                    String[] pairs = fragment.split("&");
+                    for (String pair : pairs) {
+                        String[] keyValue = pair.split("=");
+                        if (keyValue.length == 2) {
+                            // Decode the fragment parameter before adding it to the JSONObject
+                            String key = keyValue[0];
+                            String value = keyValue[1];
+                            jsobj.put(key, value);
+                        }
+                    }
+                }
 
+                // Parse query parameters
                 for (String queryKey : uri.getQueryParameterNames()) {
                     jsobj.put(queryKey, uri.getQueryParameter(queryKey));
                 }
 
-                final String msg = jsobj.toString();
-                CordovaWebViewEngine engine = this.webView.getEngine();
-                final String jsCode = "window.dispatchEvent(new MessageEvent('message', { data: 'oauth::" + msg + "' }));";
-                if (engine != null) {
-                    engine.evaluateJavascript(jsCode, null);
+                if (this.didFinishLoading) {
+                    dispatchOAuthMessage(jsobj.toString());
                 } else {
-                    this.webView.sendJavascript(jsCode);
+                    this.lastOAuthResult = jsobj.toString();
                 }
-
             } catch (JSONException e) {
                 LOG.e(TAG, "JSON Serialization failed");
                 e.printStackTrace();
@@ -137,119 +142,76 @@ public class OAuthPlugin extends CordovaPlugin {
         }
     }
 
-
     /**
-     * Launches the custom tab with the OAuth endpoint URL.
+     * Called when the activity will start interacting with the user.
      *
-     * @param url The URL of the OAuth endpoint.
+     * We use this method to indicate to the JavaScript side that the OAuth
+     * window has closed (regardless of login status).
      */
-    private void startOAuth(String url) {
-        String customTabsBrowser = findCustomTabProvider();
-
-        CustomTabsIntent.Builder builder = new CustomTabsIntent.Builder();
-        CustomTabsIntent customTabsIntent = builder.build();
+    @Override
+    public void onResume(boolean multitasking) {
+        super.onResume(multitasking);
 
-        String packageName = this.findCustomTabProvider();
-        if (packageName != null) {
-           customTabsIntent.intent.setPackage(packageName);
+        if (oauthCallback != null) {
+            oauthCallback.sendPluginResult(new PluginResult(PluginResult.Status.OK));
+            oauthCallback = null;
         }
-
-        customTabsIntent.launchUrl(this.cordova.getActivity(), Uri.parse(url));
     }
 
 
     /**
-     * Goes through all apps that handle VIEW intents and have a warmup service.
+     * Called when a message is sent to plugin.
      *
-     * Picks the one chosen by the user if there is one, otherwise makes a best
-     * effort to return a valid package name.
-     *
-     * This is <strong>not</strong> threadsafe.
-     *
-     * @return The package name recommended to use for connecting to custom
-     * tabs related components.
+     * @param id            The message id
+     * @param data          The message data
+     * @return              Object to stop propagation or null
      */
-    private String findCustomTabProvider() {
-        if (this.tabProvider != null) {
-            return this.tabProvider;
-        }
-
-        PackageManager pm = this.cordova.getActivity().getPackageManager();
-
-        // Get default VIEW intent handler.
-        Intent activityIntent = new Intent(Intent.ACTION_VIEW, Uri.parse("http://www.example.com"));
-        ResolveInfo defaultViewHandlerInfo = pm.resolveActivity(activityIntent, 0);
-        String defaultViewHandlerPackageName = null;
-
-        if (defaultViewHandlerInfo != null) {
-            defaultViewHandlerPackageName = defaultViewHandlerInfo.activityInfo.packageName;
-        }
-
-
-        // Get all apps that can handle VIEW intents.
-        List<ResolveInfo> resolvedActivityList = pm.queryIntentActivities(activityIntent, PackageManager.MATCH_ALL);
-        List<String> packagesSupportingCustomTabs = new ArrayList<>();
-
-        for (ResolveInfo info : resolvedActivityList) {
-            Intent serviceIntent = new Intent();
-            serviceIntent.setAction(ACTION_CUSTOM_TABS_CONNECTION);
-            serviceIntent.setPackage(info.activityInfo.packageName);
+    @Override
+    public Object onMessage(String id, Object data) {
+        if (id.equals("onPageFinished")) {
+            this.didFinishLoading = true;
 
-            if (pm.resolveService(serviceIntent, 0) != null) {
-                packagesSupportingCustomTabs.add(info.activityInfo.packageName);
+            if (this.lastOAuthResult != null) {
+                this.dispatchOAuthMessage(this.lastOAuthResult);
+                this.lastOAuthResult = null;
             }
         }
-
-        // Now packagesSupportingCustomTabs contains all apps that can handle both VIEW intents
-        // and service calls.
-        if (packagesSupportingCustomTabs.isEmpty()) {
-            this.tabProvider = null;
-        } else if (packagesSupportingCustomTabs.size() == 1) {
-            this.tabProvider = packagesSupportingCustomTabs.get(0);
-        } else if (!TextUtils.isEmpty(defaultViewHandlerPackageName) && !this.hasSpecializedHandlerIntents(activityIntent) && packagesSupportingCustomTabs.contains(defaultViewHandlerPackageName)) {
-            this.tabProvider = defaultViewHandlerPackageName;
-        } else if (packagesSupportingCustomTabs.contains(STABLE_PACKAGE)) {
-            this.tabProvider = STABLE_PACKAGE;
-        } else if (packagesSupportingCustomTabs.contains(BETA_PACKAGE)) {
-            this.tabProvider = BETA_PACKAGE;
-        } else if (packagesSupportingCustomTabs.contains(DEV_PACKAGE)) {
-            this.tabProvider = DEV_PACKAGE;
-        } else if (packagesSupportingCustomTabs.contains(LOCAL_PACKAGE)) {
-            this.tabProvider = LOCAL_PACKAGE;
-        }
-
-        return this.tabProvider;
+        return null;
     }
 
 
     /**
-     * Used to check whether there is a specialized handler for a given intent.
+     * Launches the custom tab with the OAuth endpoint URL.
      *
-     * @param intent The intent to check with.
-     * @return Whether there is a specialized handler for the given intent.
+     * @param url The URL of the OAuth endpoint.
      */
-    private boolean hasSpecializedHandlerIntents(Intent intent) {
-        try {
-            PackageManager pm = this.cordova.getActivity().getPackageManager();
-            List<ResolveInfo> handlers = pm.queryIntentActivities(intent, PackageManager.GET_RESOLVED_FILTER);
+    private void startOAuth(String url) {
+        CustomTabsIntent.Builder builder = new CustomTabsIntent.Builder();
 
-            if (handlers == null || handlers.size() == 0) {
-                return false;
-            }
+        CustomTabsIntent customTabsIntent = builder.build();
+        customTabsIntent.intent.setFlags(Intent.FLAG_ACTIVITY_NO_HISTORY);
+        customTabsIntent.intent.setFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
+        customTabsIntent.intent.putExtra("android.support.customtabs.extra.ENABLE_URLBAR_HIDING", true);
+        customTabsIntent.intent.putExtra("android.support.customtabs.extra.EXTRA_ENABLE_INSTANT_APPS", false);
+        customTabsIntent.intent.putExtra("android.support.customtabs.extra.SEND_TO_EXTERNAL_HANDLER", false);
+        customTabsIntent.intent.putExtra("androidx.browser.customtabs.extra.SHARE_STATE", 2);
+        customTabsIntent.intent.putExtra("androidx.browser.customtabs.extra.DISABLE_BACKGROUND_INTERACTION", false);
+        customTabsIntent.intent.putExtra("org.chromium.chrome.browser.customtabs.EXTRA_DISABLE_DOWNLOAD_BUTTON", true);
+        customTabsIntent.intent.putExtra("org.chromium.chrome.browser.customtabs.EXTRA_DISABLE_STAR_BUTTON", true);
 
-            for (ResolveInfo resolveInfo : handlers) {
-                IntentFilter filter = resolveInfo.filter;
+        customTabsIntent.launchUrl(this.cordova.getActivity(), Uri.parse(url));
+    }
 
-                if (filter == null || filter.countDataAuthorities() == 0 || filter.countDataPaths() == 0 || resolveInfo.activityInfo == null) {
-                    continue;
-                }
+    @SuppressWarnings("deprecation")
+    private void dispatchOAuthMessage(final String msg) {
+        final String msgData = msg.replace("'", "\\'").replace("\n", "\\n").replace("\r", "\\r").replace("\t", "\\t");
+        final String jsCode = "window.dispatchEvent(new MessageEvent('message', { data: 'oauth::" + msgData + "' }));";
 
-                return true;
-            }
-        } catch (RuntimeException e) {
-            LOG.e(TAG, "Runtime exception while getting specialized handlers");
+        CordovaWebViewEngine engine = this.webView.getEngine();
+        if (engine != null) {
+            engine.evaluateJavascript(jsCode, null);
+        } else {
+            this.webView.sendJavascript(jsCode);
         }
-
-        return false;
     }
 }

package/src/ios/OAuthPlugin.swift

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Ayogo Health Inc.
+ * Copyright 2019 - 2022 Ayogo Health Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,11 +14,19 @@
  * limitations under the License.
  */
 
+#if canImport(Cordova)
+import Cordova
+#endif
+
 import os.log
 import Foundation
 import AuthenticationServices
 import SafariServices
 
+extension NSNotification.Name {
+    static let CDVPluginOAuthCancelled = NSNotification.Name("CDVPluginOAuthCancelledNotification");
+}
+
 @objc protocol OAuthSessionProvider {
     init(_ endpoint : URL, callbackScheme : String)
     func start() -> Void
@@ -37,6 +45,8 @@ class ASWebAuthenticationSessionOAuthSessionProvider : OAuthSessionProvider {
         self.aswas = ASWebAuthenticationSession(url: endpoint, callbackURLScheme: callbackURLScheme, completionHandler: { (callBack:URL?, error:Error?) in
             if let incomingUrl = callBack {
                 NotificationCenter.default.post(name: NSNotification.Name.CDVPluginHandleOpenURL, object: incomingUrl)
+            } else {
+                NotificationCenter.default.post(name: NSNotification.Name.CDVPluginOAuthCancelled, object: nil)
             }
         })
     }
@@ -64,6 +74,8 @@ class SFAuthenticationSessionOAuthSessionProvider : OAuthSessionProvider {
         self.sfas = SFAuthenticationSession(url: endpoint, callbackURLScheme: callbackScheme, completionHandler: { (callBack:URL?, error:Error?) in
             if let incomingUrl = callBack {
                 NotificationCenter.default.post(name: NSNotification.Name.CDVPluginHandleOpenURL, object: incomingUrl)
+            } else {
+                NotificationCenter.default.post(name: NSNotification.Name.CDVPluginOAuthCancelled, object: nil)
             }
         })
     }
@@ -86,6 +98,9 @@ class SFSafariViewControllerOAuthSessionProvider : OAuthSessionProvider {
 
     required init(_ endpoint : URL, callbackScheme : String) {
         self.sfvc = SFSafariViewController(url: endpoint)
+        if #available(iOS 11.0, *) {
+            self.sfvc.dismissButtonStyle = .cancel
+        }
     }
 
     func start() {
@@ -119,14 +134,19 @@ class SafariAppOAuthSessionProvider : OAuthSessionProvider {
 
 @objc(CDVOAuthPlugin)
 class OAuthPlugin : CDVPlugin, SFSafariViewControllerDelegate, ASWebAuthenticationPresentationContextProviding {
+    /** This exists for testing purposes */
+    static var forcedVersion : UInt32 = UInt32.max
+
     var authSystem : OAuthSessionProvider?
+    var closeCallbackId : String?
     var callbackScheme : String?
     var logger : OSLog?
 
     override func pluginInitialize() {
         let urlScheme = self.commandDelegate.settings["oauthscheme"] as! String
+        let urlHostname = self.commandDelegate.settings["oauthhostname"] as? String ?? "oauth_callback";
 
-        self.callbackScheme = "\(urlScheme)://oauth_callback"
+        self.callbackScheme = "\(urlScheme)://\(urlHostname)"
         if #available(iOS 10.0, *) {
             self.logger = OSLog(subsystem: urlScheme, category: "Cordova")
         }
@@ -135,6 +155,11 @@ class OAuthPlugin : CDVPlugin, SFSafariViewControllerDelegate, ASWebAuthenticati
                 selector: #selector(OAuthPlugin._handleOpenURL(_:)),
                 name: NSNotification.Name.CDVPluginHandleOpenURL,
                 object: nil)
+
+        NotificationCenter.default.addObserver(self,
+                selector: #selector(OAuthPlugin._handleCancel(_:)),
+                name: NSNotification.Name.CDVPluginOAuthCancelled,
+                object: nil)
     }
 
 
@@ -149,7 +174,9 @@ class OAuthPlugin : CDVPlugin, SFSafariViewControllerDelegate, ASWebAuthenticati
             return
         }
 
-        if #available(iOS 12.0, *) {
+        self.closeCallbackId = command.callbackId
+
+        if OAuthPlugin.forcedVersion >= 12, #available(iOS 12.0, *) {
             self.authSystem = ASWebAuthenticationSessionOAuthSessionProvider(url, callbackScheme:self.callbackScheme!)
 
             if #available(iOS 13.0, *) {
@@ -157,9 +184,9 @@ class OAuthPlugin : CDVPlugin, SFSafariViewControllerDelegate, ASWebAuthenticati
                     aswas.delegate = self
                 }
             }
-        } else if #available(iOS 11.0, *) {
+        } else if OAuthPlugin.forcedVersion >= 11, #available(iOS 11.0, *) {
             self.authSystem = SFAuthenticationSessionOAuthSessionProvider(url, callbackScheme:self.callbackScheme!)
-        } else if #available(iOS 9.0, *) {
+        } else if OAuthPlugin.forcedVersion >= 9, #available(iOS 9.0, *) {
             self.authSystem = SFSafariViewControllerOAuthSessionProvider(url, callbackScheme:self.callbackScheme!)
 
             if let sfvc = self.authSystem as? SFSafariViewControllerOAuthSessionProvider {
@@ -172,7 +199,6 @@ class OAuthPlugin : CDVPlugin, SFSafariViewControllerDelegate, ASWebAuthenticati
 
         self.authSystem?.start()
 
-        self.commandDelegate.send(CDVPluginResult(status: .ok), callbackId: command.callbackId)
         return
     }
 
@@ -181,24 +207,38 @@ class OAuthPlugin : CDVPlugin, SFSafariViewControllerDelegate, ASWebAuthenticati
         self.authSystem?.cancel()
         self.authSystem = nil
 
-        var jsobj : [String : String] = [:]
+        var jsobj : [String : String] = ["oauth_callback_url": url.absoluteString]
         let queryItems = URLComponents(url: url, resolvingAgainstBaseURL: false)?.queryItems
-
-        queryItems?.forEach {
-            jsobj[$0.name] = $0.value
+        let fragment = url.fragment
+
+        // Parse fragment parameters
+        if let fragment = fragment {
+            let pairs = fragment.split(separator: "&")
+            for pair in pairs {
+                let keyValue = pair.split(separator: "=")
+                if keyValue.count == 2,
+                   let key = keyValue[0].removingPercentEncoding,
+                   let value = keyValue[1].removingPercentEncoding {
+                   jsobj[String(key)] = String(value)
+                }
+            }
         }
 
-        if #available(iOS 10.0, *) {
-            os_log("OAuth called back with parameters.", log: self.logger!, type: .info)
-        } else {
-            NSLog("OAuth called back with parameters.")
+        queryItems?.forEach {
+           jsobj[$0.name] = $0.value
         }
 
         do {
             let data = try JSONSerialization.data(withJSONObject: jsobj)
-            let msg = String(data: data, encoding: .utf8)!
 
-            self.webViewEngine.evaluateJavaScript("window.dispatchEvent(new MessageEvent('message', { data: 'oauth::\(msg)' }));", completionHandler: nil)
+            if let msg = String(data: data, encoding: .utf8) {
+                let jsMsg = msg.replacingOccurrences(of: "'", with: "\\'")
+                               .replacingOccurrences(of: "\n", with: "\\n")
+                               .replacingOccurrences(of: "\r", with: "\\r")
+                               .replacingOccurrences(of: "\t", with: "\\t")
+
+                self.webViewEngine.evaluateJavaScript("window.dispatchEvent(new MessageEvent('message', { data: 'oauth::\(jsMsg)' }));", completionHandler: nil)
+            }
         } catch {
             let errStr = "JSON Serialization failed: \(error)"
             if #available(iOS 10.0, *) {
@@ -220,13 +260,28 @@ class OAuthPlugin : CDVPlugin, SFSafariViewControllerDelegate, ASWebAuthenticati
         }
 
         self.parseToken(from: url)
+
+        if let cb = self.closeCallbackId {
+            self.commandDelegate.send(CDVPluginResult(status: .ok), callbackId: cb)
+        }
+        self.closeCallbackId = nil
+    }
+
+
+    @objc internal func _handleCancel(_ notification : NSNotification) {
+        if let cb = self.closeCallbackId {
+            self.commandDelegate.send(CDVPluginResult(status: .ok), callbackId: cb)
+        }
+        self.closeCallbackId = nil
     }
 
 
     @available(iOS 9.0, *)
     func safariViewControllerDidFinish(_ controller: SFSafariViewController) {
-       self.authSystem?.cancel()
-       self.authSystem = nil
+        self.authSystem?.cancel()
+        self.authSystem = nil
+
+        NotificationCenter.default.post(name: NSNotification.Name.CDVPluginOAuthCancelled, object: nil)
     }
 
     @available(iOS 13.0, *)

package/www/oauth.js

@@ -18,10 +18,115 @@ var exec = require('cordova/exec');
 var modulemapper = require('cordova/modulemapper');
 var noop = function() { };
 
+// https://github.com/ungap/event-target
+/**
+ * Copyright (c) 2018, Andrea Giammarchi, @WebReflection
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+var EventTargetPolyfill = (function(Object, wm) {
+  var create = Object.create;
+  var defineProperty = Object.defineProperty;
+  var proto = EventTarget.prototype;
+  define(proto, 'addEventListener', function (type, listener, options) {
+    for (var
+      secret = wm.get(this),
+      listeners = secret[type] || (secret[type] = []),
+      i = 0, length = listeners.length; i < length; i++
+    ) {
+      if (listeners[i].listener === listener)
+        return;
+    }
+    listeners.push({target: this, listener: listener, options: options});
+  });
+  define(proto, 'dispatchEvent', function (event) {
+    var secret = wm.get(this);
+    var listeners = secret[event.type];
+    if (listeners) {
+      define(event, 'target', this);
+      define(event, 'currentTarget', this);
+      listeners.slice(0).some(dispatch, event);
+      delete event.currentTarget;
+      delete event.target;
+    }
+    return true;
+  });
+  define(proto, 'removeEventListener', function (type, listener) {
+    for (var
+      secret = wm.get(this),
+      /* istanbul ignore next */
+      listeners = secret[type] || (secret[type] = []),
+      i = 0, length = listeners.length; i < length; i++
+    ) {
+      if (listeners[i].listener === listener) {
+        listeners.splice(i, 1);
+        return;
+      }
+    }
+  });
+  return EventTarget;
+
+  function EventTarget() {'use strict';
+    wm.set(this, create(null));
+  }
+  function define(target, name, value) {
+    defineProperty(
+      target,
+      name,
+      {
+        configurable: true,
+        writable: true,
+        value: value
+      }
+    );
+  }
+  function dispatch(info) {
+    var options = info.options;
+    if (options && options.once)
+      info.target.removeEventListener(this.type, info.listener);
+    if (typeof info.listener === 'function')
+      info.listener.call(info.target, this);
+    else
+      info.listener.handleEvent(this);
+    return this._stopImmediatePropagationFlag;
+  }
+})(Object, new WeakMap());
+
 
 module.exports = function(url, name, features) {
-  if (name && name.match && name.match(/^oauth:/)) {
-    cordova.exec(noop, noop, 'OAuth', 'startOAuth', [url]);
+  var nameMatch = name && name.match && name.match(/^oauth:/);
+  var featureMatch = features && features.match && features.match(/^(?:.+,)?(oauth)(?:[=,].*)?$/i);
+
+  if (nameMatch || featureMatch) {
+    var wnd = null;
+    if (window.EventTarget) {
+      wnd = new EventTarget();
+    } else {
+      wnd = new EventTargetPolyfill();
+    }
+
+    function success() {
+      if (wnd) {
+        if (wnd.onclose) {
+          wnd.onclose();
+        }
+        wnd.dispatchEvent(new Event('close'));
+      }
+    }
+
+    cordova.exec(success, noop, 'OAuth', 'startOAuth', [url]);
+
+    return wnd;
   } else {
     var originalWindowOpen = modulemapper.getOriginalSymbol(window, 'open');
     return originalWindowOpen.apply(window, arguments);