I'm building an app, where the auth flow goes as follows
- user clicks login button
- a login window opens, and the user logs in,
- the popup window uses postMessage to send the auth token to the main page, verifying the origin
- the main page closes th window after receiving the token.
This flow works great on desktop devices, but not in mobile browsers, where window.open opens a new tab that can't be programmatically closed.
On mobile devices, I can send the user to the login screen, and send them back with the auth token in the hash, but I only want to do that when I have to. How do I detect whether window.close works without browser sniffing?
Aucun commentaire:
Enregistrer un commentaire