WebView Handoff

Launch SecureSign Mobile App from a WebView — no embedded signing SDK.

Overview

If your native app embeds a WebView that loads your signing portal, you do not embed a SecureSign SDK inside the WebView. Instead, the WebView page uses the same securesign://sign deep link as mobile browser integration. The SecureSign Mobile App handles token access and PIN entry.

Flow

WebView Handoff WebView intercepts deep link — opens SecureSign Mobile App WEBVIEW (PORTAL JS) NATIVE APP (INTERCEPT) SECURESIGN MOBILE APP DSC TOKEN 1 Portal JS builds securesign://sign 2 shouldOverrideUrlLoading Android WebViewClient decidePolicyFor (iOS) DEEP LINK 3 OS opens SecureSign App 4 4 Sign on token CALLBACK 5 callbackUrl → WebView or native handler DSC cert Sign Not supported: WebView JS bridge SDK Use deep link to Mobile App instead DSC + PIN + Sign with DSC in SecureSign App if (url.startsWith("securesign://")) startActivity(Intent.ACTION_VIEW, Uri.parse(url)) Intercept deep link in WebView — open SecureSign Mobile App Same securesign://sign protocol as mobile browser — no embedded SDK in WebView
WebView redirects to app - user sees certificate, enters PIN, taps Authenticate
  1. User taps Sign with DSC inside WebView-loaded portal page
  2. Portal JavaScript builds securesign://sign deep link
  3. Native app intercepts the link or WebView navigates to deep link
  4. SecureSign Mobile App opens, user signs with DSC token
  5. App returns to callbackUrl — WebView or native handler receives signature

Android WebView

// In WebViewClient.shouldOverrideUrlLoading
if (url.startsWith("securesign://")) {
    startActivity(Intent(Intent.ACTION_VIEW, Uri.parse(url)))
    return true
}
// Or delegate to Mobile App Handoff from native code

iOS WebView (WKWebView)

func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction,
             decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
    if let url = navigationAction.request.url, url.scheme == "securesign" {
        UIApplication.shared.open(url)
        decisionHandler(.cancel)
        return
    }
    decisionHandler(.allow)
}

No WebView SDK

No JavaScript bridge SDK

Toolsbots does not provide a WebView JavaScript bridge or embedded signing SDK. All signing goes through the SecureSign Mobile App. For enterprise embedded requirements, contact us.

See also Mobile App Handoff and Deep Link Protocol.