Hi, the demo app won't return back to the caller activity after authentication is successful. I have used the default settings what was already made for this app.
here is the manifest extract from the demo app.
<activity android:name="net.openid.appauth.RedirectUriReceiverActivity"
tools:node="replace">
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="https"
android:host="net.openid.appauthdemo"
android:path="/oauth2redirect"/>
</intent-filter>
</activity>
Is this default setting in the demo app needs to be modified?
after succesful login, the browser wont get closed and hence not able to go back to the MainAcitivity of this app.
(Also, I have not completely understood the redirect/uri scheme here. pls point me to the links that provide more info about it)
I see two potential issues here:
If you are intending to capture a HTTPS redirect, the host (net.openid.appauthdemo) looks incorrect, and for this to work, you also have to ensure that app linking is configured correctly. The host in your fragment looks different from what is in our source, so I assume you modified this?
If instead you want to capture a custom scheme redirect, make sure you update this line in the build file. It looks like that step is missing from the demo app instructions - we added this step in the 0.4.0 release. I'll fix the README.
Actually that step is already mentioned here.
Thanks for the reply.
This redirection issue still exist.
I have added the reverse of the client (as guided by google) as redirect scheme in my Manifest as shown here
<activity android:name="net.openid.appauth.RedirectUriReceiverActivity"
tools:node="replace">
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="https"
android:host="com.googleusercontent.apps.<MY_ID_ADDED_HERE>"
android:path="/oauth2redirect"/>
</intent-filter>
</activity>
I have the below line in my build. grade file.
android {
defaultConfig {
applicationId 'net.openid.appauthdemo'
project.archivesBaseName = 'appauth-demoapp'
vectorDrawables.useSupportLibrary = true
manifestPlaceholders = [
'appAuthRedirectScheme': 'com.googleusercontent.apps.<MY_ID_HERE>'
]
}
I have the below setup in idp_configs.xml
xml
<bool name="google_enabled">true</bool>
<string name="google_client_id" translatable="false"><MY_ID_HERE>.apps.googleusercontent.com</string>
<!--
NOTE: This scheme is automatically provisioned by Google for Android OAuth2 clients, and is
the reverse form of the client ID registered above. Handling of this scheme is registered in an
intent filter in the app's manifest.
-->
<string name="google_auth_redirect_uri" translatable="false">com.googleusercontent.apps.<MY_ID_HERE>:/oauth2redirect</string>
I got the client id registered in google console and used here in your demo app.
So, still the browser wont get closed and the "RedirectUriReceiverActivity" is never launched.
Any issue here? pls guide.
Thanks,
Your data filter looks incorrect, and you've marked it as replace so the version that is generated from the manifestPlaceholder is removed. I think if you just completely remove your own activity tag from your manifest it should work fine. It needs to look like this in the generated manifest:
<activity android:name="net.openid.appauth.RedirectUriReceiverActivity"
tools:node="replace">
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="com.googleusercontent.apps.<MY_ID_ADDED_HERE>" />
</intent-filter>
</activity>
Thanks iainmcgin. it worked. but this issue still exists on Samsung Galaxy S6 (Android V6.0.1).
It's device specific issue. coz, it works on Samsung Galaxy J7 (Android V6.0.1). (this infers that it doesn't seem to be android OS version specific)
It worked on all other devices
Check the version of SBrowser on each of the devices - it would be useful for me to know if they are different, and if so, which one is broken.
Chrome Versions on All the tested samsung devices:
J7 55.0.2883.91
S6 51.0.2704.81 (not working)
S4 55.0.2883.91
Odd that the S6 is stuck on such an old version of Chrome. However, this is useful data, thanks for providing it.
I have a question regarding on the changes in build.gradle for using the custom uri scheme.
If i use another idp (my owns created), i need to change that instead of keeping the google one?
I agree. that's odd in my case as I have not been upgrading the chrome to latest version. but we can't force the end users to do so. this issue blocks them from using the entire oAuth feature & we can't expect them to come back & report this issue & then we suggesting this fix of upgrading the chrome to latest version.
so, can we expect a fix that works on all the versions of chrome? thanks.
Hi iainmcgin,
Here is the additional info that may help you in debugging this issue.
1.I have tested upgrading the chrome & it did not work.
See #116 for the bug in Samsung's browser; this is why I had asked about SBrowser in my previous comments. You can blacklist the version range of the Samsung browser with the bug, unfortunately, I don't know exactly what version the bug was introduced in, and whether it is yet fixed.
See what BrowserSelector.getAllBrowsers() returns on the problem device. If Chrome is the default browser, it should appear as the first entry in the list, and it is this ordering that AppAuth uses for selecting which browser to launch.
Thanks for the reply.
can you pls help me with a code snippet on how to blacklist "samsung custom tab browser" (specific versions) ?
I was able to do this with a different approach which might not be a right approach as shown below.
at line#99 in BrowserSelector.getAllBrowsers(), i m checking if it is a samsung browser. if it is, i am skipping adding that into browser list (i m doing it for only custom tab case).
(this approach restricting all the versions for samsung custom tab browsers instead of restricting only those on which the issue exists)
This should do it:
BrowserBlacklist blacklist = new BrowserBlacklist(
new VersionedBrowserMatcher(
Browsers.SBrowser.PACKAGE_NAME,
Browsers.SBrowser.SIGNATURE_SET,
true, // custom tab
VersionRange.ANY_VERSION));
AuthorizationService authService = new AuthorizationService(
context,
new AppAuthConfiguration.Builder()
.setBrowserMatcher(blacklist)
.build());
authService.performAuthorization(authRequest, completionIntent);
Once we have confirmation that custom tabs are fixed in SBrowser at a particular version, VersionRange.ANY_VERSION can be substitutedFor VersionRange.atMost(SBROWSER_FIX_VERSION) where SBROWSER_FIX_VERSION will be the last broken version number of SBrowser.
Thanks for the code snippet.
So, this worked for me. is it possible to incorporate this temporary fix into AppAuth and release a new version until samsung fix the issue in their browser?
Should this work with a regular deep link? Or does AppAuth require a app link to work properly with HTTPS redirects?
(https://developer.android.com/training/app-links#app-links-vs-deep-links)
Most helpful comment
This should do it:
Once we have confirmation that custom tabs are fixed in SBrowser at a particular version,
VersionRange.ANY_VERSIONcan be substitutedForVersionRange.atMost(SBROWSER_FIX_VERSION)whereSBROWSER_FIX_VERSIONwill be the last broken version number of SBrowser.