Appauth-android: The browser won't get closed and hence not able to catch the sign-in response

Created on 25 Jan 2017  路  16Comments  路  Source: openid/AppAuth-Android

Hi, the demo app won't return back to the caller activity after authentication is successful. I have used the default settings what was already made for this app.
here is the manifest extract from the demo app.

<activity android:name="net.openid.appauth.RedirectUriReceiverActivity" 
          tools:node="replace">
  <intent-filter>
    <action android:name="android.intent.action.VIEW"/>
    <category android:name="android.intent.category.DEFAULT"/>
    <category android:name="android.intent.category.BROWSABLE"/>
    <data android:scheme="https"
          android:host="net.openid.appauthdemo"
          android:path="/oauth2redirect"/>
  </intent-filter>
</activity>

Is this default setting in the demo app needs to be modified?
after succesful login, the browser wont get closed and hence not able to go back to the MainAcitivity of this app.
(Also, I have not completely understood the redirect/uri scheme here. pls point me to the links that provide more info about it)

question

Most helpful comment

This should do it:

BrowserBlacklist blacklist = new BrowserBlacklist(
    new VersionedBrowserMatcher(
        Browsers.SBrowser.PACKAGE_NAME,
        Browsers.SBrowser.SIGNATURE_SET,
        true, // custom tab
        VersionRange.ANY_VERSION));

AuthorizationService authService = new AuthorizationService(
    context,
    new AppAuthConfiguration.Builder()
        .setBrowserMatcher(blacklist)
        .build());

authService.performAuthorization(authRequest, completionIntent);

Once we have confirmation that custom tabs are fixed in SBrowser at a particular version, VersionRange.ANY_VERSION can be substitutedFor VersionRange.atMost(SBROWSER_FIX_VERSION) where SBROWSER_FIX_VERSION will be the last broken version number of SBrowser.

All 16 comments

I see two potential issues here:

  1. If you are intending to capture a HTTPS redirect, the host (net.openid.appauthdemo) looks incorrect, and for this to work, you also have to ensure that app linking is configured correctly. The host in your fragment looks different from what is in our source, so I assume you modified this?

  2. If instead you want to capture a custom scheme redirect, make sure you update this line in the build file. It looks like that step is missing from the demo app instructions - we added this step in the 0.4.0 release. I'll fix the README.

Actually that step is already mentioned here.

Thanks for the reply.
This redirection issue still exist.

I have added the reverse of the client (as guided by google) as redirect scheme in my Manifest as shown here

<activity android:name="net.openid.appauth.RedirectUriReceiverActivity" 
          tools:node="replace">
  <intent-filter>
    <action android:name="android.intent.action.VIEW"/>
      <category android:name="android.intent.category.DEFAULT"/>
      <category android:name="android.intent.category.BROWSABLE"/>
      <data android:scheme="https"
            android:host="com.googleusercontent.apps.<MY_ID_ADDED_HERE>"
            android:path="/oauth2redirect"/>
  </intent-filter>
</activity>

I have the below line in my build. grade file.

android {
    defaultConfig {
        applicationId 'net.openid.appauthdemo'
        project.archivesBaseName = 'appauth-demoapp'
        vectorDrawables.useSupportLibrary = true

        manifestPlaceholders = [
                'appAuthRedirectScheme': 'com.googleusercontent.apps.<MY_ID_HERE>'
        ]
    }

I have the below setup in idp_configs.xml

xml <bool name="google_enabled">true</bool> <string name="google_client_id" translatable="false"><MY_ID_HERE>.apps.googleusercontent.com</string> <!-- NOTE: This scheme is automatically provisioned by Google for Android OAuth2 clients, and is the reverse form of the client ID registered above. Handling of this scheme is registered in an intent filter in the app's manifest. --> <string name="google_auth_redirect_uri" translatable="false">com.googleusercontent.apps.<MY_ID_HERE>:/oauth2redirect</string>
I got the client id registered in google console and used here in your demo app.

So, still the browser wont get closed and the "RedirectUriReceiverActivity" is never launched.

Any issue here? pls guide.
Thanks,

Your data filter looks incorrect, and you've marked it as replace so the version that is generated from the manifestPlaceholder is removed. I think if you just completely remove your own activity tag from your manifest it should work fine. It needs to look like this in the generated manifest:

<activity android:name="net.openid.appauth.RedirectUriReceiverActivity" 
          tools:node="replace">
  <intent-filter>
    <action android:name="android.intent.action.VIEW"/>
      <category android:name="android.intent.category.DEFAULT"/>
      <category android:name="android.intent.category.BROWSABLE"/>
      <data android:scheme="com.googleusercontent.apps.<MY_ID_ADDED_HERE>" />
  </intent-filter>
</activity>

Thanks iainmcgin. it worked. but this issue still exists on Samsung Galaxy S6 (Android V6.0.1).
It's device specific issue. coz, it works on Samsung Galaxy J7 (Android V6.0.1). (this infers that it doesn't seem to be android OS version specific)

It worked on all other devices

Check the version of SBrowser on each of the devices - it would be useful for me to know if they are different, and if so, which one is broken.

Chrome Versions on All the tested samsung devices:
J7 55.0.2883.91
S6 51.0.2704.81 (not working)
S4 55.0.2883.91

Odd that the S6 is stuck on such an old version of Chrome. However, this is useful data, thanks for providing it.

I have a question regarding on the changes in build.gradle for using the custom uri scheme.

If i use another idp (my owns created), i need to change that instead of keeping the google one?

I agree. that's odd in my case as I have not been upgrading the chrome to latest version. but we can't force the end users to do so. this issue blocks them from using the entire oAuth feature & we can't expect them to come back & report this issue & then we suggesting this fix of upgrading the chrome to latest version.
so, can we expect a fix that works on all the versions of chrome? thanks.

Hi iainmcgin,
Here is the additional info that may help you in debugging this issue.
1.I have tested upgrading the chrome & it did not work.

  1. After the step1 observation, I saw that the chrome is not at all being launched though it is set as default browser. so I concluded that it is not the chrome or its version issue. (I confirmed it by copying the url in Samsung browser and pasting it in Chrome address bar which worked nicely)
  2. As I continue my test, I came to know that Samsung has its own browser and it is getting launched every time thought it was not set a default browser.
    so, the issue is with the Samsung browser. I have seen in your code here where the SBrowser is defined to map to the package "com.sec.android.app.sbrowser" .
    is this the one that representing Samsung browser?
    if So, we may need to re-check the settings made in the SBrowser class.
    Hope this helps for a quicker RCA.
    So, Please note that there are 2 issues to be fixed as below
  3. Redirection won't work on Samsung browser
  4. AppAuth library always launches the Samsung browser event though it is not set as default browser (I hav set Chrome as default browser in my S6 device)
    Thanks.
  1. See #116 for the bug in Samsung's browser; this is why I had asked about SBrowser in my previous comments. You can blacklist the version range of the Samsung browser with the bug, unfortunately, I don't know exactly what version the bug was introduced in, and whether it is yet fixed.

  2. See what BrowserSelector.getAllBrowsers() returns on the problem device. If Chrome is the default browser, it should appear as the first entry in the list, and it is this ordering that AppAuth uses for selecting which browser to launch.

Thanks for the reply.
can you pls help me with a code snippet on how to blacklist "samsung custom tab browser" (specific versions) ?

I was able to do this with a different approach which might not be a right approach as shown below.
at line#99 in BrowserSelector.getAllBrowsers(), i m checking if it is a samsung browser. if it is, i am skipping adding that into browser list (i m doing it for only custom tab case).
(this approach restricting all the versions for samsung custom tab browsers instead of restricting only those on which the issue exists)

This should do it:

BrowserBlacklist blacklist = new BrowserBlacklist(
    new VersionedBrowserMatcher(
        Browsers.SBrowser.PACKAGE_NAME,
        Browsers.SBrowser.SIGNATURE_SET,
        true, // custom tab
        VersionRange.ANY_VERSION));

AuthorizationService authService = new AuthorizationService(
    context,
    new AppAuthConfiguration.Builder()
        .setBrowserMatcher(blacklist)
        .build());

authService.performAuthorization(authRequest, completionIntent);

Once we have confirmation that custom tabs are fixed in SBrowser at a particular version, VersionRange.ANY_VERSION can be substitutedFor VersionRange.atMost(SBROWSER_FIX_VERSION) where SBROWSER_FIX_VERSION will be the last broken version number of SBrowser.

Thanks for the code snippet.
So, this worked for me. is it possible to incorporate this temporary fix into AppAuth and release a new version until samsung fix the issue in their browser?

Should this work with a regular deep link? Or does AppAuth require a app link to work properly with HTTPS redirects?
(https://developer.android.com/training/app-links#app-links-vs-deep-links)

Was this page helpful?
0 / 5 - 0 ratings

Related issues

hallerio picture hallerio  路  7Comments

Write4Dinesh picture Write4Dinesh  路  3Comments

Jawnnypoo picture Jawnnypoo  路  3Comments

trebouillon picture trebouillon  路  6Comments

Smedzlatko picture Smedzlatko  路  7Comments