Microsoft-authentication-library-for-dotnet: [Bug] Migration on Android 29+

Created on 20 Nov 2020 · 11Comments · Source: AzureAD/microsoft-authentication-library-for-dotnet

I've migrated my project to AndroidX due to upgrading the target framework from 28 to 30 and it has broken the usage of the CustomTabsService. Currently, MSAL opens the Google Chrome browser instead of CustomTabs activity.

Logs and Network traces
MSAL Warning False (False) MSAL 4.22.0.0 MSAL.Xamarin.Android 30 [11/20/2020 16:54:19 - 7fe5b2e7-d520-4048-bcf2-035889a9387c] Browser with custom tabs package not available. Launching with alternate browser. See https://aka.ms/msal-net-system-browsers for details.

Which Version of MSAL are you using ?
4.22.0

Platform
Android

What authentication flow has the issue?

Mobile
- [*] Interactive
- [ ] Integrated Windows Auth
- [ ] Username Password
- [ ] Device code flow (browserless)

Is this a new or existing app?
The app is in production, I haven't upgraded MSAL, but started seeing this issue

Expected behavior
MSAL should use CustomTabsService instead of third party web browsers

Actual behavior
It uses third party web browsers

Possible Solution
I've found that someone has commented out code to use AndroidX custom tabs on Android 10+
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/79b57039a076391fe350a736fe9c951322fdd422/src/client/Microsoft.Identity.Client/Platforms/Android/SystemWebview/AuthenticationActivity.cs#L39

I guess it should be uncommented out and everything will be fine.

Fixed bug Mobile-Android

Source

Dimdron

Most helpful comment

Yes, the issue is when you compile against Android 11 there is a new security system in place called package visibility:
https://devblogs.microsoft.com/xamarin/android-11-package-visibility/

You need to add this into your manifest -

 <queries>
    <intent>
      <action android:name="android.support.customtabs.action.CustomTabsService" />
    </intent>
  </queries>

For reference:

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="1" android:versionName="1.0" package="com.companyname.app35">
  <queries>
    <intent>
      <action android:name="android.support.customtabs.action.CustomTabsService" />
    </intent>
  </queries>
  <uses-sdk android:minSdkVersion="21" android:targetSdkVersion="30" />
    <application android:label="App35.Android" android:theme="@style/MainTheme"></application>
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
</manifest>

jamesmontemagno on 23 Nov 2020

👍2

All 11 comments

@jamesmontemagno looks like this was added as part of your AndroidX PR. can you give context as to why it's commented out?

jennyf19 on 20 Nov 2020

Hmmm been a while, don't remember, could try to put it back in and see if that fixes it up.

jamesmontemagno on 23 Nov 2020

OH, i left a comment. I am pretty sure -> _customTabsServiceAction is used only to check if it exists and we shoudl use the legacy one?... maybe we should check both...

jamesmontemagno on 23 Nov 2020

The other thing that could be happening is that the migration tool is changing the string maybe..... it really should be the old one to check the service -> https://github.com/zhanghai/CustomTabsHelper/blob/master/library/src/main/java/org/chromium/customtabsclient/CustomTabsHelper.java#L49

jamesmontemagno on 23 Nov 2020

Yes, the issue is when you compile against Android 11 there is a new security system in place called package visibility:
https://devblogs.microsoft.com/xamarin/android-11-package-visibility/

You need to add this into your manifest -

 <queries>
    <intent>
      <action android:name="android.support.customtabs.action.CustomTabsService" />
    </intent>
  </queries>

For reference:

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="1" android:versionName="1.0" package="com.companyname.app35">
  <queries>
    <intent>
      <action android:name="android.support.customtabs.action.CustomTabsService" />
    </intent>
  </queries>
  <uses-sdk android:minSdkVersion="21" android:targetSdkVersion="30" />
    <application android:label="App35.Android" android:theme="@style/MainTheme"></application>
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
</manifest>

jamesmontemagno on 23 Nov 2020

👍2

@Dimdron please see @jamesmontemagno 's response above, and you can also try this branch which has included the commented code. thank you.

We also have this issue with Android 11 support.

jennyf19 on 23 Nov 2020

@Dimdron any update on your side?

jennyf19 on 25 Nov 2020

Oh, thanks for your updates! I will try your recommendation and answer soon!

Dimdron on 26 Nov 2020

Yeap, the reason was in package visibility changes. I've checked both SDK versions(4.22/4.23) and they are working properly with a query for ❗️support.customtabs❗️
I've missed this item in the android 11 migration tutorial.. 🤦‍♂️

Dimdron on 27 Nov 2020

👍1

I am still pretty puzzled here. From what I can see in my tests with the current NuGet 2.24 the Custom Tabs do still not work with Android 29+
As @Dimdron mentioned above, it has to do with these lines: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/master/src/client/Microsoft.Identity.Client/Platforms/Android/SystemWebview/AuthenticationActivity.cs#L40-L41
and I think they should be commented out (or removed). The official docs mention to use android.support.customtabs.action.CustomTabsService: https://developers.google.com/web/android/custom-tabs/implementation-guide#how_can_i_check_whether_the_android_device_has_a_browser_that_supports_custom_tab
At this time, I can only get the custom tabs to work when downgrading to 4.23 - is that expected behavior and the issue is now being tracked here? https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2139