Define redirect URIs for mobile apps

[tobihagemann]

Please agree to the following

• [X] I have searched existing issues for duplicates
• [X] I agree to follow this project's Code of Conduct

Summary

In Keycloak, define redirect URIs for mobile apps.

Motivation

For the mobiles apps, we require new valid redirect URIs in the cryptomator client in Keycloak. Currently, we use http://127.0.0.1/* as redirect URI for the Desktop app that we cannot re-use for the mobile apps.

Suggestion:

• iOS: hub.org.cryptomator.ios:/auth
• Android: hub.org.cryptomator.android:/auth

Considered Alternatives

On iOS, we experimented with associated domains like https://ios.cryptomator.org/hub/auth at length. We almost got it to work (https://github.com/cryptomator/ios/commit/362809556eca2f73de8821050409236420f3233c + https://github.com/cryptomator/ios/commit/16c401706063ddeb6ba114bd7acaeefb740b6d38) but ultimately failed because the FileProviderExtensionUI cannot handle the OAuth flow anymore and would need to switch to the main app (and there is no way to switch back).

Anything else?

No response

[overheadhunter]

Suggestion:

• iOS: hub.org.cryptomator.ios:/auth
• Android: hub.org.cryptomator.android:/auth

RFC 8252, Section 7.1:

When choosing a URI scheme to associate with the app, apps MUST use a URI scheme based on a domain name under their control, expressed in reverse order [...]

Therefore I would suggest org.cryptomator.ios: and org.cryptomator.android:.

[tobihagemann]

Thank you for the RFC reference.

Together with @infeo, we've decided to use org.cryptomator.ios:/hub/auth and org.cryptomator.android:/hub/auth. We added the path because apps may need the information to resume the app logic, and we want to be as specific as possible so that future deep-linking features don't conflict with this endeavor.

Does that make sense, @overheadhunter?