search

iZettle / sdk-android

Add card payments from Zettle to your own app
https://developer.zettle.com/docs/android-sdk
24 stars 20 forks source link

403 Forbidden upon successful authentication #92

Closed fobos531 closed 6 months ago

fobos531 commented 6 months ago

Expected Behavior

After successful authentication, I should be able to properly exit the Webview back into my app.

Current Behavior

I'm getting a 403 Forbidden upon successful authentication via the Managed authentication flow. See picture:

CleanShot 2024-01-03 at 23 23 44@2x

Steps to Reproduce

Use the Managed authentication flow. Login with Zettle account. Observe that a 403 error occurs.

Context

This is the OAuth redirect URL that I set in the dashboard

CleanShot 2024-01-03 at 23 26 09@2x

This is how I initialize the SDK.

CleanShot 2024-01-03 at 23 26 59@2x

This is how I start the login flow:

ZettleSDK.instance?.login(currentActivity)

I can then successfully login, but at the point where I should get back into my app, I just get a 403 in the webview.

In AndroidManifest I also made sure to include the relevant schemes:

CleanShot 2024-01-03 at 23 28 25@2x

Is there anything else that I'm missing?

Failure Logs

I don't see any failures in ADB logs.

fobos531 commented 6 months ago

Interestingly enough, I noticed that if I try to use the client ID of my iOS application - then I don't get a 403 and it seems like I logged in, but it doesn't actually log me in.

Any help would be greatly appreciated.

CheZhongSdk commented 6 months ago

Hi Jakov @fobos531 , Thank you for reaching out!

I don't see the full picture of your manifest file, but seems OAuthActivity is missing there. Please try to follow this document to add the OAuthActivity to your manifest. Also, regarding the client ID issue. You can verify it by using our Example app, simply fill in the values in zettleSDK.gradle file. Then run the app to test your client ID.

fobos531 commented 6 months ago

Hello @CheZhongSdk

Thanks for getting back. I added this activity like this:

 <activity
    android:exported="true"
    android:name="com.izettle.android.auth.OAuthActivity"
    android:launchMode="singleTask"
    android:taskAffinity="@string/oauth_activity_task_affinity">
    <intent-filter>
        <data android:host="oauth" android:scheme="zettleuxapptest" />
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
    </intent-filter>
</activity>

but I'm still getting the exact same error. Please note the android:host and android:scheme. In the developer dashboard, I declared the OAuth Redirect URI as zettleuxapptest://oauth. I also tested this on the Example App and I filled it out like this: CleanShot 2024-01-04 at 14 19 53@2x

But I am still getting the same error even in the example app. Again, there are no errors in logcat. Is there anything else I could try?

CheZhongSdk commented 6 months ago

Hi Jakov, could you check the App package you registered in the Develop Dashboard match the app you are developing for? They should be same.

If it's still not working for you. I suggest you contact our Support Service Desk Developer Support - SDK payments and refunds to provide your client ID, then we could verify it here.

fobos531 commented 6 months ago

Hi Jakov, could you check the App package you registered in the Develop Dashboard match the app you are developing for? They should be same.

If it's still not working for you. I suggest you contact our Support Service Desk Developer Support - SDK payments and refunds to provide your client ID, then we could verify it here.

Hello Che,

Yes, I confirmed that it is the exact same. I contacted the Support Service Desk and I am awaiting a resolution. Thanks!

Also, is there an ability to delete the app from the dashboard? I have a few of them that I only used for testing and would like to delete them since I no longer need them.

CheZhongSdk commented 6 months ago

Also, is there an ability to delete the app from the dashboard? I have a few of them that I only used for testing and would like to delete them since I no longer need them.

Yes, afaik, you can't delete the app credential once it's created. But please reach out to the Service Desk, they should know more.

But this maybe the issue for your issue. 🤔 Do you registered multiple test apps with the same App ID? If that is the case, try to create a new one with new App ID and also update applicationId in your android project. Let me know if that works.

fobos531 commented 6 months ago

Hello @CheZhongSdk

I did some more digging and had success after all. It looks like it was a misconfiguration on my end regarding the oauth redirect URI. If the issue reappears I will reopen it, but I'll close it for now.

Thank you for your assistance!