[Bug] Firefox Preview fails to redirect to App-specific protocol (breaks OpenID auth workflow)

[st3fan]

From https://bugzilla.mozilla.org/show_bug.cgi?id=1618146

Context:

• I'm using an Android app called "Onleihe" to borrow e-books from my local library (VÖBB Berlin).
• Upon login, the app redirects me to https://www.voebb.de/oidcp/authorize?prompt=login&client_id=divibib001&response_type=code&redirect_uri=onleihe://authredirect&state=01f7de25&scope=openid+adisbms (which opens in Firefox).

Problem:

• After logging in to my library account (in Firefox), I should get redirected to the app.
• Instead, I'm getting a Firefox error page titled "Unknown Protocol".

It looks like the website redirects to onleihe://authredirect, but Firefox doesn't recognize this, even though the Android app has registered this protocol (presumably, as it works in Chrome and worked in the old Firefox for Android).

┆Issue is synchronized with this Jira Task

[kbrosnan]

This should be fixed on Nightly @rocketsroger

[rocketsroger]

Yes, this is related to https://bugzilla.mozilla.org/show_bug.cgi?id=1619344. Should be fixed on the next nightly with GV 75.0.20200303095030.

[caugner]

@kbrosnan @rocketsroger I have checked with 75.0.20200303095030 and it does not show the error message anymore, but it doesn't switch back to the app either.

PS: I'm the reporter of the original Bugzilla bug.

[rocketsroger]

@caugner debugging this issue I see some interesting behavior. (I had to test with hardcoded redirect to onleihe://authredirect since I don't have an account to test with)

I can see that this url causes A-C to open a app with the package name de.etecture.ekz.onleihe and the activity is de.etecture.ekz.onleihe.activity.RedirectUriReceiverActivity. But the app opens and closes instantly. Do you see a quick switch back to the app and back to the browser when you finished signing in?

[rocketsroger]

@caugner one update. I noticed something very similar while testing it on my personal device with nightly from Google Play. Can you try something for me? Please uninstall and then reinstall Fenix nightly and see if it now works?

[caugner]

Do you see a quick switch back to the app and back to the browser when you finished signing in?

@rocketsroger Yes, I'm seeing exactly the same (i.e. it looks like it switches, but then it switches back).

After logging in on Desktop with the URL from the issue description, the website redirects me to this URL: onleihe://authredirect?code=xLM...&state=01f7de25

Could it be that Firefox omits the URL parameters?

[rocketsroger]

I see. so its unrelated to the uninstall/reinstall workaround.

You're correct, it could be. This will requires more investigation to see what happened. But it is good that we confirmed it's not an app link redirect issue but a URL issue.

[caugner]

Can you try something for me? Please uninstall and then reinstall Fenix nightly and see if it now works?

Just tried, experiencing the same faulty behavior (after having uninstalled and reinstalled Fenix).

But it is good that we confirmed it's not an app link redirect issue but a URL issue.

Note that I determined the redirect URL with Firefox Desktop. I'm not sure if I have provided clear confirmation that it's not an "app link redirect" vs. a URL issue.

[caugner]

@rocketsroger Just noticed that Firefox Focus is also affected by this issue (currently showing the Unknown Protocol error). Does it make sense to file an issue in their repository as well?

[rocketsroger]

Just tried, experiencing the same faulty behavior (after having uninstalled and reinstalled Fenix).

Thanks for the update.

Note that I determined the redirect URL with Firefox Desktop. I'm not sure if I have provided clear confirmation that it's not an "app link redirect" vs. a URL issue.

Yes, only thing we can be sure is that "app link redirect" did work but the redirect did not work as expected.

[rocketsroger]

@rocketsroger Just noticed that Firefox Focus is also affected by this issue (currently showing the Unknown Protocol error). Does it make sense to file an issue in their repository as well?

Focus also uses GeckoView as its engine. There were an recent fix but the release Focus is probably still using a older more stable GeckoView version.

[rocketsroger]

With the latest fixes, this issue is not an app links issue anymore. The intent was redirected back into the library app but it did not behave as expected. This seems to point at a possibility that the app either did not like the data we embedded in the intent or was not expecting the way we redirect the intent. This will need more investigation with a test account.

[caugner]

@rocketsroger I don't mind sharing my login data with you via a secure channel, if that would help?

[rocketsroger]

@rocketsroger I don't mind sharing my login data with you via a secure channel, if that would help?

That will be great. Thanks!

[rocketsroger]

@caugner This change should be in nightly now. Can you please confirm this is fixed? Thanks,

[caugner]

@rocketsroger Thanks a lot, I confirm it's fixed in Nightly.

[rocketsroger]

@rocketsroger Thanks a lot, I confirm it's fixed in Nightly.

Thanks, I'll close the issue