RedirectUriReceiverActivity not called in Android M and above.

[chetan-yg]

Hi,

The RedirectUriReceiverActivity is not being called in Android M and above but works fine in lollipop(Not tested below lollipop).

This is the code in Manifest.xml

<activity
            android:name="net.openid.appauth.RedirectUriReceiverActivity"
            android:exported="true">
            <intent-filter>
                <action android:name="android.intent.action.VIEW"/>
                <category android:name="android.intent.category.DEFAULT"/>
                <category android:name="android.intent.category.BROWSABLE"/>
                <data android:scheme="https"
                    android:host="app.domain.com"
                    android:path="/oauth2callback"/>
            </intent-filter>
        </activity>

Also added assetlinks.json file in https://app.domain.com/.well-known/.

After selecting account it opens another page(which supposed to be trigger RedirectUriReceiverActivity ) and displays "Not found" error message. But If I select click "Open in Browser" then that moment I can see my app is listed in options. So from the browser, it triggering RedirectUriReceiverActivity, but not from the getAuthorizationRequestIntent. Can you please help me out.

[dhruvj]

Facing the same issue. I think Chrome custom tabs does not brings up the disambiguation dialog for the filters that are already previously chosen by user, in our case it is https and chrome custom tabs handles this Url itself. Source: here

One way out of this is to use a custom scheme in intent-filter. Or we may have to blacklist the Chrome Custom Tabs from Browser Matcher list.

It would be great if someone from the app-auth team can confirm my observation though.

[dhruvj]

After a lot of experiments, I can confirm that while using Chrome Custom Tabs(or Samsung Custom Tabs) AND using http/https as scheme would not cause disambiguation dialogue(App chooser) to come up or a redirect to happen back to your application. These browsers only work if your app is selected as a default handler of http/https redirects(which you can do by going into Settings->Application->Set as default.

So, if you are using http/https as scheme, it's best to Blacklist the Chrome Custom Tabs and Samsung Custom Tabs.

Can you guys please update the wiki so people don't spend a lot of time figuring this out?

Note: All my observations were on Android M device.

[iainmcgin]

Was the link correctly registered as an app link? This is required for the redirect to be handled correctly. Additionally, a specific user action, like a click, is required for app links to work - Javascript redirects to app links will not be forwarded to apps.

[sahilpatel14]

I can confirm that this project is running fine on Nougat devices.

[vandanaKumari89]

Hi @sahilpatel14 which IdP did you integrate it with?

Cheers, Vandana

[sahilpatel14]

Hi @vandanaKumari89 , I am not really sure what IdP means. I intergrated my app with unsplash OAUTH2 service and Google OAUTH2. I was testing the whole setup on an emulator running Oreo.

[jtrollkarl]

Have the same issue. Doesn't work on a physical 8.1 device but does on a emulated 7.1

[MalikDE]

I've got quite the same issue on Android M and P (physical device). My use-case is a little bit different :

• https scheme is well defined
• I own the domain and assetlinks.json is set on the server
• Everything is green when running App Link assistant
• I can trigger the RedirectUriReceiverActivity from adb shell command
• CustomTabs are working well

But here is my issue :

• I now clear app data and cache from my app
• I launch again the app ==> Now, CustomTabs won't trigger the intent-filter and won't redirect to my app.

EDIT : Once CustomTabs do not trigger the intent-filter anymore, if I clean Chrome cookies, launch the app: now it is working again. EDIT : If I force to prompt the login/consent screen everytime, it works too.

[iainmcgin]

@MalikDE sounds like the common issue with automatic redirects, when the user has already granted permission to your app in the browser. Look through the other issues tagged redirect-handling for more discussion on that - I've described the problem and a strategy to deal with it in numerous other issues.

[MalikDE]

@iainmcgin Thanks ! For the record, here is your explanation about that issue : #241 2 solutions :

1. use custom scheme knowing that CustomTabs can not leave the app (no popup app selector)
2. use a redirect landing page as you described in #241 to force a user interaction

I also commented on an opened issue on Chromium and waiting a confirmation from the team about that behavior : https://bugs.chromium.org/p/chromium/issues/detail?id=536037