search

openid / AppAuth-Android

Android client SDK for communicating with OAuth 2.0 and OpenID Connect providers.
https://openid.github.io/AppAuth-Android
Apache License 2.0
2.84k stars 883 forks source link

Capturing response from server #322

Open 0xbadc0de opened 6 years ago

0xbadc0de commented 6 years ago

Hello! I'm trying to build a Facebook login flow. Redirect url points to backend server, which exchanges code with access_token, performs registration/auth in internal systems and returns JWT (as JSON response) for making requests from app. But i can't capture this response from backend server, after auth on facebook it just redirects to redirect_url and displays JSON content to browser. How i can properly do that i want? Should i build custom intent filter to properly handle the url? Thanks! AndroidManifest.xml:

<activity android:name="net.openid.appauth.RedirectUriReceiverActivity"
    tools:node="replace">
    <intent-filter>
        <action android:name="android.intent.action.VIEW"/>
        <category android:name="android.intent.category.DEFAULT"/>
        <category android:name="android.intent.category.BROWSABLE"/>
        <data android:scheme="https"
            android:host="dev.example.com"
            android:path="/oauth2/facebook"/>
    </intent-filter>
    <intent-filter>
        <action android:name="android.intent.action.VIEW"/>
        <category android:name="android.intent.category.DEFAULT"/>
        <category android:name="android.intent.category.BROWSABLE"/>
        <data android:scheme="https"
            android:host="dev.example.com"
            android:path="/oauth2/google"/>
    </intent-filter>
</activity>

This how i start auth:

private void facebookLogin() {
    mAuthService = new AuthorizationService(getActivity().getApplicationContext());

    AuthorizationServiceConfiguration serviceConfig =
            new AuthorizationServiceConfiguration(
                    Uri.parse("https://www.facebook.com/dialog/oauth"), // authorization endpoint
                    Uri.parse("https://graph.facebook.com/v2.5/oauth/access_token")); // token endpoint

    AuthorizationRequest.Builder authRequestBuilder =
            new AuthorizationRequest.Builder(
                    serviceConfig,
                    FACEBOOK_APP_ID,
                    ResponseTypeValues.CODE,
                    Uri.parse("https://dev.example.com/oauth2/facebook"));

    // Auth request
    AuthorizationRequest authRequest = authRequestBuilder
            .setScope(FACEBOOK_SCOPE)
            .build();

    Intent authIntent = mAuthService.getAuthorizationRequestIntent(authRequest);
    startActivityForResult(authIntent, RC_AUTH);
}
sahilpatel14 commented 6 years ago

I am facing a similar issue. Chrome opens the login page and with two options Allow and Deny. When I press Allow, it redirects me to another page on server. I want it to be redirected to the app. It is happening with unsplash OAuth2 API.

jtrollkarl commented 6 years ago

Same issue here

andrebbk commented 5 years ago

Same issue here, the redirect goes to antoher page on server, not to the android activity...

Lotzzz commented 3 years ago

Same issue here, the redirect goes to antoher page on server, not to the android activity...

Have you resolved it? I am facing the same issue. 😂

agologan commented 3 years ago

The OP describes a scenario where the redirect_uri does not trigger the configured intent-filter. It's unclear from this old issue if both the integrations facebook and google had this issue or it was a specific vendor problem.

Using an https redirect requires App Links to be configured otherwise the end user will see a disambiguation dialog the first time. Alternatively a custom scheme may be used which makes integration easier.

Configuration can be tested from the CLI using adb shell am start -a android.intent.action.VIEW -c android.intent.category.BROWSABLE -d "https://dev.example.com/oauth2/facebook" which should result in a disambiguation dialog the first time or open the app if App Links are configured correctly. (If you select the browser, you'll need to reset the default association to get the dialog again.)

I'm also very interested if you've read README#Capturing the authorization redirect and if we can update that to provide a better explanation.

arist0v commented 1 year ago

@agologan i had a similar issue, working on it since multiple days, here is where i'm at:

the adb command is working and my device request me to choose my app to open the url

the oauth url once in the app is :

https://server.end/oauth2/authorize?redirect_uri=https%3A%2F%2Fserver.end%2Foauthredirect&client_id=CLIENTID&response_type=code&state="SOMELONGSTRING"&scope=profile&code_challenge="OTHERLONGSTRING"&code_challenge_method=S256

what was expected is : https://server.end/oauthredirect

Also i changed from startActivityForResult to registerForActivityResult since the first one is now deprecated

other also, i'm building a library that an app (or multiple) will use

UPDATE: if i'm not already logged, the page login and redirect me to another url (so i fix my uri redirect and stuff to represent this new url)

if i'm already logged i received the same kind of url that i wrote before

but still url didn't get captured and i'm not getting back to the app

UPDATE 2: if i exit the browser, i get the failed intent as expected

so it's like the browser, once logged, didn'T send the ACTIVITY.RESULT_OK