Firefox blocks App Links from opening app automatically with browser setting

openid / AppAuth-Android

Android client SDK for communicating with OAuth 2.0 and OpenID Connect providers.

https://openid.github.io/AppAuth-Android

Apache License 2.0

2.87k stars 887 forks source link

Firefox blocks App Links from opening app automatically with browser setting #732

Closed carstenhag closed 3 years ago

carstenhag commented 3 years ago

Configuration

Version: 0.9.1
Integration: Kotlin
Identity provider: In this case SAP Gigya from a b2b customer, together with App Links

Description

In the login process using Firefox as default browser, it doesn't go back to the app automatically. You need to tap on the 3 dots and select 'Open in App'

We first thought this was a bug in firefox or in our implementation of app links, but it is documented at Firefox's help site: https://support.mozilla.org/en-US/kb/set-firefox-android-open-links-native-apps

The app link is verified and works fine using Chrome. Screenshots:

FCA Firefox login result
Bildschirmfoto 2021-08-23 um 13 40 49

How can one solve this? We could forbid users from using Firefox when we have to use App Links, but is this really the only way? Of course, the user could tap on the overflow menu and select "Open in app" but it would still be bad User Experience.

carstenhag commented 3 years ago

Seems like others are also having this issue: https://github.com/mozilla-mobile/fenix/issues/15202

agologan commented 3 years ago

While we understand the issue there's not much we can be do about it. Browser developers need to add better support for App Links. In the meantime you can open in chrome all the time (if the browser is installed) bypassing the default browser or use a custom redirect uri (if the integration allows it).

carstenhag commented 3 years ago

We have had lengthy discussions with that b2b partner and their IDM system. Tl;dr: It's not possible right now to configure custom redirect uris due to SAP ;).

Okay, I am trying to contact someone from the Firefox team, else we will just denylist firefox I guess. Thanks @agologan!

carstenhag commented 3 years ago

FYI, this is how I implemented a workaround:

    // Use custom list, as AppAuth's firefox constant only refers to the main firefox app.
    private val firefoxPackageNames = listOf(
            "org.mozilla.firefox",
            "org.mozilla.klar",
            "org.mozilla.firefox_beta",
            "org.mozilla.fenix",
    )
    appAuthConfigurationBuilder.setBrowserMatcher { descriptor ->
                descriptor.useCustomTab && !firefoxPackageNames.contains(descriptor.packageName)
    }

agologan commented 3 years ago

You can also use a BrowserDenyList as explained in the doc to the same effect.

Closing this issue for now. Thank you for your reply.