Open SPodjasek opened 11 months ago
Yes, I run into with very similar problem. I create application which needs authorization with OIDC provider (Keycloak) and I have 3 situation:
AppAuth version: 0.11.1 Language: Kotlin OIDC provider: Keycloak
Hi all,
I've observed the same issue with my app (native Kotlin Android). I am using version 0.11.1
of the library. When the app gets started with an app link (clicking on a link in an email) the authorization flow ends with No stored state - unable to handle response
. If the app gets started from the launcher, the authorazation flow completes normally and the result is delivered to the calling activity.
Based on the research from @SPodjasek I think that the same flag is causing my problem too.
I would appreciate any ideas how this can be worked around.
Thank you in advance.
Configuration
flutter_appauth
package v6.0.2Description
I've run into a very specific edge case problem inside my app which probably involves intent handling by Android.
So, the app offers authorization with proprietary OIDC compatible provider - and this works flawlessly. But besides that it offers registration flow and password recovery flow. Both rely on user clicking a one-time link in email message they receive - and the problem is with that two flows. Those links are handled by the app as App Links. App verifies tokens it receives in link, asks user for confirmation and starts authentication flow with AppAuth supplying tokens in additional parameters. Everything runs fine in CustomTab until provider finishes authentication - and after that things get strange....
When you use
adb am start
to simulate click on App Link everything is fine, Intent is delivered toRedirectUriReceiverActivity
in running application instance and properly forwarded toAuthorizationManagementActivity
, then integration handles response and everything finishes as expected.But when you click the link from GMail, after finishing OIDC flow a new App instance is started every time. It doesn't have access to saved state and logs following error
No stored state - unable to handle response
- so the flow couldn't finish properly. Although on OIDC side everything finishes properly, user is registered properly on his password is properly reset. This from user perspective is very confusing.From what I've found by now the problem is with flags that are used to start the App via App Links. When you use
adb
it defaults to only usingFLAG_ACTIVITY_NEW_TASK 0x10000000
, but when you click on a link it uses following:FLAG_ACTIVITY_REQUIRE_NON_BROWSER 0x00000400
FLAG_ACTIVITY_CLEAR_WHEN_TASK_RESET 0x00080000
FLAG_ACTIVITY_NO_ANIMATION 0x00010000
When I've tried to set similar flags with
adb
it seems that onlyFLAG_ACTIVITY_CLEAR_WHEN_TASK_RESET
is causing problem to occur. When I start Intent without it (0x90400
) everything works.Digging further into that I've tried experimenting with
documentLaunchMode
,launchMode
andallowTaskReparenting
with various combinations. I've also tried setting redirect URI to HTTPS (I've used custom scheme as default) and the results are always the same.Anyone here run into similar problem?
This issue is critical to this App and as I've wasted few days already debugging this I'll probably implement those not working flows without AppAuth to make App usable - but in future I'll like to use original design (BTW application is multi-platform and with iOS it works properly).
Below you can find logcat entries from tests. Those starting with
A
are from success tests. Those withB
are from failed ones.Starting App from App Link - notice different
result code
After CustomTab finishes - same as above,
result code
forAuthorizationManagementActivity
differs