Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Custom Uri scheme is picked by AppAuth even if not matching

See original GitHub issue

We have successfuly integrated AppAuth into our application but suddenly ran into a couple of problems with deep links.

We are using custom URI scheme for AppAuth. These are all the relevant parts:

build.gradle

manifestPlaceholders = [
                'appAuthRedirectScheme': 'com.example'
 ]

manifest

<activity android:name="net.openid.appauth.RedirectUriReceiverActivity">
            <intent-filter>
                <action android:name="android.intent.action.VIEW" />

                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />

                <data android:scheme="com.example://redirect" />
            </intent-filter>
</activity>

This part works fine for the login flow. However, we are using some other deep links and redirects and couple of other activites have intent filters like this:

<intent-filter android:label="Futurity">
                <action android:name="android.intent.action.VIEW" />

                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />

                <data android:scheme="com.example" android:host="login"/>
</intent-filter>

When we click a button on our webpage with custom uri com.example://login, we are prompted to select between two instances of our application - one of the activities picked by this uri is AppAuth, as I discovered (if I change the scheme to com.example2://redirect), then everything works fine in terms of app selection but it feels unnecessary to have a separete scheme just for AppAuth.

Is this a bug or am I missing something fundamental? Thank you very much for the answer and I am happy to provide more details if needed.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:10 (1 by maintainers)

github_iconTop GitHub Comments

3reactions
iainmcgincommented, Apr 19, 2018

By default, the intent filter defined by AppAuth for RedirectUriReceiverActivity captures all URIs that match the scheme defined in the placeholder (see here). So, this is overlapping with your own filter. You can fix this by defining a different intent filter for RedirectUriReceiverActivity, overriding the one that the library provides:

<activity android:name="net.openid.appauth.RedirectUriReceiverActivity"
    tools:node="replace">
  <intent-filter>
    <action android:name="android.intent.action.VIEW" />

    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />

    <data 
        android:scheme="com.example"
        android:path="redirect" />
  </intent-filter>
</activity>

This would mean that AppAuth would only capture com.example:/redirect, and therefore should not capture your com.example://host link.

0reactions
fukemycommented, Aug 18, 2020

i got error " At least one host must be specified" when setting ``

<data 
    android:scheme="com.example"
    android:path="redirect" />
Read more comments on GitHub >

github_iconTop Results From Across the Web

Custom URI scheme - Ldapwiki
Custom URI scheme is URI Scheme (as defined by RFC 3986) that a native application creates and registers with the Operating System (and...
Read more >
Android custom URI scheme incorrectly encoded when type in ...
I am writing my android application, which I want to define a custom URI scheme, so that user can go to my app...
Read more >
draft-wdenniss-oauth-native-apps-02 - IETF Datatracker
"custom URI scheme" A URI scheme (as defined by [RFC3986]) that the app creates and registers with the OS (and is not a...
Read more >
Improving OAuth App-to-App Security - danielfett.de
Custom schemes can be claimed, like on Android, by every app, but the OS will not display a selection menu - it will...
Read more >
OAuth 2.0 for Mobile & Desktop Apps - Google Developers
Custom URI scheme (Android, iOS, UWP) · If your app uses app signing by Google Play, copy the SHA-1 fingerprint from the app...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Run AuthService outside of activity context

Next page

NPE on AuthorizationManagementActivity.onResume (from Android framework?)