Alexandru Gologan

Not sure what is wrong here. Can you please tell where along the authentication workflow this breaks? Please keep in mind using `client_secret`s is discouraged as explained in the [README.md](https://github.com/openid/AppAuth-Android#utilizing-client-secrets-dangerous)...

Guessing that by MFA call you mean, phone call verification. Let's trace it again: • user taps login in app • app opens custom tab with MS auth • user...

I'm sorry I don't understand. When you come back from your phone call does it return you to the CustomTab? If yes what is the state of the website does...

Unfortunately there isn't much we can do to help. The lib doesn't control either the IDP or the browser. It only picks up after the intent callback. I see a...

The lib doesn't do any validation at that step, the error returned is a parsing error. https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/IdToken.java#L163 Can you provide an example of a token you believe is correct but...

As you can see that parsing and validation part starts with `if (response.idToken != null)`. https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationService.java#L697

The OP describes a scenario where the `redirect_uri` does not trigger the configured **intent-filter**. It's unclear from this old issue if both the integrations facebook and google had this issue...

Good point. Do you mind fixing the conflicts and signing the CLA (https://github.com/openid/AppAuth-Android/blob/master/CONTRIBUTING.md)

@Najam94 please provide further information about how your application interacts with the affiliate link. Step by step instructions or even a demo would help. If the affiliate link opens your...

@rrurnit same question. I don't know what the actual flow you're trying to achieve is. I did give 2 possibilities above but you need to describe it first so we...