AppAuth-Android icon indicating copy to clipboard operation
AppAuth-Android copied to clipboard

Published 20 hours ago verified publisher icon openid

Capturing response from server

Open 0xbadc0de opened this issue 6 years ago • 6 comments

Hello! I'm trying to build a Facebook login flow. Redirect url points to backend server, which exchanges code with access_token, performs registration/auth in internal systems and returns JWT (as JSON response) for making requests from app. But i can't capture this response from backend server, after auth on facebook it just redirects to redirect_url and displays JSON content to browser. How i can properly do that i want? Should i build custom intent filter to properly handle the url? Thanks! AndroidManifest.xml:

<activity android:name="net.openid.appauth.RedirectUriReceiverActivity"
    tools:node="replace">
    <intent-filter>
        <action android:name="android.intent.action.VIEW"/>
        <category android:name="android.intent.category.DEFAULT"/>
        <category android:name="android.intent.category.BROWSABLE"/>
        <data android:scheme="https"
            android:host="dev.example.com"
            android:path="/oauth2/facebook"/>
    </intent-filter>
    <intent-filter>
        <action android:name="android.intent.action.VIEW"/>
        <category android:name="android.intent.category.DEFAULT"/>
        <category android:name="android.intent.category.BROWSABLE"/>
        <data android:scheme="https"
            android:host="dev.example.com"
            android:path="/oauth2/google"/>
    </intent-filter>
</activity>

This how i start auth:

private void facebookLogin() {
    mAuthService = new AuthorizationService(getActivity().getApplicationContext());

    AuthorizationServiceConfiguration serviceConfig =
            new AuthorizationServiceConfiguration(
                    Uri.parse("https://www.facebook.com/dialog/oauth"), // authorization endpoint
                    Uri.parse("https://graph.facebook.com/v2.5/oauth/access_token")); // token endpoint

    AuthorizationRequest.Builder authRequestBuilder =
            new AuthorizationRequest.Builder(
                    serviceConfig,
                    FACEBOOK_APP_ID,
                    ResponseTypeValues.CODE,
                    Uri.parse("https://dev.example.com/oauth2/facebook"));

    // Auth request
    AuthorizationRequest authRequest = authRequestBuilder
            .setScope(FACEBOOK_SCOPE)
            .build();

    Intent authIntent = mAuthService.getAuthorizationRequestIntent(authRequest);
    startActivityForResult(authIntent, RC_AUTH);
}

0xbadc0de avatar Mar 23 '18 10:03 0xbadc0de

I am facing a similar issue. Chrome opens the login page and with two options Allow and Deny. When I press Allow, it redirects me to another page on server. I want it to be redirected to the app. It is happening with unsplash OAuth2 API.

sahilpatel14 avatar May 29 '18 17:05 sahilpatel14

Same issue here

jtrollkarl avatar Jul 20 '18 09:07 jtrollkarl

Same issue here, the redirect goes to antoher page on server, not to the android activity...

andrebbk avatar May 20 '19 19:05 andrebbk

Same issue here, the redirect goes to antoher page on server, not to the android activity...

Have you resolved it? I am facing the same issue. 😂

Lotzzz avatar Jun 09 '21 08:06 Lotzzz

The OP describes a scenario where the redirect_uri does not trigger the configured intent-filter. It's unclear from this old issue if both the integrations facebook and google had this issue or it was a specific vendor problem.

Using an https redirect requires App Links to be configured otherwise the end user will see a disambiguation dialog the first time. Alternatively a custom scheme may be used which makes integration easier.

Configuration can be tested from the CLI using adb shell am start -a android.intent.action.VIEW -c android.intent.category.BROWSABLE -d "https://dev.example.com/oauth2/facebook" which should result in a disambiguation dialog the first time or open the app if App Links are configured correctly. (If you select the browser, you'll need to reset the default association to get the dialog again.)

I'm also very interested if you've read README#Capturing the authorization redirect and if we can update that to provide a better explanation.

agologan avatar Jun 09 '21 10:06 agologan

@agologan i had a similar issue, working on it since multiple days, here is where i'm at:

the adb command is working and my device request me to choose my app to open the url

the oauth url once in the app is :

https://server.end/oauth2/authorize?redirect_uri=https%3A%2F%2Fserver.end%2Foauthredirect&client_id=CLIENTID&response_type=code&state="SOMELONGSTRING"&scope=profile&code_challenge="OTHERLONGSTRING"&code_challenge_method=S256

what was expected is : https://server.end/oauthredirect

Also i changed from startActivityForResult to registerForActivityResult since the first one is now deprecated

other also, i'm building a library that an app (or multiple) will use

UPDATE: if i'm not already logged, the page login and redirect me to another url (so i fix my uri redirect and stuff to represent this new url)

if i'm already logged i received the same kind of url that i wrote before

but still url didn't get captured and i'm not getting back to the app

UPDATE 2: if i exit the browser, i get the failed intent as expected

so it's like the browser, once logged, didn'T send the ACTIVITY.RESULT_OK

arist0v avatar Jan 03 '23 16:01 arist0v