iOS: App-to-App flow for oAuth is not resuming. It loads the app from beginning instead.

[atitpatel]

The problem

I am trying to accomplish App-to-App oAuth. I am not able resume the flow after reaching back to my own app after the authentication from Chase bank.

After the authentication from Chase bank, instead of resuming the Plaid success flow, my app loads from the beginning. What should I do to fix this flow?

Environment

Plaid Link React Native	7.1.1
ReactNative Version	0.66.2
Occurs on Android	No
Android OS Version	-
Android Devices/Emulators	-
Occurs on iOS	yes
iOS Version	14
iOS Devices/Emulators	iPhone 11

Steps to Reproduce

These aren't really steps to reproduce. I am listing the steps I have followed so far:

• Set up universal link for the app
• Provide redirectUri while creating the link token to navigate back to the app
• Hosted App Association File on server and created pattern for 'redirect/plaid' URL

You can probably assume some more work from the fact that oAuth flow is working and app-to-app redirection is also working. It's just not resuming at the correct point.

Expected Result

After the successful authentiacation/failure, the app should have resumed to the same Plaid flow instead of loading the app from the start.

Screenshots

Sequence of events:

[amytang0]

Hi, would you mind seeing if this repros with the latest SDK 7.2.1? We have implemented some OAuth fixes that may be relevant

[atitpatel]

@amytang0 I'll get test it tomorrow(It's a long process as I don't have the bank account). Is there anything else I can do to improve this on my side? Is there a way to verify this on sandbox environment? Also, does app-to-app redirection works on Android as well? It doesn't for me on Android. It just takes the user to browser and not the installed app.

[amytang0]

Are you passing in android_package_name for Android? Things that could help us on our end is a link_token or link_session_id that this issue occurs with

[atitpatel]

Yes, I am passing android_package_name for Android. Is it safe to share the link_token here? Also, can you please suggest on how to test this in Sandbox environment? I am relying on a teammate to test this end-to-end.

[amytang0]

Yes tokens are safe to share especially if they have already expired. Feel free to share a session_id instead if they have not expired

On Thu, Feb 10, 2022, 12:26 AM Atit Patel @.***> wrote:

Yes, I am passing android_package_name for Android. Is it safe to share the link_token here? Also, can you please suggest on how to test this in Sandbox environment? I am relying on a teammate to test this end-to-end.

— Reply to this email directly, view it on GitHub https://github.com/plaid/react-native-plaid-link-sdk/issues/457#issuecomment-1034622120, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGSZZIICOEDHEPLT6PZAVTU2NZBXANCNFSM5NOEQZNA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[atitpatel]

iOS link session id : 8a2dd28e-4ad6-4459-93be-1a6651be7ec9

[atitpatel]

Android : 3cb78ca4-3db3-4d7b-a774-f444a7146403

As I mentioned earlier, on Android Chase Bank App didn't open at all. It got redirected to browser instead, whereas on iOS it did open Chase app and returned to my app, but instead of resuming the session, the app got reloaded from the beginning.

[atitpatel]

@amytang0 can you please try and revert to this? I have also raised a support ticket from our end, but there is no significant update. Thanks in advance!

[amytang0]

Hey hey, there were some recent OAuth improvements in iOS 2.4.0, please upgrade to the latest and see if that resolves your iOS issues.

On the Android side, please retry on a different Android OS. There's an issue with Chase's app links on Android 12, and while we are working together to resolve that issue, it is ultimately Chase's timeline to fix.

[jhurray]

@atitpatel confirming a few things:

• This is still happening, and only on iOS?
• How have you set up the component that is opening link? Are you calling openLink directly or using the PlaidLink component
• Have you implemented all of the OAuth Requirements detailed here? The RCTLinkingManager has been a gotcha to other customers

[atitpatel]

hey @jhurray , here are the answers :

• Yes, it is still happening. It also happens in Android. For Android, it doesn't even go to installed Chase bank for verification.

• I am using PlaidLink component.

• I confirm that all three requirements are fulfilled

  - Redirect URI is registered and it works as expected 
  
  - RCTLinkManager handler is also there
  
   - Deeplinks are setup correctly
  

[jhurray]

Thanks @atitpatel - woudl it be possible to provide videos or gifs of the iOS & Android flows? I'm not grokking the behavior from the screenshots. It looks like the last screenshot is a browser, but you mentioned the behavior is loading the app from the start.

Thanks!

[jhurray]

Also @atitpatel one follow up question, is this happening with other banks or just chase? You can test app2app in the sandbox env following these instructions if Chase is the only production bank you have available.

[atitpatel]

Chase is the only oAuth enabled bank where I am facing this issue.

I have tested with OAuth Platypus Bank many times. It redirects the oAuth flow to the browser() and works perfectly fine, but the flow remains broken on Prod environment.

I have provided a loom video recording of the iOS issue and other details in this support ticket. (Can't share the video here for confidentiality purposes)

[jhurray]

Thanks @atitpatel - that's very helpful. From the video it looks like application set is being entirely reset (lloks like a navigation transition is happening, and that the first tab is selected. It also looks like link is presented from a VC nested in a navigation stack on the settings tab).

If the presenting view controller of the Link flow is deallocated or removed from the view hierarchy, the Link flow will be terminated. That's my best guess as to what is happening based on the video, but it doesn't help to explain why only Chase is failing. If you can confirm the status of the presenting VC (the viewController passed to PresentationMethod when opening Link) when linking back to the app that would be a great next step

• If its deallocated or out of the view hierarchy, this is something that needs to be fixed on your end
• If its not, we can dig deeper into whats happening. If this is the case, an in depth description of the view hierarchy setup and how thats impacted when handling universal links would be useful. It may be better to connect on the Plaid Partners slack instance if we need to go deeper for confidentiality reasons if thats a concern to you!.

[atitpatel]

Thanks @jhurray for such detailed answer. I'll try and get back to you with the exact answers of the same.

We are using React Native and the screen is a direct component of Navigation stack. The PlaidLink is there directly on the listed screen. We are not using PlaidLink on Modal( which uses PresentVC internally I believe) . So, I don't think deallocation is the issue.

Also, the universal link when I try to hit from the browser, it doesn't reload the app and navigates perfectly to the same state of the app. I checked it from many screens. Will double check it from the exact screen where PlaidLink is used.

Apart from this, can you please also respond on Android issue? The Android app doesn't consider the installed Chase bank app at all and redirects to the browser for completing the authentication flow.

[jhurray]

cc @amytang0 for the Android issue ^

Thanks @atitpatel , please let me know when you have more details. Another thing to check would be the state of your app in the app switcher when chase is active. Its important to understand when your app state is resetting

Also, the universal link when I try to hit from the browser, it doesn't reload the app and navigates perfectly to the same state of the app. I checked it from many screens. Will double check it from the exact screen where PlaidLink is used.

Please let us know the results. IMO it would be worthwhile to check that behavior while Link is open

[atitpatel]

The universal link works completely fine for the screen where the PlaidLink is mounted. It also works when the PlaidLink is opened(It doesn't deallocate/dismiss the presented Plaid window)

Can you please guide me on how can we connect over Slack? I can also invite you over our team's slack if it any easier for you.

Another clarification: I am just checking this flow for Chase bank. Not sure if oAuth flow is broken for any other bank or not. But it is definitely not working for Chase.

[amytang0]

I addressed the Android issue earlier, but this is a Chase-specific issue that they are working on with their app. You can test the desired behavior by instead using an Android <12 device or on Android 12+, going to Settings > Apps > Chase > Defaults > Supported Web Addresses and checking that all the URLs are enabled

[atitpatel]

@amytang0 we are actually checking the app-to-app oAuth flow and we do know that it's not working for Chase bank. There might be other banks where it isn't working. Can you suggest any other bank where I can check this?

[amytang0]

Hi, Chase is the only production US financial institution that supports app2app, but we have future upcoming partners. Our sandbox app2app flow is working.

[atitpatel]

@amytang0 @jhurray when you guys are suggesting that sandbox app2app flow is working, I can verify the same with oAuth Platypus bank. But that isn's a separate app, right? It is still just another window inside a main app. Is that correct understanding?

Also, can we somehow connect on slack to debug this further @jhurray ?

[jhurray]

@atitpatel the app2app bank is Platypus App2App bank (docs)

Are you on the plaid partner slack instance?

[atitpatel]

No, I am not. I work for Airbase. I also can't see Platypus App2App Bank in my sandbox environment. Attaching the screenshot of all the Platypus banks I could find in my list.

[Eden-Eliel]

The Platypus App2App is there in sandbox, I found it easier to find by searching "App2App".

However in the sandbox, Plaid doesn't open a new App, but uses a webview inside our app. Making it impossible to deeplink / universal link inside the app again.

Any suggestions of testing the app2app flow?

[scottmarlatt]

• The RCTLinkingManager has been a gotcha to other customers

@jhurray Is RCTLinkingManager required or would this also work with RNBranch?

[djMax]

We are having a problem seemingly like this, but on Android only. When it comes back from the browser, it just totally reloads the RN app. I put a breakpoint in MainActivity::onDestroy, and that IS NOT called, but for some reason the app fully reloads.

[dtroupe-plaid]

Closing because Plaid Link React Native 7.x.x is no longer supported. If the issue persists in the latest SDK please open a new issue.