Android redirect after login , using default https scheme

[guns28]

Checklist

• The issue can be reproduced in the auth0_flutter sample app (or N/A).
• I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

so i followed the documentation :

ios work fine

on android i setup teh https scheme as said and added my app and bundle and sha256 to activate app links , my issue is taht the form open , i tap the user it go and do not open the app , and when i open teh app the user is connected but it's not the tapped user the mail is empty and token is wrong.

tried with custom cheme it show me an an app to choose 2 app the same app and do not show the form just an error not found.

thx the documantation in the website is for version 1.6.0 the last version is 1.11.0. tried to dwongrade to 1.8.0 same issue.

credentials =
await auth0.webAuthentication().login(
useHTTPS: true,
audience: dotenv.env['AUTH0_AUDIENCE']
scopes: {
'openid',
'profile',
'email',
'offline_access',
},
parameters: {
'scope':
'openid profile email offline_access',
},
)

Reproduction

1 setup the configuration on the website for sur scheme and app links
2 manifestPlaceholders += [auth0Domain: "traffitech-testing.eu.auth0.com", auth0Scheme: "https"]
3 run login above
4 type login and password
5 for get hidden wrong user

Additional context

No response

auth0_flutter version

1.11.0

Flutter version

Channel stable, 3.27.3

Platform

Android

Platform version(s)

No response

[pmathew92]

Hi @guns28 ,
Would it be possible to share a video of the issue you are facing to understand this in more detail .
Thanks

[guns28]

60ce8427-9c2a-475e-9130-08901b744144.mp4

[pmathew92]

Hi ,
I see you are using brave browser. Have you tried this with chrome as the default browser ?

[guns28]

yes same behavior.

[pmathew92]

The redirect flow should work on chrome with custom scheme . With https ,this needs to have app links which as you mentioned you have already set up. We will check this and let you know

[guns28]

yes i setup app bundle and sha256 there is. alink that show you the json it work fine.

i tried custom scheme and https both gave same result on different navigators.

do you have a working example i can configure and test. the example project in auth0 website is not working and old.

[pmathew92]

Hi you can use the sample app from the repo to try . Is the flow not working with custom scheme also on chrome ?

[pmathew92]

Hi @guns28 , Just checking on this issue. Were you able to reproduce this issue on the sample app in the repo ?

[kerimamansaryyev]

Hi @guns28 , Just checking on this issue. Were you able to reproduce this issue on the sample app in the repo ?

I managed to reproduce the issue. Here are the steps:

1. Open the app.
2. Initiate the web login.
3. Make sure the in-app browser is visible.
4. Go background (by clicking the home button, for example).
5. Click on the recent apps (Why it shows 2 applications? Because of 2 activities?).
6. Click on the one with the browser open.
7. Log in.
8. Instead of returning back to the app, the browser will be terminated.

[kerimamansaryyev]

So the in-app browser is displayed as a separate application, for some reason. It's very inconvenient as it does not communicate properly with the main activity.

Here are the bugs that I've found:

1. If you don't finish the login and terminate the in-app browser by swiping it away from the recents and return back to the main activity manually - the created future never resolves. Expected behavior: when the browser activity is terminated - the future should resolve the same way as a user would cancel login.
2. I described the second bug in the comment above.
3. When a user logs in successfully, the browser activity is closed but it's not removed from the recent apps.

Is there a way to launch the in-app browser inside that application like the React Native SDK does it? I am surprised that nobody yet hasn't uncovered these bugs, I've been searching all over the internet, this issue is the closest that I've found.

[kerimamansaryyev]

I've done some research. The browser activity is launched in a new window because android:taskAffinity of the .MainActivity of newer flutter applications is set to an empty string value for the security reasons - preventing malware to launch malicious activities on top of other applications. Is there a way to launch the auth0 web login browser in the same Android application stack without omitting the taskAffinity?

[kerimamansaryyev]

So, in order to reproduce the issue, your main activity in AndroidManifest.xml should have the following configurations:

<activity
            android:name=".MainActivity"
            android:exported="true"
            android:launchMode="singleTop"
            android:taskAffinity=""
            android:theme="@style/LaunchTheme"
            android:configChanges="orientation|keyboardHidden|keyboard|screenSize|smallestScreenSize|locale|layoutDirection|fontScale|screenLayout|density|uiMode"
            android:hardwareAccelerated="true"
            android:windowSoftInputMode="adjustResize">