I’m “upgrading” our login widget to use Chrome custom tabs as Google will start blocking OAuth requests with Webviews in a few months ,
The login widget works with our authentication service, which supports the classic login “username and password” and “Social login” by playing OAuth2 “Client” in the authorization code stream using Google / Facebook / ... Thus, the authorization code from Google is delivered to this authentication service, which in turn provides our login widget with an access token.
The access token is passed back to the mobile application through a client-side redirection:
window.location.replace('com.acmeusercontent.tenants.abc:\/setTokenData?accessToken='+access_token+'#');
Everything is fine for a classic login: the user fills in the username and password and sends, the access token is returned, and redirecting to the user URI scheme starts the intent filter of my RedirectReceiverActivity.
However, for social login, nothing happens when redirecting, with the exception of this line in Android Monitor:
I/chromium: [INFO:CONSOLE(0)] "Navigation is blocked: com.acmeusercontent.tenants.abc:/setTokenData..."
Just to be clear: for the classic and social login, the client side of the redirect is exactly the same, but after the classic login, it is allowed, and after the social login it is blocked! And, if I add a button to the widget that does the same redirection after social login, it is again allowed - if the user clicks.
:
- ?
- , ?
, : "intent:", , ..., .
, AppAuth Google, , .