-
Notifications
You must be signed in to change notification settings - Fork 891
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AppLink as Authorization Endpoint #853
Comments
Sorry to bother you. Any update on the question? |
Think you're on the right track, though you may be interested in this proposed change #622 |
I'll take the time to evaluate and test the proposal as soon as possible. |
Android contains an intent attribute named "autoVerify" that does exactly what the PR adds. I do not know if reimplementing the mechanism is the right thing to do. If the PR's author (@fabian-hk) can help us, it would be appreciated. I propose to integrate what the android developer site suggests. from the link above:
Please, anyone able to improve my consideration or correct it should speak! |
Configuration
Description
I'm trying to integrate the AppAuth authorization flow by replacing the default browser tab with a custom activity that handles login (& 2FA). The service configuration has two links:
I've declared a working AppLink bound to the "authorization endpoint" inside the manifest but the
authIntent
created by the library contains a package specification that permits only to the selected app to open the intent.The method that creates the intent is this, in particular, line 565:
effectively disallowing AppLinks to work.
I'm not sure if the reason behind the implementation was relative to security or ease of use but the RFC 8252 has a section (7.2) which state:
Thus, it should not be against rules.
In the end, for now, I've found a dirty solution that changes the intent's content:
And I'm working at the
LoginActivity
to correctly integrate the flow (ex. by starting an intent to simulate the last redirect to the RedirectUriReceiverActivity).Thanks in advice,
Davide.
The text was updated successfully, but these errors were encountered: