[Openid-specs-ab] AppAuth: Anyone having issue with redirect back to apps?

Joseph Heenan joseph at authlete.com
Mon Jun 12 10:14:15 UTC 2023 

Hi Kosuke

I presume it’s still a relatively small number of user (<10%)?

I do work with customers that occasionally see issues like this, but quite often a bit of data is necessary to narrow down the issue.

Problems I have seen in the past:

Custom URL schemes fail on <2% of Android devices, with Samsung browser being a common theme (solution: use claimed https urls)
Deeplinking fails to establish if the .well-known/apple-app-site-association is geoblocked in a way that prevents it being fetched for some clients (the fetch for this file usually comes from Apple’s servers from a region intended to be close to the region the user is believed to be in, not from the user’s device - solution: don’t geoblock trivial config files)
Deep linking is, at best, unreliable if the deep link is launched from a web page on the same hostname (solution: put the redirect uris on different hostnames/domains from the AS)
Deep linking is, at best, unreliable if the deep link is launched from somewhere that is not a direct result of a user action (so e.g. a top level redirect is okay, a link the user clicks on is ok, but assigning to window.location in the result handler for a xmlhttprequest is getting dodgier)

And probably others that I don’t immediately remember :)

My usual approach (after checking for some of the standard things) is to start gathering some data - if you know that it’s certain OS versions, certain browsers, certain locations, that gives you something to investigate.

Thanks

Joseph


> On 12 Jun 2023, at 03:52, Kosuke Koiwai via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> 
> Hi all,
> 
> I'm having an issue that not a negligible number of users can't
> redirect back to native (Android/iOS) apps after OIDC login sessions
> on ChromeCustomTab/ASWebAuthenticationSession.
> Most users can successfully login, but some fraction of users can't,
> and I have not been able to reproduce the issue.
> 
> Occurs with both HTTP schema (AppLinks/Universal Links) and custom URL schema.
> I'm wondering if anyone has the same issue.
> 
> Thanks,
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230612/f7949f15/attachment.html>

More information about the Openid-specs-ab mailing list