Closed
Bug 1463620
Opened 7 years ago
Closed 7 years ago
Fennec Custom Tabs do not correctly handle app links
Categories
(Firefox for Android Graveyard :: Custom Tabs, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 806385
People
(Reporter: vladikoff, Unassigned)
References
()
Details
Attachments
(1 file)
2.58 MB,
application/vnd.android.package-archive
|
Details |
It seems Fennec Custom Tabs are not cable of launching the app activity in cases of an OAuth flow when the redirect uri has an HTTPS scheme.
See attached video for details: https://www.youtube.com/watch?v=gwk7KjFhI24
Results:
* Chrome (Custom Tab): Redirects to APP
* Chrome (Normal): Asks which app to open
* Samsung Internet (Custom Tab): Redirects to APP
* Samsung Internet (Normal): Asks which app to open
* Firefox for Android (Custom Tab): Sits on the redirect URI. It is possible to get back to the app by pressing "Open with..."
* Firefox for Android (Normal): Sits on the redirect URI. Seems like no way to get back to the app.
This doesn't happen on non-HTTPS redirect uris (app uris such as `com.mozilla.something:/oauth-redirect`)
Reporter | ||
Comment 1•7 years ago
|
||
I added the test app used in the video so you can test for yourself
:rfkelly, could you comment on how important do you think it for us to have this working properly for future Android products?
SoftVision marked this as a "Major Issue" in https://github.com/mozilla/notes/issues/1056
Flags: needinfo?(rfkelly)
Flags: needinfo?(michael.l.comella)
Comment 2•7 years ago
|
||
Just to add some android-specific terminology, IIUC this is basically Fennec failing to invoke "app links" as defined here:
https://developer.android.com/training/app-links/
I'm going to re-word the bug title accordingly, but please change it back if I've misunderstood.
> :rfkelly, could you comment on how important do you think it for us to have this working properly for future Android products?
According to official recommendations [1], using app links to claim a https:// URI is the preferred way of implementing an OAuth client app on mobile platforms. So aside from our own Android products, this could prevent other third-party OAuth apps from working correctly when users have Fennec as their primary browser on Android.
For our own mobile products that use OAuth, I have a strong preference that we use app links rather than a custom URI scheme like `com.mozilla.something:/oauth-redirect`, since they have better security properties. But if it's technically complicated to achieve, we probably need to err on the side of working well with Fennec. So I'd agree with "Major" but not "Blocker", as we have an undesirable-but-probably-acceptable workaround of using a custom scheme rather than an app link.
[1] https://www.rfc-editor.org/rfc/rfc8252.txt
Flags: needinfo?(rfkelly)
Summary: Custom Tabs or Fennec do not handle HTTPS redirect uris → Fennec Custom Tabs do not correctly handle app links
Comment 3•7 years ago
|
||
Which I guess basically boils down to bug 806385, since app links are just a more special form [1] of an app claiming to be able to handle certain URLs.
[1] The app automatically gets to be the default handler without user intervention.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Updated•7 years ago
|
Flags: needinfo?(michael.l.comella)
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•