I am using Google Sign in to authenticate users in my mobile app, but Android users are having an issue.
The flow is:
- User presses sign in with Google.
- Using Expo (react native), we open a secure browser (
WebBrowser.openAuthSessionAsync) that points to our authentication server, with aredirect-uriquery param. Important to note that android usesChromeCustomTabs. - Our authentication server redirects the user to Google Authentication, and embeds the
redirect-uriinto thestateproperty of OAuth. - The user signs in by entering their credentials
- The user is prompted via 2FA to confirm that it is them (this happens in Gmail, or a native prompt)
- The user confirms that it is them
- Instead of being redirected back to the browser tab that is authenticating them, they are redirecting back to the app. The app then does nothing, if they click sign in again, then the browser gets opened and they end up in a loop.
What should happen (and does for most people):
- The user confirms that it is them
- They get redirected to the browser tab which then redirects to our server callback url
- Our server checks their data to see if we need to create them an account
- Create JWT and extract
redirect-uri(and verify it is valid) - Redirect (using deep linking) back to our App with tokens
WebBrowser.openAuthSessionAsyncdetects deep link and sets authentication then closes
The problem happens only for a small subset of users, and I am at a loss for what part of the process is breaking down. We don't receive any errors from expo or on the server.
Does anyone have any ideas on what could be going wrong or how to configure where Gmail / System prompt redirects you to?
I am using the web browser, as we want the server to handle this flow and because we re-use this same system for our web app.
Thanks