I am looking to migrate existing social sign-in redirect URLs from a custom URL protocol (myscheme://) to an https URL scheme (https://). This change would be made in a React Native project, but only in the Android app. I was looking at using expo-web-browser, which uses Chrome Custom Tabs for Android functionality.
In practice what I’m experiencing is the updated https:// redirect URL is properly opened in expo-web-browser, but the openAuthSessionAsync promise is not properly resolved (and the browser window is not dismissed). The identical flow works as expected if I open a social sign-in link in the default Chrome browser, though the user is prompted to choose whether to open the link in the app or the browser (an undesired step in the flow). I’m curious whether this is a limitation of expo-web-browser or Custom Tabs, or if there’s something I’m missing in my setup.
// this is how I make the call to openAuthSessionAsync (opens a Chrome Custom Tab)
WebBrowser.openAuthSessionAsync('social-login-url', 'https://foo.bar/xxx', {
preferEphemeralSession: true, // iOS only
});
// this is the intent-filter in the AndroidManifest.xml file
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="https" android:host="foo.bar" android:path="/xxx" />
</intent-filter>
I've tried with both expo-web-browser and react-native-inappbrowser-reborn, which makes me think I either haven't set something up properly in the AndroidManifest file or that this behaviour simply isn't supported in Custom Tabs.
The expectation is that if I provide an https:// redirect to my auth flow, the Custom Tab will be dismissed and the user will be redirected to the corresponding deep link when authentication completes. The actual result is the user was returned to the https:// URL in the Custom Tab, which in turn rendered the web app.
Have you set up Android App Links on your website to associate the app with the url host? That should definitely resolve the app chooser prompt, and may resolve your main issue. They can be a little tricky to get right. A couple of the nuances I didn't get at first are that you need an assetlinks.json file for the specific subdomain (you can't just put it at foo.bar and have it work for www.foo.bar, login.foo.bar, etc.), and also that the file must be accessible with no redirects.