Cannot intercept the redirect URI

[Hasan-Jawaheri]

Hello,

I'm trying to follow the guide on how to setup the capturing of the redirect URI so I can continue my app after obtaining the code from the server. I cannot get it to work on neither Android nor iOS. Not sure what I'm doing wrong, but I cannot use a custom URI scheme so my redirect URI has to be something like "http://localhost:9876/". For example in Android, if I pass "http://localhost:9876/" as the redirect URI to authorize, and I have the following in my manifest:

<activity
        android:name="net.openid.appauth.RedirectUriReceiverActivity"
        tools:node="replace">
    <intent-filter>
        <action android:name="android.intent.action.VIEW"/>
        <category android:name="android.intent.category.DEFAULT"/>
        <category android:name="android.intent.category.BROWSABLE"/>
        <data android:scheme="http"
              android:host="localhost"
              android:port="9876"
              android:path="/"/>
    </intent-filter>
</activity>

It just tries to open the url ("http://localhost:9876/") on the same webview and nothing is actually captured. I tried without the port, I tried different paths, I can't get anything to work.

I have the exact same issue on iOS, and I don't know how to setup the URL in the plist file to capture a url without a non-http scheme.

Am I missing something? Is there a way to debug this?

Thanks.

Environment

• Your Identity Provider: Google, Dropbox, Box
• Platform that you're experiencing the issue on: iOS and Android
• Are you using Expo?: No

[bhaskardabhi-oviyum]

I think you can give

additionalParameters: {
    response_type: "token"
},

then it won't ask for HTTP schema.

[Hasan-Jawaheri]

@bhaskardabhi-oviyum Nice, this may work... But there are 2 issues:
If I do:

    const authConfig = {
      issuer: 'https://accounts.google.com',
      clientId: '...',
      clientSecret: '...',
      redirectUrl: 'safedrive://localhost/oauthredirect',
      scopes: ['https://www.googleapis.com/auth/drive'],
      additionalParameters: {
        response_type: "token",
      },
    };

It generates a URL like this: https://www.dropbox.com/oauth2/authorize?client_id=...&scope=&redirect_uri=safedrive://localhost/oauthredirect&state=fUQm9Lk95Pk3Gh3NMChSAzLddv-CGoKclDsqHW6a-MY&response_type=code&response_type=token (notice duplicatedresponse_type). This goes through on Dropbox but not google.

Another issue, after it goes through on Dropbox, after capturing the redirect the authorize call catches the following error:

Error: State mismatch, expecting fUQm9Lk95Pk3Gh3NMChSAzLddv-CGoKclDsqHW6a-MY
but got (null) in authorization response
<OIDAuthorizationResponse: 0x6000034afb10,
authorizationCode: (null), 
state: "(null)", 
accessToken: "(null)", 
accessTokenExpirationDate: (null), 
tokenType: (null), 
idToken: "(null)", 
scope: "(null)", 
additionalParameters: {
}, 
request: <OIDAuthorizationRequest: 0x600003cc6ca0, request: https://www.dropbox.com/oauth2/authorize?client_id=...&scope=&redirect_uri=safedrive://localhost/oauthredirect&state=fUQm9Lk95Pk3Gh3NMChSAzLddv-CGoKclDsqHW6a-MY&response_type=code&response_type=token>
>

[Jay-A-McBee]

👋 hey @Hasan-Jawaheri - closing this out due to lack of engagement on the issue. Feel free to open a new issue if this is still a problem.