Enable AppLinks in the declared intent filters #622
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lbalmaceda
commented
Apr 30, 2021
| If you plan to use Passwordless authentication with SMS or Email connections, the Callback URL you will register looks like this: | ||
|
|
||
| ``` | ||
| https://{YOUR_AUTH0_DOMAIN}/android/{YOUR_APP_PACKAGE_NAME}/sms |
There was a problem hiding this comment.
when you start a passwordless flow and ask for "android_link" this is the format of callback URL that the server will use. This is not changeable by the developer.
The server takes the domain from the Auth0 application and the Android package name from this setting:
| @@ -9,8 +9,8 @@ | |||
| <activity | |||
| android:name="com.auth0.android.provider.RedirectActivity" | |||
| tools:node="replace"> | |||
| <intent-filter> | |||
| <action android:name="android.intent.action.VIEW" /> | |||
| <intent-filter android:autoVerify="true"> | |||
There was a problem hiding this comment.
Even if inherited from the SDK declaration of this same activity, I rather am sure I'm setting it to true.
| @@ -37,21 +37,21 @@ | |||
| android:launchMode="singleTask" | |||
| android:screenOrientation="portrait" | |||
| android:theme="@style/Lock.Theme"> | |||
| <intent-filter> | |||
| <action android:name="android.intent.action.VIEW" /> | |||
| <intent-filter android:autoVerify="true"> | |||
There was a problem hiding this comment.
Same for passwordless activities, this affects LINK mode
|
|
||
| <category android:name="android.intent.category.DEFAULT" /> | ||
| <category android:name="android.intent.category.BROWSABLE" /> | ||
|
|
||
| <data | ||
| android:host="${auth0Domain}" | ||
| android:pathPrefix="/android/${applicationId}/email" | ||
| android:scheme="${auth0Scheme}" /> | ||
| android:scheme="https" /> |
There was a problem hiding this comment.
the scheme is not customizable anywhere (API nor dashboard), so there's no reason to dynamically set one.
evansims
approved these changes
May 3, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
This aligns with what the SDK does. By setting the
autoVerifyattribute to true, and only when the scheme used is "https", upon install time, the Android OS will attempt to pull the assetlinks hosted file from the Auth0 server in order to verify that the domain given in the intent-filters is owned by the developer of the android app. When this succeeds, the disambiguation dialog will not be shown, and the application will be opened directly. This only works for Android 23 and above.Having this attribute enabled for when the scheme is not "https" or when the android version is lower than 23, has no negative effect.
Sample logging in with Passwordless Link
Tested running the following command in the terminal
See #620