AppAuth not closing browser in Android

Question

I am trying to get the access from singpass(https://www.singpass.gov.sg/main). I am using the following code.

private fun configAndStartActivity(){

        val jsonConfig = "{" +
                "\"issuer\":\"https://test.api.myinfo.gov.sg\"," +
                "\"authorizationEndpoint\":\"https://test.api.myinfo.gov.sg/com/v3/authorise\"," +
                "\"tokenEndpoint\":\"https://test.api.myinfo.gov.sg/com/v3/token\"" +
                "}"

        val serviceConfig = AuthorizationServiceConfiguration.fromJson(jsonConfig)

        val clientId = "MY_CLIENT_ID"
        val redirectUri = Uri.parse("https://our_redirectURL/testpath")
        val builder = AuthorizationRequest.Builder(
            serviceConfig,
            clientId,
            ResponseTypeValues.CODE,
            redirectUri
        )
        builder.setScope("openid")
        val additionalParams = mutableMapOf<String, String>()
        additionalParams["purpose"] = "resetting Login Password."
        additionalParams["attributes"] = "uinfin,name,hanyupinyinname,aliasname,hanyupinyinaliasname,marriedname,dob"
        additionalParams["redirect_uri_https_type"] = "app_claimed_https"
        builder.setAdditionalParameters(additionalParams)
        builder.setState("STATE_ID")
        val authRequest = builder.build()
        val authService = AuthorizationService(this)
        val authIntent = authService.getAuthorizationRequestIntent(authRequest)
        startActivityForResult(authIntent, 100)
    }


override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
        super.onActivityResult(requestCode, resultCode, data)
        if (requestCode == RC_AUTH) {
            val resp = AuthorizationResponse.fromIntent(data!!)
            val ex = AuthorizationException.fromIntent(data)

            if (resp != null) {
                mAuthService = AuthorizationService(this)
                mStateManager?.updateAfterAuthorization(resp, ex)

                mAuthService?.performTokenRequest(
                    resp.createTokenExchangeRequest()
                ) { resp, ex ->
                    if (resp != null) {

                        mStateManager?.updateAfterTokenResponse(resp, ex)
                        Log.d("accessToken", resp.accessToken)
                    } else {
                        // authorization failed, check ex for more details
                    }
                }
            } 
        }
    }

My manifest:

            <activity
                android:name="net.openid.appauth.RedirectUriReceiverActivity"
                tools:node="replace"
            android:exported="true">

            <intent-filter android:autoVerify="true">
                <action android:name="android.intent.action.VIEW"/>
                <category android:name="android.intent.category.DEFAULT"/>
                <category android:name="android.intent.category.BROWSABLE"/>
                <data android:scheme="https"
                    android:host="our_redirectURL"
                    android:path="/testpath/"/>
            </intent-filter>

            <intent-filter android:autoVerify="true">
                <action android:name="android.intent.action.VIEW"/>
                <category android:name="android.intent.category.DEFAULT"/>
                <category android:name="android.intent.category.BROWSABLE"/>
                <data android:scheme="https"
                    android:host="our_redirectURL"
                    android:path="/testpathnew"/>
            </intent-filter>
        </activity>

After call configAndStartActivity() method browser is opened. And able to do login process. After that I need to close the browser and come back to my app with authcode. Same code I used for google authentication is working fine. But When I try to singpass browser is not closed. Please help me on this. I am using this link for reference. In the bottom of that link we can see the video demo. I need the same in my app. Upto agree page is going and than redirect to our site url. But not closing the browser and not return back to our app.

I verified the final URL using chrome://inspect/#devices. I am getting the following url.

https://our_redirectURL/testpath/#/prelogin/99/DEEPLINK/FRGTPWD?code=xxxxxcd9805715xxxxx5387f5e5xxxxx9e6be4_ndiState_xxxxx356924xxxxx13

Answer 1

Finally found the route cause. Need to use custom scheme. The https scheme is common. If we use custom Scheme app will understand the redirecting comments. So I used custom scheme. I used com.ourapp://our_redirectURL/testpath as a redirect url. In manifest I used the following code.

<intent-filter android:autoVerify="true">
                <action android:name="android.intent.action.VIEW"/>
                <category android:name="android.intent.category.DEFAULT"/>
                <category android:name="android.intent.category.BROWSABLE"/>
                <data android:scheme="com.ourapp"
                    android:host="our_redirectURL"/>
            </intent-filter>

Now working fine.!!

Answer 2

Please refer to https://github.com/singpass/Android-Singpass-in-app-browser-login-demo, AppAuth does not close the chrome custom tab or external browser. Chrome custom tabs and external browsers just does a navigation according to the redirect_uri specified to the relevant app. It looks like the browser is closed, but actually its just navigating away.

Its a little different in the case of custom tabs compared to external web browser as custom tab is an activity in your applications stack but either way its a navigation.

If redirection back to your app is not working while using https schemed redirect_uri, it may be due to the fact Android could not verify that your application owns the redirect_uri's domain name. Refer to https://developer.android.com/training/app-links/verify-android-applinks.