Universal link for Oauth redirect uri

We are attempting to update our Oauth sign in process to use SFSafariViewController. For security purposes, we want to avoid using a custom url scheme for the redirect uri. We have seen others recommend using Universal Links instead, but we are having trouble getting it to work.


Assume that our website is https://test.example.com


After configuring all the necessary items, our Universal Links partially work. Tapping directly on https://test.example.com/something within an email or on a web page will open our app. For some reason, a redirect to that URL does not cause the URL to open in our app. Since Oauth utilizes redirection to a known redirect URI (which we have configured as a universal link), our Oauth process is not working.


Here's what we have done:


We have changed the redirect URI value for our oauth client to point to one of our web servers. Let's pretend that it is this:

https://test.example.com/something


We have added the associated domains entitlement to our app and included the domain for our redirect uri:

<dict>

<key>com.apple.developer.associated-domains</key>

<array>

<string>applinks:test.example.com</string>

</array>

</dict>


We have added the apple-app-site-association file on our webserver at:

https://test.example.com/apple-app-site-association


The apple-app-site-association has been configured to allow our app to access all paths:


{

"applinks": {

"apps": [],

"details": [

{

"appID": "12345ABCDE.com.foo.bar",

"paths": [ "*" ]

}

]

}

}


This has been verified with Apple's validation tool: https://search.developer.apple.com/appsearch-validation-tool/

When run against our website, it finds our apple-app-site-association and says that the Universal Links feature passed. It does flag some other things as failed, but we are only trying to use Universal Links to support oauth. Do those other failures matter if we only care about Universal Links?


We have tried these tests:

Created a page with this link on it:

https://test.example.com/something

Tapping on the above link will open our app. Long-pressing the above link pops up options to open in Safari OR open in our app.


Created a test page that redirects to https://test.example.com/something

Opening the test page in Safari loads the test page, then redirects to the other URL within Safari. It does not open the other URL in our app.


Does anyone have any idea why this does not work when redirecting to the URL? Redirecting to a uri with an auth code is a fundamental part of Oauth. I have seen several places where it is recommended to use universal links with Oauth, so it should be possible.


Thanks,

Chris

Did you find a solution to your problem? I am having the same issue.

Did you find a solution on this? It looks Universal Link only works when user taps the link, it doesn't work for oauth redirect.

Looks like have to workaround then.

Any updates on this?

I am also facing the same issue.

Hello @elcapitantest,


You could update your apple-app-site-association file where paths is set to "/something" and check if the universal links works in your case.


I was also facing a similar issue. But my issue is fixed now. Let me explain you my situation. I was trying to:


1. Open a page http://mydomain.com/do/login in SFSafariViewController

2. Click a link for google sign in.


A redirect to http://mydomain.com/do/googleoauth was not opening my app. Please note that in my apple-app-site-association the paths was set to "/do/*".


But I found out that if I host the login page in a different domain (i.e. http://logindomain.com/do/login) and open this page in SFSafariViewController it just works fine.

I think the main problem is that Universal Links doesn't work with redirects, they work only when there has been a user interaction, meaning a user tapped on a link. That's a big problem for OAuth authentication.
The only solution I can think about is on the landing page add a successful page with a link that opens the app.
Hope I'm wrong and there's a better workaround...

Universal link for Oauth redirect uri
 
 
Q