Universal links & redirect not working on certain devices

We are currently doing our beta testing for our application and we are having some issues with universal links. The issues can be seen below:

  • we are using auth0 for authentication. In this process, after users verify their email addresses they should be redirected back to the application. For some users, they are directed back to a page that shows error 404. For other users where it works, they are directed back to the application. What could be my issue?

Our app-site- association file is hosted in the link below for reference.

https://yourmomentshub.com/.well-known/apple-app-site-association

Answered by DTS Engineer in 796041022

Thanks so much for the post. The link you shared is helpful. I have just tested the link you provided, and I am sharing the result with you as a file below.

 curl -v https://yourmomentshub.com/.well-known/apple-app-site-association
* Host yourmomentshub.com:443 was resolved.
* IPv6: (none)
* IPv4: 198xxxx
*   Trying 198xxxxx
* Connected to yourmomentshub.com (198.xxxx) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=yourmomentshub.com
*  start date: Jun 15 02:31:29 2024 GMT
*  expire date: Jul 17 02:31:29 2025 GMT
*  subjectAltName: host "yourmomentshub.com" matched cert's "yourmomentshub.com"
*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://yourmomentshub.com/.well-known/apple-app-site-association
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: yourmomentshub.com]
* [HTTP/2] [1] [:path: /.well-known/apple-app-site-association]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET /.well-known/apple-app-site-association HTTP/2
> Host: yourmomentshub.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/2 200 
< last-modified: Wed, 17 Jul 2024 17:41:35 GMT
< etag: "1360a18-f1-61d74f941571b"
< accept-ranges: bytes
< content-length: 241
< vary: Accept-Encoding
< date: Thu, 18 Jul 2024 21:23:27 GMT
< server: Apache
< 
{
  "applinks": {
    "details": [
      {
        "appID": “XXXXXXXX7.com.daramfon.MomentsHub",
        "paths": [
          "/moments/*",
          "/polls/*",
          "/profile/*",
          "/verified/*"
        ]
      }
    ]
  }
}

The file seems okay and has four paths.

I would recommend going over the Tech Note to debug common issues with universal links: https://developer.apple.com/documentation/technotes/tn3155-debugging-universal-links

Refer to the Tech Note for instructions on how to verify the file's format using the command 'sudo swcutil verify.' It is a comprehensive resource that will also guide you through setting up the file correctly. Please feel free to share your file here so I can provide further recommendations and suggestions.

Also, check your server settings where you host the file to ensure that it accepts all browser requests and traffic from user-agents of the form 'AASA-Bot/*'.

I hope this helps resolve the issue!

Thanks so much for the post. The link you shared is helpful. I have just tested the link you provided, and I am sharing the result with you as a file below.

 curl -v https://yourmomentshub.com/.well-known/apple-app-site-association
* Host yourmomentshub.com:443 was resolved.
* IPv6: (none)
* IPv4: 198xxxx
*   Trying 198xxxxx
* Connected to yourmomentshub.com (198.xxxx) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=yourmomentshub.com
*  start date: Jun 15 02:31:29 2024 GMT
*  expire date: Jul 17 02:31:29 2025 GMT
*  subjectAltName: host "yourmomentshub.com" matched cert's "yourmomentshub.com"
*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://yourmomentshub.com/.well-known/apple-app-site-association
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: yourmomentshub.com]
* [HTTP/2] [1] [:path: /.well-known/apple-app-site-association]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET /.well-known/apple-app-site-association HTTP/2
> Host: yourmomentshub.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/2 200 
< last-modified: Wed, 17 Jul 2024 17:41:35 GMT
< etag: "1360a18-f1-61d74f941571b"
< accept-ranges: bytes
< content-length: 241
< vary: Accept-Encoding
< date: Thu, 18 Jul 2024 21:23:27 GMT
< server: Apache
< 
{
  "applinks": {
    "details": [
      {
        "appID": “XXXXXXXX7.com.daramfon.MomentsHub",
        "paths": [
          "/moments/*",
          "/polls/*",
          "/profile/*",
          "/verified/*"
        ]
      }
    ]
  }
}

The file seems okay and has four paths.

I would recommend going over the Tech Note to debug common issues with universal links: https://developer.apple.com/documentation/technotes/tn3155-debugging-universal-links

Refer to the Tech Note for instructions on how to verify the file's format using the command 'sudo swcutil verify.' It is a comprehensive resource that will also guide you through setting up the file correctly. Please feel free to share your file here so I can provide further recommendations and suggestions.

Also, check your server settings where you host the file to ensure that it accepts all browser requests and traffic from user-agents of the form 'AASA-Bot/*'.

I hope this helps resolve the issue!

Hello @DTS Engineer ,

I still run into the same issue. I also checked my server settings to ensure that it accepts all browser requests and traffic from user-agents curl -I -A "AASA-Bot/1.0" https://yourmomentshub.com/.well-known/apple-app-site-association. I am not quite sure what the issue could be anymore. I did some surfing and learned that maybe I need to switch the AASA file to the newer format and I did that as well.

I have gone through all the steps in the tech note and I think I have exhausted all my options at this point. My application is heavily dependent on universal linking, any guidance will be appreciated. Thank you!

More logs to explain the intermittent issue. These two calls are between 3 seconds.

daramfon@MacBook-Pro-4 MomentsHub % curl -v https://app-site-association.cdn-apple.com/a/v1/yourmomentshub.com
* Host app-site-association.cdn-apple.com:443 was resolved.
* IPv6: (none)
* IPv4: 17.253.27.203, 17.253.13.135, 17.253.7.146, 17.253.97.202, 17.253.7.154, 17.253.13.137, 17.253.97.205, 17.253.27.198
*   Trying 17.253.27.203:443...
* Connected to app-site-association.cdn-apple.com (17.253.27.203) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=California; O=Apple Inc.; CN=app-site-association.cdn-apple.com
*  start date: Jul 16 18:07:31 2024 GMT
*  expire date: Oct 14 18:17:31 2024 GMT
*  subjectAltName: host "app-site-association.cdn-apple.com" matched cert's "app-site-association.cdn-apple.com"
*  issuer: CN=Apple Public Server ECC CA 12 - G1; O=Apple Inc.; ST=California; C=US
*  SSL certificate verify ok.
* using HTTP/1.x
> GET /a/v1/yourmomentshub.com HTTP/1.1
> Host: app-site-association.cdn-apple.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Apple-Failure-Details: {"cause":"read tcp 172.31.150.237:46444-\u003e198.12.247.28:443: read: connection reset by peer"}
< Apple-Failure-Reason: SWCERR00305 Network error
< Apple-From: https://yourmomentshub.com/.well-known/apple-app-site-association
< Apple-Try-Direct: false
< Cache-Control: max-age=3600,public
< Content-Length: 10
< Content-Type: text/plain; charset=utf-8
< Date: Tue, 23 Jul 2024 17:09:02 GMT
< Age: 727
< Via: https/1.1 uschi7-3p-pst-006.ts.apple.com (acdn/252.14441), http/1.1 uschi7-3p-pac-006.ts.apple.com (acdn/252.14441), https/1.1 uschi7-3p-pfe-001.ts.apple.com (acdn/252.14441), http/1.1 uschi5-edge-lx-001.ts.apple.com (acdn/252.14441), https/1.1 uschi5-edge-bx-021.ts.apple.com (acdn/252.14441)
< X-Cache: hit-stale, hit-fresh, miss, hit-fresh, hit-stale
< CDNUUID: d962cde9-ed20-4314-801f-9fa2396a5e8a-2171469140
< Expires: Tue, 23 Jul 2024 17:09:12 GMT
< Connection: keep-alive
< 
Not Found
* Connection #0 to host app-site-association.cdn-apple.com left intact
daramfon@MacBook-Pro-4 MomentsHub % curl -v https://app-site-association.cdn-apple.com/a/v1/yourmomentshub.com
* Host app-site-association.cdn-apple.com:443 was resolved.
* IPv6: (none)
* IPv4: 17.253.97.202, 17.253.13.135, 17.253.7.146, 17.253.97.205, 17.253.13.137, 17.253.7.154, 17.253.27.203, 17.253.27.198
*   Trying 17.253.97.202:443...
* Connected to app-site-association.cdn-apple.com (17.253.97.202) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=California; O=Apple Inc.; CN=app-site-association.cdn-apple.com
*  start date: Jul 16 18:07:31 2024 GMT
*  expire date: Oct 14 18:17:31 2024 GMT
*  subjectAltName: host "app-site-association.cdn-apple.com" matched cert's "app-site-association.cdn-apple.com"
*  issuer: CN=Apple Public Server ECC CA 12 - G1; O=Apple Inc.; ST=California; C=US
*  SSL certificate verify ok.
* using HTTP/1.x
> GET /a/v1/yourmomentshub.com HTTP/1.1
> Host: app-site-association.cdn-apple.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Apple-From: https://yourmomentshub.com/.well-known/apple-app-site-association
< Apple-Origin-Format: json
< Cache-Control: max-age=21600,public
< Content-Length: 861
< Content-Type: application/json
< Date: Tue, 23 Jul 2024 16:19:23 GMT
< Age: 3708
< Via: https/1.1 usqas4-vp-vst-002.ts.apple.com (acdn/252.14441), https/1.1 usqas4-vp-vfe-006.ts.apple.com (acdn/252.14441), http/1.1 usewr1-edge-lx-011.ts.apple.com (acdn/252.14441), http/1.1 usewr1-edge-bx-006.ts.apple.com (acdn/252.14441)
< X-Cache: hit-stale, miss, hit-fresh, hit-fresh
< CDNUUID: 80ba6fd1-82da-403f-bbc1-aa99da486fac-14511833217
< Connection: keep-alive
< 
{
  "applinks": {
    "details": [
      {
        "appIDs": [ "9BEUBEN9L7.com.daramfon.MomentsHub" ],
        "components": [
          {
            "/": "/moments/*",
            "comment": "Matches any URL with a path that starts with /moments/."
          },
          {
            "/": "/polls/*",
            "comment": "Matches any URL with a path that starts with /polls/."
          },
          {
            "/": "/profile/*",
            "comment": "Matches any URL with a path that starts with /profile/."
          },
          {
            "/": "/verified/*",
            "comment": "Matches any URL with a path that starts with /verified/."
          }
        ]
      }
    ]
  },
  "webcredentials": {
    "apps": [ "9BEUBEN9L7.com.daramfon.MomentsHub" ]
  },
  "appclips": {
    "apps": [ "9BEUBEN9L7.com.daramfon.MomentsHub.Clip" ]
  }
}
* Connection #0 to host app-site-association.cdn-apple.com left intact

Hello,

I have the following JSON file configured:

"components": [
  {
    "/": "/auth-redirect",
    "?": {
      "redirectPath": "/manage/manage/*/orders/*",
      "utm_campaign": "envoy_alteqpdue"
    },
    "comment": "Matches a URL with a path that starts with /redirectPath/ and that has query items with redirectPath 'manage/manage//orders/' and utm_campaign 'envoy_alteqpdu'."
  },
  {
    "/": "/manage/manage/*/orders/*",
    "?": {
      "utm_campaign": "envoy_alteqpdue"
    },
    "comment": "Matches a URL with a path that starts with /manage/manage/ and that has query item with utm_campaign 'envoy_alteqpdu'."
  }
]

I have links that are redirected from urldefense.

Original link:

https://urldefense.com/v3/__http:/click.marketing.unitedrentals.com/?qs=c456a126d7099a5eb17f96a0d4305fd74ab1c6e26e42d3699c71a55d4e9355d90add8e124db70cf96bb57f73c8f26ee08f8926352e7247d72bd3a456b1c72874__;!!IfJP2Nwhk5Z0yJ43lA!N8EQu3nW2GmYc3N0R7K0J7p5OjcM_LnLaTHCqNXR3Ci2YY_KoSrj3ZQBzSRRA3L_7A0zakao9nD6QEz48GKpOFNgcATSFA$

The link to which I am redirected (the following link does not work, probably due to encoding):

https://stage.unitedrentals.com/auth-redirect?redirectPath=%2Fmanage%2Fmanage%2F1262244%2Forders%2F175272349%3Futm_source%3Dsfmc%26utm_medium%3Demail%26utm_campaign%3Denvoy_alteqpdue

The URL that works correctly after decoding:

https://stage.unitedrentals.com/auth-redirect?redirectPath=/manage/manage/1262244/orders/175272349?utm_source=sfmc&utm_medium=email&utm_campaign=envoy_alteqpdue

My question is: how should I prepare the JSON file so that my URLs start working with encoded url?

Is it correct to have multiple query parameters in a single component?

FilipGru,

There are many steps to register a universal link to ensure it works and opens the app that registered it. To verify that everything is set up well, we have a Tech Note that goes over each step in detail. Could you please provide me with your AASA file link and the settings in Xcode where you register the app links?

Please verify the format of your AASA file. It should contain either an array of appIDs or an array of components. To learn how to verify your AASA file format and find a sample recommended format, refer to this guide: https://developer.apple.com/documentation/technotes/tn3155-debugging-universal-links

Let me know.

I have configured the JSON file as well as the Xcode project. The file is publicly available, and I have omitted the appId and the rest of the JSON file for the purposes of this post. Here, I am concerned with a specific case where we have a urldefense that redirects to "https://stage.unitedrentals.com/auth-redirect?redirectPath=%2Fmanage%2Fmanage%2F1262244%2Forders%2F175272349%3Futm_source%3Dsfmc%26utm_medium%3Demail%26utm_campaign%3Denvoy_alteqpdue". As you can see, it contains PercentEncoding.

As you can see in the JSON, there is a path "/" : "/manage/manage//orders/", and a query:

"?" : {
    "utm_campaign": "envoy_alteqpdue"
},

This case works correctly, and I have no questions about it.

I'm asking specifically about this component:

"/": "/auth-redirect",
"?": { 
    "redirectPath": "/manage/manage/*/orders/*",
    "utm_campaign": "envoy_alteqpdue"
},

As you can see in the link, there is a "?" after auth-redirect and a "%3F" before utm. Should I understand that everything after auth-redirect? is treated as a single query?

I want to ensure that the app opens a link that has auth-redirect to manage/manage*/orders*/ along with an additional specific query parameter "utm_campaign": "envoy_alteqpdue"

Universal links &amp; redirect not working on certain devices
 
 
Q