Fix for App Link Usage in DUNA / SSO scenarios #2745
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
❌ Work item link check failed. Description does not contain AB#{ID}. Click here to Learn more. |
shahzaibj
changed the title
This was referenced Aug 26, 2025
shahzaibj
added
No-Changelog
shahzaibj
removed
the
No-Changelog
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR fixes an issue where app link redirect URIs used from within Chrome Custom Tabs (CCT) may not properly redirect to the native app when cookies are present at the IdP and there's no user interaction. The solution involves upgrading the androidx.browser library from version 1.0.0 to 1.7.0 and enabling the EXTRA_SEND_TO_EXTERNAL_DEFAULT_HANDLER flag.
Key changes:
- Upgraded androidx.browser library from 1.0.0 to 1.7.0 to access the required CCT flag
- Enabled setSendToExternalDefaultHandlerEnabled flag in CustomTabsManager to fix app link redirection
- Replaced deprecated LocalBroadcastManager with system broadcast receiver registration
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| gradle/versions.gradle | Updates androidx.browser library version from 1.0.0 to 1.7.0 |
| CustomTabsManager.java | Adds setSendToExternalDefaultHandlerEnabled(true) to fix app link redirection |
| CurrentTaskAuthorizationActivity.java | Replaces LocalBroadcastManager with system broadcast receiver and adds API level compatibility |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
...om/microsoft/identity/common/internal/providers/oauth2/CurrentTaskAuthorizationActivity.java
Outdated
Show resolved
Hide resolved
...om/microsoft/identity/common/internal/providers/oauth2/CurrentTaskAuthorizationActivity.java
Show resolved
Hide resolved
melissaahn
approved these changes
Aug 27, 2025
p3dr0rv
approved these changes
Aug 28, 2025
shahzaibj
added
the
Skip-Consumers-Check
shahzaibj
added a commit
to AzureAD/microsoft-authentication-library-for-android
that referenced
this pull request
Aug 28, 2025
shahzaibj
added a commit
to AzureAD/android-complete
that referenced
this pull request
Aug 28, 2025
shahzaibj
added a commit
that referenced
this pull request
Sep 29, 2025
…Fixes AB#3387976 (#2775) Fixes [AB#3387976](https://dev.azure.com/IdentityDivision/Engineering/_workitems/edit/3387976) The previous fix seems to have addressed the issue only partially. Previous fix: #2745 Basically what's happening is that even with that flag CCT will sometimes still launch the URL in browser and this is happening because we're setting the browser's pkg name explicitly on the intent which tells the OS that this MUST be opened in the browser. Checked CCT logs and they print something like: `Launching in browser as Browser pkg was explicitly set on the Intent` Once we remove the explicit pkg name then OS finds the best possible app on the device to handle the intent. For an app link that's the the broker hosting app.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue: When app link redirect URI is used from within CCT then CCT may not redirect to the native app to handle the redirect and instead open it directly within the browser. From experience I've seen this happen there are existing cookies present at the IdP and there is no user interaction.
Solution: Per this chromium thread, the solution is set a flag when launching CCT called as EXTRA_SEND_TO_EXTERNAL_DEFAULT_HANDLER.
That flag was actually introduced in
androidx.browserlibrary version1.7.0and we were on a very ancient version (1.0.0). So this PR updates that library version to1.7.0As a side effect of that upgrade we can no longer use LocalBroadcastManager API (it's deprecated). So I've updated that accordingly similar to what @p3dr0rv was doing earlier when he tried upgrading browser library to 1.9.0 (which we couldn't do due to requiring compile sdk 36)