skip to Main Content

Our React Native Android wellness app asks for authorization for users’ Garmin data to track their steps and fitness. Garmin uses the OAuth 1.0 protocol, so after the user authorizes our app’s access, we need to redirect back to our app to process the oauth_verifier Garmin gives us in the redirect URL. When the user clicks to grant us access, a modal pops up with two options – both options show our app name and app logo. Only clicking on the second redirect option (labeled ‘Open in a different app’) triggers React Native Linking to process the full redirect URL and complete the OAuth 1.0 handshake. Screenshot of the bug

As recently as May, this process was working as designed. Not sure precisely when the bug behavior started, as we have very few Android users who wish to link their Garmin devices to the app.

This bug initially appeared this spring, and I was able to fix it by adding a host to the intent filter tags in our AndroidManifest.xml

<!--OAuth Garmin URI Scheme-->
            <intent-filter android:exported="true">
                <!--Redirecting back to app after authorizing-->
                <data android:scheme=com.wellnessapp.auth **android:host="garmin"**/>
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />
            </intent-filter>

No other intents in the manifest use the com.wellnessapp.auth, and the only other location the string appears is in our build.gradle defaultConfig object, where manifestPlaceholders = [appAuthRedirectScheme: com.wellnessapp.auth]

2

Answers


  1. Chosen as BEST ANSWER

    After looking at the Play Console as suggested in Luís' answer, I decided to manually change the scheme from com.wellnessapp.auth://garmin to com.wellnessapp.garmin_auth:// and removing the android:host field in the hopes of disambiguating that scheme from the standard redirect scheme of com.wellnessapp.auth://. This change fixed the duplicate redirect modal bug on my Android test device.


  2. If you distribute on Google Play, a trick you can use to debug this situation is to go to the Deeplinks dashboard on the Play Console (it is an option on the side bar).

    In that page, scroll down to "Web links" and input the uri you are testing. It will show every combination of pattern matching your query; if there are more than one you know why Android is giving you two options.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search