android: use Auth Tab instead of Custom Tabs

titanous · ThexXTURBOXx · commit 717be110cc82 · 2025-03-31T22:45:46.000+02:00
https://developer.chrome.com/docs/android/custom-tabs/guide-auth-tab
diff --git a/flutter_web_auth_2/README.md b/flutter_web_auth_2/README.md
@@ -6,7 +6,7 @@
 
 A Flutter plugin for authenticating a user with a web service, even if the web service is run by a third party. Most commonly used with OAuth2, but can be used with any web flow that can redirect to a custom scheme.
 
-In the background, this plugin uses [`ASWebAuthenticationSession`](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) on iOS 12+ and macOS 10.15+, [`SFAuthenticationSession`](https://developer.apple.com/documentation/safariservices/sfauthenticationsession) on iOS 11, [Chrome Custom Tabs](https://developer.chrome.com/docs/android/custom-tabs/) on Android and opens a new window on Web. You can build it with iOS 8+, but it is currently only supported by iOS 11 or higher.
+In the background, this plugin uses [`ASWebAuthenticationSession`](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) on iOS 12+ and macOS 10.15+, [`SFAuthenticationSession`](https://developer.apple.com/documentation/safariservices/sfauthenticationsession) on iOS 11, [Chrome Auth Tab](https://developer.chrome.com/docs/android/custom-tabs/guide-auth-tab) on Android and opens a new window on Web. You can build it with iOS 8+, but it is currently only supported by iOS 11 or higher.
 
 <!-- TODO: Replace with a nicer GIF
 | **iOS**                | **Android**                    |
@@ -88,6 +88,7 @@ final accessToken = jsonDecode(response.body)['access_token'] as String;
 
 The following constraints have been added in `5.0.0`:
 - The existing Android approach has been replaced with a new (improved) one (no migration necessary; is automatically used)
+- Android now uses Auth Tab: `httpsHost` and `httpsPath` are now required on Android if you are using a `https` in `callbackUrlScheme`
 - Dart SDK `>=3.5.0` is now required (due to migration to melos `7.x`)
 
 ### Upgrading to `4.x`
diff --git a/flutter_web_auth_2/android/build.gradle b/flutter_web_auth_2/android/build.gradle
@@ -49,7 +49,8 @@ android {
     }
 
     dependencies {
-        implementation 'androidx.browser:browser:1.8.0'
+        implementation 'androidx.browser:browser:1.9.0-alpha01'
+        implementation 'androidx.activity:activity-ktx:1.10.1'
         implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
     }
 }
diff --git a/flutter_web_auth_2/android/src/main/kotlin/com/linusu/flutter_web_auth_2/AuthenticationManagementActivity.kt b/flutter_web_auth_2/android/src/main/kotlin/com/linusu/flutter_web_auth_2/AuthenticationManagementActivity.kt
@@ -1,52 +1,98 @@
 package com.linusu.flutter_web_auth_2
 
-import android.app.Activity
 import android.content.Context
 import android.content.Intent
 import android.net.Uri
 import android.os.Build
 import android.os.Bundle
-import androidx.browser.customtabs.CustomTabsIntent
+import android.util.Log
+import androidx.activity.ComponentActivity
+import androidx.activity.result.ActivityResultLauncher
+import androidx.browser.auth.AuthTabIntent
+import androidx.browser.auth.AuthTabIntent.AuthResult
 
-class AuthenticationManagementActivity(
-) : Activity() {
+class AuthenticationManagementActivity : ComponentActivity() {
     companion object {
         const val KEY_AUTH_STARTED: String = "authStarted"
         const val KEY_AUTH_URI: String = "authUri"
         const val KEY_AUTH_OPTION_INTENT_FLAGS: String = "authOptionsIntentFlags"
         const val KEY_AUTH_OPTION_TARGET_PACKAGE: String = "authOptionsTargetPackage"
+        const val KEY_AUTH_CALLBACK_SCHEME: String = "authCallbackScheme"
+        const val KEY_AUTH_CALLBACK_HOST: String = "authCallbackHost"
+        const val KEY_AUTH_CALLBACK_PATH: String = "authCallbackPath"
 
         fun createResponseHandlingIntent(context: Context): Intent {
             val intent = Intent(context, AuthenticationManagementActivity::class.java)
             intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP or Intent.FLAG_ACTIVITY_SINGLE_TOP)
             return intent
         }
     }
+
     private var authStarted: Boolean = false
     private lateinit var authenticationUri: Uri
     private var intentFlags: Int = 0
     private var targetPackage: String? = null
+    private lateinit var callbackScheme: String
+    private var callbackHost: String? = null
+    private var callbackPath: String? = null
+
+    private lateinit var authLauncher: ActivityResultLauncher<Intent>
 
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
+
+        // Register the activity result launcher
+        authLauncher = AuthTabIntent.registerActivityResultLauncher(this, this::handleAuthResult)
+
         if (savedInstanceState == null) {
             extractState(intent.extras)
         } else {
             extractState(savedInstanceState)
         }
     }
 
+    private fun handleAuthResult(result: AuthResult) {
+        val callback = FlutterWebAuth2Plugin.callbacks[callbackScheme]
+        if (callback == null) {
+            finish()
+            return
+        }
+
+        when (result.resultCode) {
+            AuthTabIntent.RESULT_OK -> {
+                callback.success(result.resultUri!!.toString())
+            }
+            AuthTabIntent.RESULT_CANCELED -> {
+                callback.error("CANCELED", "User canceled authentication", null)
+            }
+            else -> {
+                callback.error("FAILED", "Authentication failed with code: ${result.resultCode}", null)
+            }
+        }
+
+        FlutterWebAuth2Plugin.callbacks.remove(callbackScheme)
+        finish()
+    }
+
     override fun onResume() {
         super.onResume()
 
         if (!authStarted) {
-            val intent = CustomTabsIntent.Builder().build()
+            val intent = AuthTabIntent.Builder().build()
             intent.intent.addFlags(intentFlags)
 
             if (targetPackage != null) {
                 intent.intent.setPackage(targetPackage)
             }
-            intent.launchUrl(this, authenticationUri)
+
+            if (callbackScheme == "https" && callbackHost != null && callbackPath != null) {
+                Log.d("flutter_web_auth_2", "Using https host and path: $callbackHost, $callbackPath")
+                intent.launch(authLauncher, authenticationUri, callbackHost!!, callbackPath!!)
+            } else {
+                Log.d("flutter_web_auth_2", "Using custom scheme: $callbackScheme")
+                intent.launch(authLauncher, authenticationUri, callbackScheme)
+            }
+
             authStarted = true
             return
         }
@@ -57,20 +103,18 @@ class AuthenticationManagementActivity(
         finish()
     }
 
-    override fun onNewIntent(intent: Intent?) {
-        super.onNewIntent(intent)
-        setIntent(intent);
-    }
-
     override fun onSaveInstanceState(outState: Bundle) {
         super.onSaveInstanceState(outState)
         outState.putBoolean(KEY_AUTH_STARTED, authStarted)
         outState.putParcelable(KEY_AUTH_URI, authenticationUri)
         outState.putInt(KEY_AUTH_OPTION_INTENT_FLAGS, intentFlags)
         outState.putString(
             KEY_AUTH_OPTION_TARGET_PACKAGE,
-            targetPackage
+            targetPackage,
         )
+        outState.putString(KEY_AUTH_CALLBACK_SCHEME, callbackScheme)
+        outState.putString(KEY_AUTH_CALLBACK_HOST, callbackHost)
+        outState.putString(KEY_AUTH_CALLBACK_PATH, callbackPath)
     }
 
     private fun extractState(state: Bundle?) {
@@ -87,5 +131,8 @@ class AuthenticationManagementActivity(
         } ?: throw IllegalStateException("Authentication URI is null")
         intentFlags = state.getInt(KEY_AUTH_OPTION_INTENT_FLAGS, 0)
         targetPackage = state.getString(KEY_AUTH_OPTION_TARGET_PACKAGE)
+        callbackScheme = state.getString(KEY_AUTH_CALLBACK_SCHEME)!!
+        callbackHost = state.getString(KEY_AUTH_CALLBACK_HOST)
+        callbackPath = state.getString(KEY_AUTH_CALLBACK_PATH)
     }
 }
diff --git a/flutter_web_auth_2/android/src/main/kotlin/com/linusu/flutter_web_auth_2/FlutterWebAuth2Plugin.kt b/flutter_web_auth_2/android/src/main/kotlin/com/linusu/flutter_web_auth_2/FlutterWebAuth2Plugin.kt
@@ -45,14 +45,17 @@ class FlutterWebAuth2Plugin(
         when (call.method) {
             "authenticate" -> {
                 val url = Uri.parse(call.argument("url"))
-                val callbackUrlScheme = call.argument<String>("callbackUrlScheme")!!
+                val callbackUrlScheme: String = call.argument<String>("callbackUrlScheme")!!
                 val options = call.argument<Map<String, Any>>("options")!!
 
                 callbacks[callbackUrlScheme] = resultCallback
                 activity?.startActivity(Intent(activity,AuthenticationManagementActivity::class.java).apply {
                     putExtra(AuthenticationManagementActivity.KEY_AUTH_URI,url)
                     putExtra(AuthenticationManagementActivity.KEY_AUTH_OPTION_INTENT_FLAGS, options["intentFlags"] as Int)
                     putExtra(AuthenticationManagementActivity.KEY_AUTH_OPTION_TARGET_PACKAGE, findTargetBrowserPackageName(options))
+                    putExtra(AuthenticationManagementActivity.KEY_AUTH_CALLBACK_SCHEME, callbackUrlScheme)
+                    putExtra(AuthenticationManagementActivity.KEY_AUTH_CALLBACK_HOST, options["httpsHost"] as String?)
+                    putExtra(AuthenticationManagementActivity.KEY_AUTH_CALLBACK_PATH, options["httpsPath"] as String?)
                 })
             }
 
diff --git a/flutter_web_auth_2/example/android/gradlew b/flutter_web_auth_2/example/android/gradlew
diff --git a/flutter_web_auth_2/lib/src/options.dart b/flutter_web_auth_2/lib/src/options.dart
@@ -140,20 +140,20 @@ class FlutterWebAuth2Options {
   /// described in https://github.com/ThexXTURBOXx/flutter_web_auth_2/issues/25
   final bool useWebview;
 
-  /// **Only has an effect on iOS, Linux, macOS, and Windows!**
+  /// **Only has an effect on Android, iOS, Linux, macOS, and Windows!**
   /// String specifying the **host** of the URL that the page will redirect to
   /// upon successful authentication (callback URL).
   /// When `callbackUrlScheme` is `https`, this **must** be specified on
-  /// Apple devices running iOS >= 17.4 or macOS >= 14.4.
+  /// Android and Apple devices running iOS >= 17.4 or macOS >= 14.4.
   /// On Linux and Windows, this is used when `useWebview == true` in order to
   /// compare with the host of the callback URL (no matter which scheme!).
   final String? httpsHost;
 
-  /// **Only has an effect on iOS, Linux, macOS, and Windows!**
+  /// **Only has an effect on Android, iOS, Linux, macOS, and Windows!**
   /// String specifying the **path** of the URL that the page will redirect to
   /// upon successful authentication (callback URL).
   /// When `callbackUrlScheme` is `https`, this **must** be specified on
-  /// Apple devices running iOS >= 17.4 or macOS >= 14.4.
+  /// Android and Apple devices running iOS >= 17.4 or macOS >= 14.4.
   /// On Linux and Windows, this is used when `useWebview == true` in order to
   /// compare with the path of the callback URL (no matter which scheme!).
   final String? httpsPath;

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,8 @@ android {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`dependencies {`
`52`		`- implementation 'androidx.browser:browser:1.8.0'`
	`52`	`+ implementation 'androidx.browser:browser:1.9.0-alpha01'`
	`53`	`+ implementation 'androidx.activity:activity-ktx:1.10.1'`
`53`	`54`	`implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"`
`54`	`55`	`}`
`55`	`56`	`}`