Fix ephemeral intent flags on Android (#180)

ApofisXII · web-flow · commit 80e4f364fb4e · 2025-10-03T22:54:05.000+02:00
* Fix ephemeral intent flags on Android

- Update androidx.browser dependency to stable 1.9.0
- Implement setEphemeralBrowsingEnabled() for ephemeral browsing
- Add proper preferEphemeral option handling in AuthTab intent
- Fixes issue where credentials were remembered despite ephemeral flags

* fix ephemeral intent flags on Android

* Revert minSdk change in example app

* fix chrome crash

* fix chrome

* Readme + documentation update
diff --git a/flutter_web_auth_2/README.md b/flutter_web_auth_2/README.md
@@ -80,7 +80,9 @@ final response = await http.post(url, body: {
 final accessToken = jsonDecode(response.body)['access_token'] as String;
 ```
 
-**Note:** To use multiple scopes with Google, you need to encode them as a single string, separated by spaces (`%20`). For example, `scope: 'email https://www.googleapis.com/auth/userinfo.profile'`. Here is [a list of all supported scopes](https://developers.google.com/identity/protocols/oauth2/scopes).
+**Note (Google multiple scopes):** To use multiple scopes with Google, you need to encode them as a single string, separated by spaces (`%20`). For example, `scope: 'email https://www.googleapis.com/auth/userinfo.profile'`. Here is [a list of all supported scopes](https://developers.google.com/identity/protocols/oauth2/scopes).
+
+**Note (ephemeral auth):** Due to a [knownw Chrome bug](https://issuetracker.google.com/issues/444173718), when setting `preferEphemeral: true` on Android, the webview will crash on older Chrome version (minimum version required is [Chrome 141](https://developer.chrome.com/release-notes/141?hl=en)).
 
 ## Migration
 
diff --git a/flutter_web_auth_2/android/build.gradle b/flutter_web_auth_2/android/build.gradle
@@ -49,7 +49,7 @@ android {
     }
 
     dependencies {
-        implementation 'androidx.browser:browser:1.9.0-alpha01'
+        implementation 'androidx.browser:browser:1.9.0'
         implementation 'androidx.activity:activity-ktx:1.10.1'
         implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
     }
diff --git a/flutter_web_auth_2/android/src/main/kotlin/com/linusu/flutter_web_auth_2/AuthenticationManagementActivity.kt b/flutter_web_auth_2/android/src/main/kotlin/com/linusu/flutter_web_auth_2/AuthenticationManagementActivity.kt
@@ -17,6 +17,7 @@ class AuthenticationManagementActivity : ComponentActivity() {
         const val KEY_AUTH_URI: String = "authUri"
         const val KEY_AUTH_OPTION_INTENT_FLAGS: String = "authOptionsIntentFlags"
         const val KEY_AUTH_OPTION_TARGET_PACKAGE: String = "authOptionsTargetPackage"
+        const val KEY_AUTH_OPTION_PREFER_EPHEMERAL: String = "authOptionsPreferEphemeral"
         const val KEY_AUTH_CALLBACK_SCHEME: String = "authCallbackScheme"
         const val KEY_AUTH_CALLBACK_HOST: String = "authCallbackHost"
         const val KEY_AUTH_CALLBACK_PATH: String = "authCallbackPath"
@@ -32,6 +33,7 @@ class AuthenticationManagementActivity : ComponentActivity() {
     private lateinit var authenticationUri: Uri
     private var intentFlags: Int = 0
     private var targetPackage: String? = null
+    private var preferEphemeral: Boolean = false
     private lateinit var callbackScheme: String
     private var callbackHost: String? = null
     private var callbackPath: String? = null
@@ -78,7 +80,20 @@ class AuthenticationManagementActivity : ComponentActivity() {
         super.onResume()
 
         if (!authStarted) {
-            val intent = AuthTabIntent.Builder().build()
+            val intentBuilder = AuthTabIntent.Builder()
+
+            // Set ephemeral browsing if requested and supported
+            if (preferEphemeral) {
+                try {
+                    intentBuilder.setEphemeralBrowsingEnabled(true)
+                    Log.d("flutter_web_auth_2", "Ephemeral browsing enabled")
+                } catch (e: Exception) {
+                    Log.w("flutter_web_auth_2", "Failed to enable ephemeral browsing: ${e.message}")
+                }
+            }
+
+            val intent = intentBuilder.build()
+
             intent.intent.addFlags(intentFlags)
 
             if (targetPackage != null) {
@@ -112,6 +127,7 @@ class AuthenticationManagementActivity : ComponentActivity() {
             KEY_AUTH_OPTION_TARGET_PACKAGE,
             targetPackage,
         )
+        outState.putBoolean(KEY_AUTH_OPTION_PREFER_EPHEMERAL, preferEphemeral)
         outState.putString(KEY_AUTH_CALLBACK_SCHEME, callbackScheme)
         outState.putString(KEY_AUTH_CALLBACK_HOST, callbackHost)
         outState.putString(KEY_AUTH_CALLBACK_PATH, callbackPath)
@@ -131,6 +147,7 @@ class AuthenticationManagementActivity : ComponentActivity() {
         } ?: throw IllegalStateException("Authentication URI is null")
         intentFlags = state.getInt(KEY_AUTH_OPTION_INTENT_FLAGS, 0)
         targetPackage = state.getString(KEY_AUTH_OPTION_TARGET_PACKAGE)
+        preferEphemeral = state.getBoolean(KEY_AUTH_OPTION_PREFER_EPHEMERAL, false)
         callbackScheme = state.getString(KEY_AUTH_CALLBACK_SCHEME)!!
         callbackHost = state.getString(KEY_AUTH_CALLBACK_HOST)
         callbackPath = state.getString(KEY_AUTH_CALLBACK_PATH)
diff --git a/flutter_web_auth_2/android/src/main/kotlin/com/linusu/flutter_web_auth_2/FlutterWebAuth2Plugin.kt b/flutter_web_auth_2/android/src/main/kotlin/com/linusu/flutter_web_auth_2/FlutterWebAuth2Plugin.kt
@@ -56,6 +56,7 @@ class FlutterWebAuth2Plugin(
                     putExtra(AuthenticationManagementActivity.KEY_AUTH_CALLBACK_SCHEME, callbackUrlScheme)
                     putExtra(AuthenticationManagementActivity.KEY_AUTH_CALLBACK_HOST, options["httpsHost"] as String?)
                     putExtra(AuthenticationManagementActivity.KEY_AUTH_CALLBACK_PATH, options["httpsPath"] as String?)
+                    putExtra(AuthenticationManagementActivity.KEY_AUTH_OPTION_PREFER_EPHEMERAL, options["preferEphemeral"] as Boolean? ?: false)
                 })
             }
 
diff --git a/flutter_web_auth_2/lib/src/options.dart b/flutter_web_auth_2/lib/src/options.dart
@@ -85,10 +85,10 @@ class FlutterWebAuth2Options {
           customTabsPackageOrder: json['customTabsPackageOrder'],
         );
 
-  /// **Only has an effect on iOS and macOS!**
+  /// **Only has an effect on iOS, Android and macOS!**
   /// If this is `true`, an ephemeral web browser session
   /// will be used where possible (`prefersEphemeralWebBrowserSession`).
-  /// For Android devices, see [intentFlags].
+  /// For Android devices (for supporting older Chrome than 141) alternatively you can see [intentFlags].
   final bool preferEphemeral;
 
   /// **Only has an effect on Web!**

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ android {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`dependencies {`
`52`		`- implementation 'androidx.browser:browser:1.9.0-alpha01'`
	`52`	`+ implementation 'androidx.browser:browser:1.9.0'`
`53`	`53`	`implementation 'androidx.activity:activity-ktx:1.10.1'`
`54`	`54`	`implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"`
`55`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,7 @@ class FlutterWebAuth2Plugin(`
`56`	`56`	`putExtra(AuthenticationManagementActivity.KEY_AUTH_CALLBACK_SCHEME, callbackUrlScheme)`
`57`	`57`	`putExtra(AuthenticationManagementActivity.KEY_AUTH_CALLBACK_HOST, options["httpsHost"] as String?)`
`58`	`58`	`putExtra(AuthenticationManagementActivity.KEY_AUTH_CALLBACK_PATH, options["httpsPath"] as String?)`
	`59`	`+ putExtra(AuthenticationManagementActivity.KEY_AUTH_OPTION_PREFER_EPHEMERAL, options["preferEphemeral"] as Boolean? ?: false)`
`59`	`60`	`})`
`60`	`61`	`}`
`61`	`62`