How to perform Oauth in your Android app when relying upon Chrome Custom Tabs and an HTTPS redirect Raveesh Bhalla Follow Apr 24, 2018 · 3 min read

This is going to be a short post about a problem I had been facing for the past couple of days in a side-project of mine.

Problem

I needed to integrate Todoist’s Sync APIs in a project. To authenticate, Todoist uses standard Oauth processes. For fairly understandable reasons, Todoist requires HTTPS redirects post authentication.

Previously, I used to just use a WebView that would catch the redirection post authentication, and go ahead with the rest of the process. However, Google has for a while now forbidden signing into Google accounts in a WebView to ensure safety of their users. This forces developers to rely upon Chrome Custom Tabs, or just plain browsers as well.

This caused me a few problems:

I actually needed to host a site that Todoist redirected to From a UX perspective, I needed a way that the site redirected to the app directly

Solution

After a bit of research, it proved fairly straightforward. To host a site, I simply used Firebase Hosting. I don’t even really need to create a website — simply creating a project and enabling Hosting gives me a HTTPS URL that I can point Todoist to. We will need to a host a JSON file, which I’ll get to in a moment.

The second part is the trickier one — I need a way for the site to now communicate to the app. Essentially, I need a redirect from Chrome Custom Tabs to the Android app. For this, I relied upon Android app links. Android app links essentially allow your app to claim ownership of a URL.

The simplest way to set up App Links is using the assistant tool in Android Studio. Following the process there enabled me to fairly easily set up the required intent filter as well as the code in the activity to catch the incoming intent data.

All I needed to do now was host the generated JSON file on our Firebase project. This is fairly simple as well, since all we need to do is install the Firebase command line tool, initialize Firebase in a folder that contains the JSON file, and deploy the site. You can follow the process described here.