Nougat API 25 blocks Chrome redirects without user input now. When trying to implement OAuth flows for Twitter on Android, Chrome for API 25 and above now disallows redirects. This is especially problematic for third-party applications that want to implement OAuth flow with the Twitter API.
To repro:
- Sign-out of Twitter, clear browser.
- Initiate an OAuth flow to Twitter on Android 7.0 (with Chrome, not Firefox) using this project
- Sign-in to Twitter (for the first time, logged-in users have no problem)
- Redirect fails to happen (custom schemes such as oauth:// in Android and general http://-based links)
Here is the relevant documentation:
“The functionality has changed slightly in Chrome for Android, versions 25 and later…navigating… to a URI with a custom scheme such as paulsawesomeapp:// will not work even if the user has the appropriate app installed. Instead, you should implement a user gesture to launch the app via a custom scheme, or use the “intent:” syntax described in this article.”
I tried using intent:// as well but Chrome is blocking even intent:// links:
chromium: [INFO:CONSOLE(0)] “Navigation is blocked: intent://?oauth_token=ABCD123456&oauth_verifier=sHGGeYyAFUX3lYX2c5aG4qZUznWEMzyY#Intent;action=android.intent.action.VIEW;scheme=oauth;package=com.codepath.apps.restclienttemplate;end”, source: https://api.twitter.com/oauth/authorize (0)
05-08 04:39:48.164 8314 8340 E chromium: [ERROR:gles2_cmd_decoder.cc(2475)] [.RenderWorker-0xd42
The solution appears to be that the Twitter redirects on OAuth when Android is detected may need to prompt the user to redirect before happening:
"And Chrome doesn’t launch an external app for a given Intent URI in the following cases.
- When the Intent URI is redirected from a typed in URL.
- When the Intent URI is initiated without user gesture."
Same discussion here:
