30

We have a PWA written in Angular for which we use AzureAD (using ng-adal) for the login.

When we log in, a series of redirects are being made until we get back to our app (with the auth ticket). If we configure the "manifest.json" to display:browser, everything works as expected. The problem comes if we set it up as display:standalone. This way, when we install it in Android we get the look and feel of a native app (no browser chrome, splash screen,...) but the login breaks.

The effect we get is that the AzureAD page opens in a browser view (expected), but the redirection to our page is still on the browser view (with an X button in the to left corner). In this "browser view" we are authenticated, but if we use the X button, this view is closed and we go back to the PWA but remain unauthenticated.

Any idea of what might be happening?

Thanks!

Added a quick example (it's a test for another thing).

The icon at the top right corner redirects to another domain which redirects back to this page. If we add the app to an Android home screen (it does not add all the icons as I have not configured the PWA manifest completely, but the effect is view-able), we see that clicking on the icon, a web view opens to go to the first redirect but remains open for the second redirect back.

What I would expect is that the second redirect will goback to my PWA without the web-view chrome.

Pat Myron
  • 4,437
  • 2
  • 20
  • 39
Carles Company
  • 7,118
  • 5
  • 49
  • 75
  • Is the "Logged In" state reflected properly the next time you visit (or reload) the PWA in `display: standalone` mode, after you log in via the browser view? – Jeff Posnick Sep 25 '17 at 18:42
  • No, when I log in, I get redirected to azure AD in a new frame (with the browser address bar). When this frame redirects back to the main page (with the id_token in the address) I'm still in this frame instead of being caught by the first frame. – Carles Company Sep 26 '17 at 07:06
  • And what happens when you do eventually go back and reload/revisit the PWA, after explicitly closing the browser view? – Jeff Posnick Sep 26 '17 at 15:37
  • It's still non authenticated (as if it never had received the id_token). It looks like it's totally separated (the standalone app vs the "browser" secondary app). I'll try to make a small project to reproduce my problem... – Carles Company Sep 26 '17 at 20:15
  • Thanks—I'm chatting with some folks from the Chrome for Android team about whether something might have recently changed with `display: standalone` PWAs that would lead to this. Do you happen to have a public URL at which we could reproduce the behavior? – Jeff Posnick Sep 28 '17 at 13:48
  • Although—I just tested by adding https://events.google.com/io2015/ to my homescreen, which uses Google's OAuth 2 flow for sign in. The sign in and redirections back to the PWA worked. Does it work when you try that flow in your local Android environment? – Jeff Posnick Sep 28 '17 at 13:57
  • Quick test using a test site I had: https://signalrfront.azurewebsites.net/ click on the refresh button in the top right corner. It just does a redirect to another page and this other page redirects back to the first page. Obviously, I'm doing something wrong as the google I/O page works as I would expect mine to work. Thanks! – Carles Company Sep 28 '17 at 19:28
  • Hmm... even if I load the `https:` version of your test page, that button links to `http://testredi.azurewebsites.net/` What happens if you use `https:` for the redirector URL? I wonder if it's an issue involving an `http:` site redirecting to a `https:` site. – Jeff Posnick Sep 29 '17 at 13:41
  • I changed it and it still does the same. – Carles Company Sep 29 '17 at 15:21
  • Any solutions for this problem, google recently released chrome 61 in indian playstore and now it's happening here as well. Our app has redirect flow for payments. When we open payment portal in standalone app it breaks but works fine for all other cases. – kushdilip Oct 04 '17 at 06:50
  • I believe what folks have been reporting is the same thing as https://bugs.chromium.org/p/chromium/issues/detail?id=771418 Apologies for the redirection, but following up there would be the best course of action. I'll cross-reference the bug with this thread. – Jeff Posnick Oct 06 '17 at 17:33
  • Thanks Jeff. I had assumed that it was something I was doing. – Carles Company Oct 06 '17 at 18:45
  • I am getting the same thing at my PWA seed project. You can see the project at https://github.com/jvitor83/angular-pwa-seed and the demo of the PWA at https://angular-pwa-seed.netlify.com/ with the same problem of this post. – jvitor83 Oct 09 '17 at 20:15
  • I got same problem. react-2bytes-burger2.firebaseapp.com works fine in Chrome when not added as app to home screen but if added as standalone it breaks both standalone and browser version when trying to use login function (firebaseui). I can't figure out how to fix it. Anyone? – user2047485 May 10 '18 at 21:24
  • I'm having the same issue but on iOS/Safari https://stackoverflow.com/questions/53948916/oidc-and-pwa-add-to-home-screen can any one help? – Wilhelmina Lohan Jan 07 '19 at 16:00

1 Answers1

4

This is now fixed with the latest version of Chrome (r67).

Carles Company
  • 7,118
  • 5
  • 49
  • 75
  • And it's broken again in Chrome 70, as it opens a separate window to do the out-of-scope auth. – Judah Gabriel Himango Nov 07 '18 at 19:44
  • 3
    But good news, Chrome 71 (due out December 2018) will fix this for good, as the W3C spec has been updated to require browsers to allow in-app navigation for out-of-scope URLs. https://github.com/w3c/manifest/issues/449#issuecomment-435217874 – Judah Gabriel Himango Nov 07 '18 at 20:34
  • I'm having the same issue but on iOS/Safari https://stackoverflow.com/questions/53948916/oidc-and-pwa-add-to-home-screen can any one help? – Wilhelmina Lohan Jan 07 '19 at 16:01
  • Having a similar issue when picking an image from the device photo library on Chrome 79 (Android). PWA is standalone before accessing the library. Once I pick the photo (or cancel), the app switches to browser mode. I can go to fullscreen mode, but not back to standalone. This seems similar to the above issue. – GrumpyGary Dec 31 '19 at 21:07