mobile origin url
-
Is this still an open item of concern for you? I can review it further if need be.
If you believe it to be a bug you can also log a bug request
(https://github.com/FusionAuth/fusionauth-issues/issues/new/choose)Thanks,
Josh -
-
Thanks for filing this.
Can you provide a few more details (on the bug or here) to talk about why you need to set the origin URL in your mobile app?
Typically you need to set the Authorized redirect URL, but this tutorial, for example, doesn't set the origin URL: https://fusionauth.io/blog/2020/08/19/securing-react-native-with-oauth/
From https://fusionauth.io/docs/v1/tech/core-concepts/applications/
This optional configuration allows you to restrict the origin of an OAuth2 / OpenID Connect grant request. If no origins are registered for this Application, all origins are allowed.
By default FusionAuth will add the X-Frame-Options: DENY HTTP response header to the login pages to keep these pages from being rendered in an iframe. If the request comes from an authorized origin, however, FusionAuth will not add this header to the response. To load FusionAuth hosted login pages in an iframe, you will need to add the request origin to this configuration
-
Authorised redirect URL config has no issues.
I added "https://example.com" as authorise origin url for security. Then I noticed traffic from android app is getting blocked with
"android-app://com.example" is not authorised origin
-
Where are you seeing that error message? Can you please provide repro steps?
Thanks!
-
I provided steps to reproduce in the github issue : https://github.com/FusionAuth/fusionauth-issues/issues/1443
-
Thanks, I saw the steps to reproduce in the administrative user interface.
I am sorry for being unclear. I was looking for steps to reproduce in the android application.
In particular, I'm unsure where/how you are seeing this behavior:
Then I noticed traffic from android app is getting blocked with
It sounds like:
- you have an application in FusionAuth.
- It was working fine with both a mobile app and a web application
- You then added
https://example.comto the application config's authorized origin URL. - The web application continues to work fine
- The android application now has issues
Is that correct? Or am I missing something?
If it is correct, I want to know more about those issues.
Are you:
- getting error messages
- being prevented from logging in using the android app
- some other behavior
Also, is the android app a webview of the hosted login pages?
Thanks.
-
Yes, that's correct.
In android app, we are using oidc react-native library.
The screen gets stuck after clicking login button.
Expected : Open fusionauth login page in in-app browser
Actual:
There is an error message
[Error: Invalid origin uri android-app://com.example/] -
Hi @harish_reddy ,
I didn't want this to get lost (I don't check the forum every day) so asked our support team to open a ticket.
Thanks!
-
Can you provide a few more details (on the bug or here) to talk about why you need to set the origin URL in your mobile app?
-
@alickabrook1 said in mobile origin url:
Can you provide a few more details (on the bug or here) to talk about why you need to set the origin URL in your mobile app?
I didn't want this to get lost (I don't check the forum every day) so asked our support team to open a ticket.
-
@alickabrook1
I was not setting origin URL in mobile app.I was setting it in fusionauth config.
Shared screenshot in https://github.com/FusionAuth/fusionauth-issues/issues/1443
