Skip to content

Improve the callback uri format and customization. #4664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 5, 2025
Merged

Improve the callback uri format and customization. #4664

merged 2 commits into from
May 5, 2025

Conversation

bmarty
Copy link
Member

@bmarty bmarty commented Apr 30, 2025
edited
Loading

Content

The PR aims to improve how the redirection is handled during a OIDC authentication, to filter between different installed applications, by providing a different scheme for all the different version (debug/nightly/release)

Current version:
image

New version:

image

This is for the debug version.

For the prod version, the text will be: "Element X at io.element.android:/ wants to access your account."
For the nightly version, the text will be: "Element X nightly at io.element.android.nightly:/ wants to access your account."

This will have the effect to avoid this screen to be displayed when the user clicks on "Continue":
image

Note:

  • this is probably solving a problem only for developers and advanced users.
  • this will help Mas to distinguish between the client. Element desktop uses io.element.desktop for instance (see Support build-time specified protocol scheme for oidc callback element-desktop#2285)
  • it should also solve the problem if both Element Pro and Element X are installed, since we are using the scheme io.element for Element Pro. The scheme io.element.debug will be for Element Pro debug, and the scheme io.element.nightly will be for Element Pro nightly.

Motivation and context

Better UI from a user POV.

Screenshots / GIFs

Tests

  • Login to matrix.org or any OIDC homeserver and observe that the user story is more straight forward.

Tested devices

  • Physical
  • Emulator
  • OS version(s):

Checklist

  • Changes have been tested on an Android device or Android emulator with API 24
  • UI change has been tested on both light and dark themes
  • Accessibility has been taken into account. See https://github.com/element-hq/element-x-android/blob/develop/CONTRIBUTING.md#accessibility
  • Pull request is based on the develop branch
  • Pull request title will be used in the release note, it clearly define what will change for the user
  • Pull request includes screenshots or videos if containing UI changes
  • You've made a self review of your PR

@bmarty bmarty requested a review from a team as a code owner April 30, 2025 09:19
@bmarty bmarty requested review from ganfra and removed request for a team April 30, 2025 09:19
@bmarty bmarty added the PR-Misc For other changes label Apr 30, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 30, 2025
edited
Loading

📱 Scan the QR code below to install the build (arm64 only) for this PR.
QR code
If you can't scan the QR code you can install the build via this link: https://i.diawi.com/MkZGxe

@bmarty
Copy link
Member Author

bmarty commented Apr 30, 2025

@sandhose told me that the spec says you should not have a hostname in native callbacks.

So we may use io.element.[identifier]:/callback instead. I am updating the PR.

@bmarty bmarty marked this pull request as draft April 30, 2025 09:43
@pixlwave
Copy link
Member

So we may use io.element.[identifier]:/callback instead. I am updating the PR.

Will this essentially match [applicationID]:/callback? If it does, then maybe using applicationID directly would also help with the Element Pro/Element X issue (but remembering to still honour the enterprise override if it has been set).

@bmarty
Copy link
Member Author

bmarty commented Apr 30, 2025

So we may use io.element.[identifier]:/callback instead. I am updating the PR.

Will this essentially match [applicationID]:/callback? If it does, then maybe using applicationID directly would also help with the Element Pro/Element X issue (but remembering to still honour the enterprise override if it has been set).

Good point. I guess I can use io.element.application for Element X, and so Element Pro will use io.element.
The problem with the applicationId is that it is io.element.android.x and I believe that at some point the x should vanish, at least from a marketing POV, the applicationId cannot be changed.

@codecov Codecov
Copy link

codecov bot commented Apr 30, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.01%. Comparing base (baa9f01) to head (837b566).
Report is 15 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #4664   +/-   ##
========================================
  Coverage    80.01%   80.01%           
========================================
  Files         2107     2109    +2     
  Lines        55838    55847    +9     
  Branches      6972     6972           
========================================
+ Hits         44678    44688   +10     
+ Misses        8765     8764    -1     
  Partials      2395     2395

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@bmarty bmarty force-pushed the feature/bma/callbackPath branch from fbbe59f to e1ccdc2 Compare April 30, 2025 12:50
@bmarty
Improve the callback uri format and customization.
837b566 
Use io.element.android for the scheme of Oidc redirection for Element X.
For nightly the scheme will be io.element.android.nightly
For debug the scheme will be  io.element.android.debug

Element Pro is using `io.element`
@bmarty bmarty force-pushed the feature/bma/callbackPath branch from e1ccdc2 to 837b566 Compare April 30, 2025 13:01
@bmarty bmarty marked this pull request as ready for review April 30, 2025 13:15
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ElementBot
Copy link
Collaborator

Warnings
⚠️

app/src/main/AndroidManifest.xml#L88 - This intent filter has the format of an Android App Link but is missing the autoVerify attribute; add android:autoVerify="true" to ensure your domain will be validated and enable App Link-related Lint warnings. If you do not want clicked URLs to bring the user to your app, remove the android.intent.category.BROWSABLE category, or set android:autoVerify="false" to make it clear this is not intended to be an Android App Link.

Generated by 🚫 dangerJS against 837b566

@bmarty
Copy link
Member Author

bmarty commented May 5, 2025

Update:

  • Element X Android will use io.element.android as a base for Oidc Url redirect scheme.
  • Element Pro Android will use io.element.android.pro as a base for Oidc Url redirect scheme.

@bmarty bmarty merged commit c61ee59 into develop May 5, 2025
34 checks passed
@bmarty bmarty deleted the feature/bma/callbackPath branch May 5, 2025 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ganfra ganfra ganfra approved these changes

Assignees
No one assigned
Labels
PR-Misc For other changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bmarty @pixlwave @ElementBot @ganfra