Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Expo client cannot use expo go redirect_uri #5632

Open
artalat opened this issue Apr 3, 2024 · 6 comments
Open

bug: Expo client cannot use expo go redirect_uri #5632

artalat opened this issue Apr 3, 2024 · 6 comments
Assignees
@xiaoyijun
Labels
enhancement Make it better

Comments

@artalat
Copy link

artalat commented Apr 3, 2024

Describe the bug

Expo Go app uses "exp" scheme for uri. For example: exp://192.168.3.137:8081. But logto use validation fails for this.

Expected behavior

The client accepts such redirect_uris

How to reproduce?

Just try to set the example uri from the example given above.
@artalat artalat added the bug Something isn't working label Apr 3, 2024
@xiaoyijun
Copy link
Contributor

Hi @artalat , this is intended by Logto, since your app is a native app, you need to use a reverse domain name notation for your scheme according to the RFC when using OAuth 2.0.

@xiaoyijun xiaoyijun added wontfix This will not be worked on and removed bug Something isn't working labels Apr 4, 2024
@xiaoyijun xiaoyijun self-assigned this Apr 4, 2024
@artalat
Copy link
Author

artalat commented Apr 4, 2024
edited

Hi @xiaoyijun , thank you for your response. But this distrupts the Expo development process. As Expo's offical Expo Go app uses this scheme. In Expo, for managed workflow apps, development is done on Expo Go. So this is a problem.

Besides, if the OS is not enforcing this limitation, why should Logto?

@gao-sun gao-sun reopened this Apr 4, 2024
@gao-sun
Copy link
Member

gao-sun commented Apr 4, 2024

@xiaoyijun let's discuss this next week

@gao-sun gao-sun added enhancement Make it better and removed wontfix This will not be worked on labels Apr 9, 2024
@artalat
Copy link
Author

artalat commented Apr 15, 2024

Any update on this?

@simeng-li
Copy link
Contributor

@artalat, on which platform did you execute Expo Go? If it was iOS, you can define a custom redirect URI e.g. app.my//callback and pass it to the AuthSession instead of the default exp://XXXX one, which should unblock your development.

However, I'm afraid that this won't work on Android. Custom redirect URIs might not invoke the Expo Go app correctly on Android.

To conduct testing on Android, you'll need to build an Android package instead of relying on Expo Go, and set the custom scheme in the App.json file. This ensures everything works properly on the production packages.

The private use native client scheme is restricted by the OAuth2.0 spec.

For private-use URI scheme-based redirects, authorization servers
SHOULD enforce the requirement in Section 7.1 that clients use
schemes that are reverse domain name based. At a minimum, any
private-use URI scheme that doesn't contain a period character (".")
SHOULD be rejected.

Let me know if this helps.

@artalat
Copy link
Author

artalat commented Apr 18, 2024

@simeng-li Thanks for your detailed response, apart from the hassle this causes, my point is if the OS/platform allows setting a scheme without a ".", Logto shouldnt enforce this restriction for those specific OS/Platforms

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xiaoyijun xiaoyijun

Labels
enhancement Make it better
Milestone
No milestone
Development

No branches or pull requests
4 participants
@artalat @xiaoyijun @gao-sun @simeng-li