Skip to content

Replace WebView login with Chrome Custom Tabs #6694

Open
bhatganeshdarshan wants to merge 9 commits intostreetcomplete:masterfrom
bhatganeshdarshan:feature/chrome-custom-tabs-oauth
Open

Replace WebView login with Chrome Custom Tabs #6694
bhatganeshdarshan wants to merge 9 commits intostreetcomplete:masterfrom
bhatganeshdarshan:feature/chrome-custom-tabs-oauth

Conversation

@bhatganeshdarshan
Copy link
Copy Markdown

@bhatganeshdarshan bhatganeshdarshan commented Jan 17, 2026

Description

This PR replaces the previous WebView-based login flow with Chrome Custom Tabs, improving reliability and UX across browsers

Fixes #6688

Why change from webview to custom tabs

  • WebView login can break or feel inconsistent when the flow opens external pages (email verification) and then returns to the app.
  • Custom Tabs uses the system browser context (cookies/session), which is generally more reliable

What changed

  • Replaced the in-app WebView login with Chrome Custom Tabs.
  • Updated manifest queries to detect Custom Tabs providers via CustomTabsService

@bhatganeshdarshan
Fix: Redirect to OSM authorization for newly confirmed accounts
af55c72
@bhatganeshdarshan
Implement Chrome Custom Tabs for OAuth authentication flow
f4313ac 
- Replaced WebView-based OAuth with Chrome Custom Tabs for better security and user experience
- Added ChromeCustomTabLauncher to handle OAuth authorization in Chrome Custom Tabs
- Implemented OAuthCallbackHandler to capture OAuth callback deep links
- Implemented OAuthLoginCompleter to exchange authorization code for access token
- Updated MainActivity to handle OAuth callback deep links (streetcomplete://oauth)
- Modified LoginViewModel to use Chrome Custom Tabs instead of WebView
- Added androidx.browser:browser dependency for Custom Tabs support
- Configured deep link intent filter in AndroidManifest for OAuth callbacks
- Enhanced OAuth flow to properly include referer parameter for new user registrations
- Fixed issue where new users were not redirected to authorization page after email confirmation
This change improves the OAuth flow by:
1. Using Chrome Custom Tabs which shares cookies with the default browser
2. Providing better security than embedded WebViews
3. Ensuring new users see 'Continue authorization' button after email confirmation
4. Properly handling the OAuth callback with PKCE code challenge/verifier
@bhatganeshdarshan
Fix OAuth login cancel handling
7b04d2f 
- prevent Custom Tab relaunch on resume by tracking launch in ViewModel
- auto-reset login state if no OAuth callback received
- reset login state on back press from RequestingAuthorization
@bhatganeshdarshan
fix: use androidx custom tabs action in queries
3123b64
@bhatganeshdarshan
fix(oauth): clear stale grants on logout and suppress misleading toast
b4d1d39
@bhatganeshdarshan
Merge branch 'master' into feature/chrome-custom-tabs-oauth
150a970
westnordost
westnordost reviewed Jan 17, 2026
View reviewed changes
@westnordost
Copy link
Copy Markdown
Member

westnordost commented Jan 18, 2026
edited
Loading

I haven't had a closer look at the code, it looks odd though that it is so much more code than with the WebView. Did you forget to delete code you copied or something? I'd think it should be less code when just calling the external browser + handling the URL callback because there's no fiddling around with the WebView.

Also, the WebView dependency can be removed.

I also spotted some things that seem to be residue from testing, such as delay, unrelated changes and the like.

Also, isn't there an entry in the manifest missing that declares that this app handles URLs with a certain scheme?

@bhatganeshdarshan
Copy link
Copy Markdown
Author

bhatganeshdarshan commented Jan 18, 2026

I haven't had a closer look at the code, it looks odd though that it is so much more code than with the WebView. Did you forget to delete code you copied or something? I'd think it should be less code when just calling the external browser + handling the URL callback because there's no fiddling around with the WebView.

Also, the WebView dependency can be removed.

I also spotted some things that seem to be residue from testing, such as delay, unrelated changes and the like.

Also, isn't there an entry in the manifest missing that declares that this app handles URLs with a certain scheme?

with webview we had the in-app control , errors ,redirects etc , also things like if user has presesed back and exited out of webview . But when launch external browser need to handle many cases like prevent reopening the browser , oauth callback and handling cancellation ..

so the ui code has reduced but the code related to the flow has become more explicit because we no longer control the browser like webview

and for entry in manifest , looks like everything working fine .. i removed the <query> which i was using to find the browsers that support custom tabs , since we no longer using custom tabs , its of no use so i removed it ..

also delay need to be removed , rename markCustomTabLaunched to a more relevent name like markAuthUrlLaunched and some Logs .. sorry i forgot to remove ..
lmk if any other changes need to be done
thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@westnordost westnordost westnordost left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

New accounts redirect to OSM Home instead of Authorization page after email confirmation

2 participants

@bhatganeshdarshan @westnordost