Doesn't work on Samsung Galaxy Note 4 (and probably Note 3)

[dg76]

Hi!

It seems that the Samsung browser ("com.sec.android.app.sbrowser") on the Galaxy Note 4 and probably also the Galaxy Note 3 does not return to the app after the user has clicked the "Allow" button in the Google login web page. Instead it just loads "www.google.com", which is the fallback if the app cannot be started as far as I know. So the app does not get any login information and cannot proceed with the authentication.

A workaround is to ignore that browser so that Google Chrome is used instead. E.g. this code has fixed the issue for me:

new AuthorizationService(this, 
    new AppAuthConfiguration.Builder()
        .setBrowserMatcher(new BrowserMatcher() {
          @Override
          public boolean matches(@NonNull BrowserDescriptor descriptor) {
            if (descriptor.useCustomTab 
                && StringUtils.equals(
                    descriptor.packageName, 
                    "com.sec.android.app.sbrowser")) {
              return false;
            }
            return true;
          }
        }).build())

However it would be good if it would work "out of the box", i.e. if the AppAuth library could handle (blacklist?) this by itself. I have found functions to blacklist certain versions of a browser in AppAuth but it seems that it doesn't blacklist any browsers by itself.

What do you think? Should AppAuth blacklist this automatically? Samsung probably won't fix these old devices any more.

Kind regards

Dominique

[iainmcgin]

I'll see if I can get a comment from Samsung on this issue; I'd rather not blacklist the browser by default unless I know for certain that it is broken and will not be fixed. Can you give me the version number of the browser?

[dg76]

It is 4.0.20-6 on the Note 4:

I haven't tested it myself on the Note 3, a user did that. But my workaround has fixed it for the Note 3, too, the user has tested it.

I am curious what Samsung will respond. Please write their response here if possible.

Additionally it seems that Google didn't turn the webview authentication method off on April 20th. Does that mean it has been postponed? So that Samsung can fix the issue before the webview authentication will be completely disabled?

Thank you very much for your quick responses!

Kind regards

Dominique

[tobyworks]

Just wanted to say i am having the same issues. Arrrghhh Samsung

[iainmcgin]

I just received a response from the Samsung engineers - there are some fixes coming in a release of SBrowser in the first or second week of May, in version 5.4.00-70. This should be available to download on older Samsung devices too. When this is released, could @dg76 or @tobybonhof test it quickly to see if it resolves the issue?

[dg76]

Ok, I will check it at the end of the second week of May and will report back afterward.

[jeremyclee]

I've also seen this issue come up on a Galaxy S6. This worked perfectly a few weeks ago, so it must have been the Samsung browser update.
The posted workaround works well

[iainmcgin]

@jeremyclee can you post the version of SBrowser you have seen this issue with? I'm trying to collect version numbers to build a "broken range" to keep samsung updated.

[jeremyclee]

@iainmcgin My SBrowser version is 4.0.10-53

[dg76]

Hi! I have tried to check today if it works fine with a new version of SBrowser. I am using Samsung's "Remote Test Lab" for this purpose, i.e. devices that are connected to the Internet by Samsung and that can be used for a limited time for testing purposes (i.e. I don't have a real Samsung device myself but Samsung provides real devices for testing purposes this way). Unfortunately it seems that Samsung hasn't updated their devices yet, at least on the "Note 4" that I have tried is still version 4.0.20-6 installed. Google Play doesn't show an update for SBrowser. The "Settings" app shows a firmware update but I am not sure if Samsung wants me to update their device with a firmware update remotely.

Ian, how did you contact the Samsung engineers? Will/can they update their devices with the new browser version?

Kind regards

Dominique

[iainmcgin]

I have some contacts at Samsung on the SBrowser team, I've been communicating with them directly. I'll ask them about their public test device infrastructure but I imagine that's not managed by the same group.

[camhart]

Any updates here? I've seen it occasionally on the Samsung Galaxy S6.

@dg76 Do you know if android devices are guaranteed to have a browser other than the samsung one? I'm concerned blacklisting it will result in no browser being available.

[dg76]

@camhart The function above does not completely blacklist the Samsung browser. It will still use it if no other browser is available.

The reason is the descriptor.useCustomTab flag. The library will first try to find a browser that supports custom tabs. Only if no such browser is found it will use browsers without custom tabs. And my function above only blacklists the Samsung browser in the search for custom tab browsers. So when searching browsers without support for custom tabs the Samsung browser will still be taken into account (but will probably nevertheless fail to work correctly).